DETAILED ACTION
In a communication received on 6 April 2026, the applicants amended claims 63, 77, and 80.
Claims 63-80 and 82-83 are pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 63, 77, and 80 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 63-67, 72, 73, 77, 80, 82, 83 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. (US 2021/0392146 A1) in view of Pilkington et al. (US 2019/0044969 A1) and Jacobsen et al. (US 2017/0353500 A1), and further in view of Singh et al. (US 2014/0279641 A1).
With respect to claim 63, Lin discloses: a computer-implemented method of providing security services for an enterprise (i.e., utilizing a combination of models to perform user and entity behavior analysis in Lin, ¶0004), comprising:
computing, for the enterprise, a quantitative user-centric security posture (i.e., risk scores for users, groups, companies to identify users or situations in Lin, ¶0021),
wherein computing the quantitative user-centric security posture comprises calculating, for a plurality of enterprise users, respective quantitative user risk profiles (i.e., scoring a user and behavior based on grouping, behavior, and an orchestration model to result in a security action based on the score in Lin, ¶0088).
Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses:
calculating the quantitative user-centric security posture based on an aggregate of the respective quantitative user risk profiles (i.e., defines populations of individual entities, calculates the individual risk scores of entities and normalizes them to achieve a sensitivity for fewer by higher risk entities corresponding to an aggregate statistic of risk; "The aggregate risk score represents a security risk the particular selected population presents to the organization (420)." in Pilkington, ¶0061), and
recommending actionable remediation measures for the displayed devices and user. (i.e., advising an administrator over a communication medium of a risk threshold being exceeded, various remedial actions such as monitoring via deploying software depending on severity are suggested; system disabling accounts or devices; although computer assisted or automated, it suggests that these actions can correspond to notifications via an administrator to perform them in Pilkington, ¶0015, ¶0018, ¶0056).
Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise.
Lin discloses quantifies the risk of the user based on the user's function producing an insight, risk score, actionable item (¶0068). Lin and Pilkington do(es) not explicitly disclose the following. Jacobsen, in order to ensure compliance of mobile devices managed by the enterprise policies by admins can recommend remediation to users and/or automate remediation (¶0086), discloses:
displaying a graphical dashboard that includes a display of all devices and users of the enterprise that currently require remedial attention (dashboard report including a custom report listing of devices with corresponding device user without disk encryption, passcodes, rooted, jail broken, or wiped; devices selectable from a list by admin in Jacobsen, ¶0061, ¶0136, ¶0139).
Based on Lin in view of Pilkington, and further in view of Jacobsen, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Jacobsen to improve upon those of Lin in order to ensure compliance of mobile devices managed by the enterprise policies by admins can recommend remediation to users and/or automate remediation.
Lin discloses quantifies the risk of the user based on the user's function producing an insight, risk score, actionable item (¶0068). Lin, Pilkington, and Jacobsen do(es) not explicitly disclose the following. Singh, in order to improve enterprise security by tracking and calculating risk of assets and entities (abstract), discloses:
according to a weighted sum of numeric representations (i.e., configurable numeric risk points/scores are assigned to contributing factors/rules and summed to calculate the entity/user risk score in Singh, ¶0074; ¶0199; ¶0210),
including, for a user, a user role score to represent the user's role in the enterprise (i.e., role is an explicit risk parameter/contributing factor, with user roles assigned risk/sensitivity levels and corresponding score points. in Singh, ¶0081; ¶0154),
a user role sensitivity score to represent sensitivity of the user's role in the enterprise (i.e., risk/sensitivity levels with roles and sensitive systems/entitlements as a numeric role-sensitivity score in Singh, ¶0081; ¶0087),
a user privilege score to represent the user's privilege level in the enterprise (i.e., user access, entitlements, and security permissions are scored with corresponding points, representing the user's privilege/access level. in Singh, ¶0052; ¶0080; ¶0081),
a user behavior score to quantify a user behavior profile (i.e., behavior/usage/anomaly data are captured and contribute numeric points to an identity risk score in Singh, ¶0035; ¶0046; ¶0088;¶0110), and
a digital assets score to represent digital assets assigned to the user and owned by the enterprise (i.e., asset/system-level resources, sensitive digital systems, and entitlements are scored as risk factors associated with the user in Singh, ¶0003; ¶0081; ¶0087).
Based on Lin in view of Pilkington and Jacobsen, and further in view of Singh, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Singh to improve upon those of Lin in order to improve enterprise security by tracking and calculating risk of assets and entities.
With respect to claim 64, Lin discloses: the computer-implemented method of claim 63, wherein the enterprise is a small or medium-sized business, family, church, religious organization, club, or educational institution (i.e., an enterprise that can utilize a scalable cloud-based security solution; the enterprise relying on more cloud-based services due to a mobile workforce with less emphasis on perimeter defense deployments in Lin, ¶0026-0027).
With respect to claim 65, Lin discloses: the computer-implemented method of claim 64, wherein the user is an employee, agent, or member of the enterprise (i.e., employees, contractors, partners of the enterprise in Lin, ¶0026-0027).
With respect to claim 66, Lin discloses: the computer-implemented method of claim 63, wherein digital assets further include assets owned by the user and used for enterprise operations (i.e., laptops, desktops in employee's homes with a user-centric policy tied to the user instead of the device to perform security functions in Lin, ¶0027, ¶0028).
With respect to claim 67, Lin discloses: the computer-implemented method of claim 63, wherein digital assets are selected from the group consisting of electronic devices, applications, identities, shared sensitive information, online accounts, and online services (i.e., geographically dispersed devices and users; monitoring access to sensitive data in Lin, ¶0027, ¶0081).
With respect to claim 72, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses: the computer-implemented method of claim 63, wherein a quantitative user risk profile for a user numerically represents a combined security state of digital assets assigned to the user (i.e., aggregating risk scores off an arbitrary number of users and devices to determine a risk score in aggregate of a population of devices in Pilkington, ¶0046, ¶0047).
Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise.
With respect to claim 73, Lin discloses: the computer-implemented method of claim 63, further comprising defining a user-specific digital protection policy for a user based on a quantitative user risk profile (i.e., risk scores indicate compromised users or unintended privileged access; policies are user centric and not tied to devices; output a quantifiable risk of the user and output insights, scores, and actionable items to mitigate the risk in Lin, ¶0021, ¶0028, ¶0068).
With respect to claim 77, the limitation(s) of claim 77 are similar to those of claim(s) 63. Therefore, claim 77 is rejected with the same reasoning as claim(s) 63.
With respect to claim 80, the limitation(s) of claim 80 are similar to those of claim(s) 63. Therefore, claim 80 is rejected with the same reasoning as claim(s) 63.
With respect to claim 82, the limitation(s) of claim 82 are similar to those of claim(s) 67. Therefore, claim 82 is rejected with the same reasoning as claim(s) 67.
With respect to claim 83, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses: the method of claim 63, further comprising sending, to a device selected for a remediation, a remediation payload comprising instructions for a remediation agent of the device to effect the remediation (in response to determining a risk score exceeding a threshold, "Software may, additionally or alternatively, be deployed to the accounts or computing devices to monitor actions or behaviors on the computing devices or associated accounts, depending on the determined risk severity" in Pilkington, ¶0018, ¶0056).
Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise.
Claim(s) 68-71 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. (US 2021/0392146 A1) in view of Pilkington et al. (US 2019/0044969 A1), Jacobsen et al. (US 2017/0353500 A1) and Singh et al. (US 2014/0279641 A1), and further in view of Kuppa et al. (US 2022/0286474 A1).
With respect to claim 68, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Kuppa, in order to improve prioritization of remediating issues identified in quantified security assessments (¶0002), discloses: the computer-implemented method of claim 63, wherein computing a user risk profile comprises computing a sum of weighted scores for a plurality of risk categories (i.e., assets with different security controls configured, an overall causal effect of each security control can be determined; computing a weighted average as a summation of weighted scores based on the plurality of individuals and assets in Kuppa, ¶0049, ¶0067).
Based on Lin in view of Pilkington, Jacobsen and Singh, and further in view of Kuppa, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Kuppa to improve upon those of Lin in order to improve prioritization of remediating issues identified in quantified security assessments.
With respect to claim 69, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Kuppa, in order to improve prioritization of remediating issues identified in quantified security assessments (¶0002), discloses: the computer-implemented method of claim 68, wherein the weighted scores are uniformly values between 0 and 1 (i.e., respective weighting for different contributions sum up to 1.0 and are less than 1.0 in Kuppa, ¶0064).
Based on Lin in view of Pilkington, Jacobsen and Singh, and further in view of Kuppa, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Kuppa to improve upon those of Lin in order to improve prioritization of remediating issues identified in quantified security assessments.
With respect to claim 70, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Kuppa, in order to improve prioritization of remediating issues identified in quantified security assessments (¶0002), discloses: the computer-implemented method of claim 68, wherein the sum of weighted scores total substantially 1.0 (i.e., stakeholders can assign weightings to particular parameters of a risk trade off score, the weights corresponding to prevention, detection, and response sum up to a weight of 1 in Kuppa, ¶0064).
Based on Lin in view of Pilkington, Jacobsen and Singh, and further in view of Kuppa, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Kuppa to improve upon those of Lin in order to improve prioritization of remediating issues identified in quantified security assessments.
With respect to claim 71, Lin discloses: the computer-implemented method of claim 68, wherein the risk categories comprise
security (i.e., security risk determination, determining infection risk based on URL behavior analysis in Lin, ¶0071, ¶0076),
privacy (i.e., to prevent data theft, scoring based on data leakage or trade secret theft based on employee access privileges and behavior compared to peers of similar job function in Lin, ¶0079, ¶0081, ¶0084), and
identity (i.e., identify highly privileged users based on collaboration pattern and other insiders to derive risk and alert severity of monitored behavior in Lin, ¶0079).
Claim(s) 74-76, 78, and 79 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. (US 2021/0392146 A1) in view of Pilkington et al. (US 2019/0044969 A1), Jacobsen et al. (US 2017/0353500 A1), and Singh et al. (US 2014/0279641 A1), and further in view of Gorlamandala (US 2020/0356676 A1).
With respect to claim 74, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Gorlamandala, in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems (¶0017), discloses: the computer-implemented method of claim 73, further comprising presenting to a human security operator an actional graphical display comprising a set of prioritized protection actions to enforce the specific digital protection policy (i.e., provide a report to a user via display of an email or text message or document on the user device; an entity or event may be classified into different risk levels; recommendations can be prioritized based on the severity of the risks in Gorlamandala, ¶0017, ¶0057).
Based on Lin in view of Pilkington, Jacobsen, and Singh, and further in view of Gorlamandala, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Gorlamandala to improve upon those of Lin in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems.
With respect to claim 75, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin, Pilkington, Jacobsen, and Singh do(es) not explicitly disclose the following. Gorlamandala, in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems (¶0017), discloses: the computer-implemented method of claim 63, further comprising providing a weekly report to show remedial actions for one or more users, groups, or subgroups to take to remediate one or more problematic digital protection states (i.e., users may subscribe to receive the reports periodically, the reports may be sent to an individual or group of people; the report contains remediation actions for the corresponding risk scores events/assets in Gorlamandala, ¶0017, ¶0057).
Based on Lin in view of Pilkington, Jacobsen, and Singh, and further in view of Gorlamandala, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Gorlamandala to improve upon those of Lin in order to improve risk mitigation processes prioritizing risky entities based on normalized risk scores from external systems.
With respect to claim 76, Lin discloses scoring is based on a combination of outputs from different models to identify user function, behavior, and scoring rules (¶0088). Lin do(es) not explicitly disclose the following. Pilkington, in order to improve awareness of security situation for higher value devices within an enterprise (¶0049), discloses: the computer-implemented method of claim 75, wherein the weekly report further provides digital protection score trends and remedial action trends (i.e., visualize trends in risk scores and reductions in risk after security measures are rolled out in Pilkington, ¶0047).
Based on Lin in view of Pilkington, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pilkington to improve upon those of Lin in order to improve awareness of security situation for higher value devices within an enterprise.
With respect to claim 78, the limitation(s) of claim 78 are similar to those of claim(s) 75. Therefore, claim 78 is rejected with the same reasoning as claim(s) 75.
With respect to claim 79, the limitation(s) of claim 79 are similar to those of claim(s) 76. Therefore, claim 79 is rejected with the same reasoning as claim(s) 76.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sherman Lin
6/27/2026
/S. L./Examiner, Art Unit 2447
/JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447