Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Under Step 1 of the patent eligibility analysis, it must first be determined whether the claims are directed to one of the four statutory categories of invention. Applying Step 1 to the claims it is determined that: claims 1-9 are directed to a process; and claims 10-20 are directed to a machine.
Independent Claims
Under Step 2A Prong 1 of the patent eligibility analysis, it must be determined whether the claims recite an abstract idea that falls within one or more designated categories or “buckets” of patent ineligible subject matter that amount to a judicial exception to patentability.
The independent claims recite an abstract idea. Specifically, all the limitations of independent claim 1 recites an abstract idea because all the limitations of claim 1 recite fundamental economic principles or practices. That is, all of the limitations in claim 1 involve identifying and analyzing regulatory requirements for a regulated entity and complying with the regulatory requirements. Analyzing and complying with regulatory requirements is fundamental economic practice. Claim 1 recites an abstract idea.
Claims 10 and 16 recite similar limitations as claim 11 and accordingly recite an abstract idea for similar reasons.
Under Step 2A Prong 2 of the patent eligibility analysis, it must be determined whether the identified, recited abstract idea includes additional elements that integrate the abstract idea into a practical application.
The additional elements of the independent claims do not integrate the abstract idea into a practical application. Claim 1 recites no additional elements. Claims 10 and 16 recite the additional elements "a memory for storing machine-readable instructions; and a processor for accessing the machine-readable instructions and executing the machine-readable instructions as operations" and a "non-transitory machine-readable medium having machine executable instructions for a virtual auditor causing a processor to execute operations", respectively. These additional elements, when considered individually or in combination, do not integrate the abstract idea into a practical application because the additional elements are recited at a high-level of generality such that it amounts to no more than mere instructions to apply the exception using generic computer components. Claims 1, 10 and 16 are directed to an abstract idea.
Under Step 2B of the patent eligibility analysis, the additional elements are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea (i.e., an innovative concept).
The independent claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, claim 1 recites no additional elements and the additional elements in claims 10 and 16 amount to no more than mere instructions to apply the exception. Claims 1, 10 and 16 are not patent eligible.
Dependent Claims
The dependent claims are rejected under §101 as directed to an abstract idea for the following reasons.
Claims 2, 3, 11, 12, 17, and 18 recite the same abstract as the independent claims because monitoring operational data to identify suspicious anomalies is a part of complying with regulatory requirements.
Claims 4, 6, 7 and 13 recite the same abstract idea as the independent claims because assessing different amounts and overlaps of regulatory parameters is a part of analyzing regulatory requirements.
Claims 5 and 14 recite the additional elements of storing and accessing the inclusive evidentiary package in memory. These additional elements do not integrate the abstract idea into a practical application because the additional elements encompass a generic computer function of storing and sending data, see MPEP 2106.05(f)(2) (noting the use of computers in their ordinary capacity to receive, store, or transmit data does not integrate a judicial exception into a practical application).
Claims 8, 9, 15, 19, and 20 recite the same abstract idea as updating monitoring and control processes, including security functions, is a part of complying with regulatory requires (e.g., correcting issues that might not comply with regulations).
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1, 4-10, 13-16, 19 and 20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Clark et al, US Pub. No. 2020/0050620, herein referred to as “Clark”.
Regarding claim 1, Clark teaches:
identifying a compliance standard for a regulated entity based on a regulatory compliance monitoring and enforcement program report (monitors rules and regulations to identify and map relevant regulations, e.g., ¶¶[0039], [0086]; see also ¶[0085] discussing Fig. 7 and creating a summary of requirements and associated tasks)
comparing evidentiary request packages to substantiate the compliance standard from a plurality of regulatory authorities including a first regulatory authority and a second regulatory authority, wherein an evidentiary request package defines status indicators of parameters for the regulated entity to meet the compliance standard (determines requirements across multiple regulatory bodies and/or jurisdictions by taking a of requirements in one jurisdiction (first module) and comparing it to the requirements in a second jurisdiction (second module), ¶[0117]; see also e.g., ¶¶[0055], [0110] discussing generating regulatory reports)
and wherein a first evidentiary request package of the first regulatory authority is different than a second evidentiary request package of the second regulatory authority (determines similarity and differences between jurisdictional requirements, ¶[0117]);
generating an inclusive evidentiary package based on the comparison (generate a new list of compliance requirements covering the individual requirements from all jurisdictions, ¶[0117]; see also ¶[0118] discussing generating compliance steps that satisfy two or more compliance requirements from differing jurisdictions, ¶[0118]);
generating an evidentiary submittal package for the first regulatory authority based on the inclusive evidentiary package (generates reports that are specific to that regulatory body, ¶[0110]);
selecting an asset of the regulated entity based on the evidentiary submittal package (takes operation data for generating report, e.g., ¶¶[0094], [0104], [0110]);
receiving operational data associated with the asset based on the evidentiary submittal package (extracts operational data, ¶[0101]);
and applying a compliance result to the compliance standard based on an analysis of the operational data (labels compliance tasks as opened, closed, etc., ¶¶[0087], [0110]).
Regarding claim 4, Clark teaches all the limitations of claim 1 and further teaches:
wherein the first evidentiary request package has a first number of parameters and the second evidentiary request package has a second number parameters, wherein the comparison determines whether the first evidentiary request package or the second evidentiary request package has a larger number of parameters (determines differences between compliance requirements between jurisdictions, ¶[0119]).
Regarding claim 5, Clark teaches all the limitations of claim 1 and further teaches:
wherein the inclusive evidentiary package is stored in a memory (stores and tracks data related to compliance with regulatory obligations, ¶[0115]),
and generating the evidentiary submittal package includes accessing the memory (first and second modules used to create new list of compliance requirements are stored in system databases, ¶[0117]).
Regarding claim 6, Clark teaches all the limitations of claim 1 and further teaches:
wherein the first evidentiary request package includes a first set of parameters, the second evidentiary request package include a second set of parameters, and a third evidentiary request package includes a third set of parameters (processes rules and regulations from multiple jurisdictions, ¶[0117])
and wherein the comparison determines whether the first evidentiary request package, the second evidentiary request package, or the third evidentiary request package has a set with this highest degree of overlapping parameters (determines similarity scores of jurisdictions, ¶¶[0117], [0119]).
Regarding claim 7, Clark teaches all the limitations of claim 1 and further teaches:
wherein identifying the inclusive evidentiary package further comprises generating the inclusive evidentiary package with parameters from the first evidentiary request package and the second evidentiary request package (generates new list of compliance requirements covering the individual requirements from all jurisdictions, ¶[0117]).
Regarding claim 8, Clark teaches all the limitations of claim 1 and further teaches:
updating control or monitoring parameters of the asset based on the compliance result to cause the asset to alter operation or monitoring of the asset (updates user’s workflow to include new tasks, rules and requirements, ¶[0104]).
Regarding claim 9, Clark teaches all the limitations of claim 8 and further teaches:
wherein the control or monitoring parameters cause the asset to update security functions (tasks are assigned to cyber security, ¶[0106]).
Regarding claim 10, Clark teaches:
a memory for storing machine-readable instructions; and a processor for accessing the machine-readable instructions and executing the machine-readable instructions as operations, the operations comprising (processors, memory and instructions, ¶[0123]):
identifying a compliance standard for a regulated entity based on a regulatory compliance monitoring and enforcement program report (monitors rules and regulations to identify and map relevant regulations, e.g., ¶¶[0039], [0086]; see also ¶[0085] discussing Fig. 7 and creating a summary of requirements and associated tasks)
comparing evidentiary request packages to substantiate the compliance standard from a plurality of regional authorities including a first regional authority and a second regional authority, wherein an evidentiary request package defines status indicators of parameters for the regulated entity to meet the compliance standard (determines requirements across multiple regulatory bodies and/or jurisdictions by taking a of requirements in one jurisdiction (first module) and comparing it to the requirements in a second jurisdiction (second module), ¶[0117]; see also e.g., ¶¶[0055], [0110] discussing generating regulatory reports)
and wherein a first evidentiary request package of the first regional authority is different than a second evidentiary request package of the second regional authority (determines similarity and differences between jurisdictional requirements, ¶[0117]);
generating an inclusive evidentiary package based on the comparison (generate a new list of compliance requirements covering the individual requirements from all jurisdictions, ¶[0117]; see also ¶[0118] discussing generating compliance steps that satisfy two or more compliance requirements from differing jurisdictions, ¶[0118]);
generating an evidentiary submittal package for the first regional authority based on the inclusive evidentiary package (generates reports that are specific to that regulatory body, ¶[0110]);
selecting an asset of the regulated entity based on the evidentiary submittal package (takes operation data for generating report, e.g., ¶¶[0094], [0104], [0110]);
receiving operational data associated with the asset based on the evidentiary submittal package (extracts operational data, ¶[0101]);
and applying a compliance result to the compliance standard based on an analysis of the operational data (labels compliance tasks as opened, closed, etc., ¶¶[0087], [0110]).
Regarding claim 13, Clark teaches all the limitations of claim 10 and further teaches:
wherein the first evidentiary request package has a first number of parameters and the second evidentiary request package has a second number parameters, wherein the comparison determines whether the first evidentiary request package or the second evidentiary request package has a larger number of parameters (determines differences between compliance requirements between jurisdictions, ¶[0119]).
Regarding claim 14, Clark teaches all the limitations of claim 10 and further teaches:
wherein the inclusive evidentiary package is stored in a memory (stores and tracks data related to compliance with regulatory obligations, ¶[0115]),
and generating the evidentiary submittal package includes accessing the memory (first and second modules used to create new list of compliance requirements are stored in system databases, ¶[0117]).
Regarding claim 15, Clark teaches all the limitations of claim 10 and further teaches:
updating control or monitoring parameters of the asset based on the compliance result to cause the asset to alter operation or monitoring of the asset (updates user’s workflow to include new tasks, rules and requirements, ¶[0104]).
Regarding claim 16, Clark teaches:
A non-transitory machine-readable medium having machine executable instructions for a virtual auditor causing a processor to execute operations, the operations comprising (memory and instructions, ¶[0123]):
identifying a compliance standard for a regulated entity based on a regulatory compliance monitoring and enforcement program report (monitors rules and regulations to identify and map relevant regulations, e.g., ¶¶[0039], [0086]; see also ¶[0085] discussing Fig. 7 and creating a summary of requirements and associated tasks)
comparing evidentiary request packages to substantiate the compliance standard from a plurality of regional authorities including a first regional authority and a second regional authority, wherein an evidentiary request package defines status indicators of parameters for the regulated entity to meet the compliance standard (determines requirements across multiple regulatory bodies and/or jurisdictions by taking a of requirements in one jurisdiction (first module) and comparing it to the requirements in a second jurisdiction (second module), ¶[0117]; see also e.g., ¶¶[0055], [0110] discussing generating regulatory reports)
and wherein a first evidentiary request package of the first regional authority is different than a second evidentiary request package of the second regional authority (determines similarity and differences between jurisdictional requirements, ¶[0117]);
generating an inclusive evidentiary package based on the comparison (generate a new list of compliance requirements covering the individual requirements from all jurisdictions, ¶[0117]; see also ¶[0118] discussing generating compliance steps that satisfy two or more compliance requirements from differing jurisdictions, ¶[0118]);
generating an evidentiary submittal package for the first regional authority based on the inclusive evidentiary package (generates reports that are specific to that regulatory body, ¶[0110]);
selecting an asset of the regulated entity based on the evidentiary submittal package (takes operation data for generating report, e.g., ¶¶[0094], [0104], [0110]);
receiving operational data associated with the asset based on the evidentiary submittal package (extracts operational data, ¶[0101]);
and applying a compliance result to the compliance standard based on an analysis of the operational data (labels compliance tasks as opened, closed, etc., ¶¶[0087], [0110]).
Regarding claim 19, Clark teaches all the limitations of claim 16 and further teaches:
updating control or monitoring parameters of the asset based on the compliance result to cause the asset to alter operation or monitoring of the asset (updates user’s workflow to include new tasks, rules and requirements, ¶[0104]).
Regarding claim 20, Clark teaches all the limitations of claim 19 and further teaches:
wherein the control or monitoring parameters cause the asset to update security functions (tasks are assigned to cyber security, ¶[0106]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2, 3, 11, 12, 17 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Clark in view of Ravi, US Pub. No. 2018/0189797, herein referred to as “Ravi”.
Regarding claim 2, Clark teaches all the limitations of claim 1 and further teaches:
wherein the operational data is received from the asset at a first time and from the asset at a second time after the first time (extracts operational data, ¶[0101]; see also ¶[0112] discussing real-time monitoring).
However Clark does not teach but Ravi does teach:
the analysis includes analyzing the operational data of the asset to identify an anomaly, the method further comprising (performs risk analysis, ¶[0051], to determine anomalous activities, ¶[0058]; see also e.g., ¶¶[0002], [0026] discussing regulated entities):
classifying the anomaly as system noise or suspicious based on an operational differential between the first time and the second time (determines categories of risk including suspicious, ¶[0058]; see also ¶[0042] discussing learning over time).
Further, it would have been obvious before the effective filing date of the claimed invention, to combine the compliance monitoring of Clark with the compliance validation of Ravi because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F. That is, one of ordinary skill would have recognized users of Clark would likely also be interested in validating compliance with regulations of their assets and accordingly would have modified Clark to incorporate the compliance validation of Ravi.
Regarding claim 3, the combination of Clark and Ravi teaches all the limitations of claim 2 and Ravi further teaches:
wherein the compliance result applied is a vulnerable status in response to the anomaly being classified as suspicious (flags asset as non-compliant or suspicious ¶¶[0057]-[0059]).
Further, it would have been obvious before the effective filing date of the claimed invention, to combine the compliance monitoring of Clark with the compliance validation of Ravi because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F. That is, one of ordinary skill would have recognized users of Clark would likely also be interested in validating compliance with regulations of their assets and accordingly would have modified Clark to incorporate the compliance validation of Ravi.
Regarding claim 11, Clark teaches all the limitations of claim 10 and further teaches:
wherein the operational data is received from the asset at a first time and from the asset at a second time after the first time (extracts operational data, ¶[0101]; see also ¶[0112] discussing real-time monitoring).
However Clark does not teach but Ravi does teach:
the analysis includes analyzing the operational data of the asset to identify an anomaly, the method further comprising (performs risk analysis, ¶[0051], to determine anomalous activities, ¶[0058]; see also e.g., ¶¶[0002], [0026] discussing regulated entities):
classifying the anomaly as system noise or suspicious based on an operational differential between the first time and the second time (determines categories of risk including suspicious, ¶[0058]; see also ¶[0042] discussing learning over time).
Further, it would have been obvious before the effective filing date of the claimed invention, to combine the compliance monitoring of Clark with the compliance validation of Ravi because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F. That is, one of ordinary skill would have recognized users of Clark would likely also be interested in validating compliance with regulations of their assets and accordingly would have modified Clark to incorporate the compliance validation of Ravi.
Regarding claim 12, the combination of Clark and Ravi teaches all the limitations of claim 11 and Ravi further teaches:
wherein the compliance result applied is a vulnerable status in response to the anomaly being classified as suspicious (flags asset as non-compliant or suspicious ¶¶[0057]-[0059]).
Further, it would have been obvious before the effective filing date of the claimed invention, to combine the compliance monitoring of Clark with the compliance validation of Ravi because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F. That is, one of ordinary skill would have recognized users of Clark would likely also be interested in validating compliance with regulations of their assets and accordingly would have modified Clark to incorporate the compliance validation of Ravi.
Regarding claim 17, Clark teaches all the limitations of claim 16 and further teaches:
wherein the operational data is received from the asset at a first time and from the asset at a second time after the first time (extracts operational data, ¶[0101]; see also ¶[0112] discussing real-time monitoring).
However Clark does not teach but Ravi does teach:
the analysis includes analyzing the operational data of the asset to identify an anomaly, the method further comprising (performs risk analysis, ¶[0051], to determine anomalous activities, ¶[0058]; see also e.g., ¶¶[0002], [0026] discussing regulated entities):
classifying the anomaly as system noise or suspicious based on an operational differential between the first time and the second time (determines categories of risk including suspicious, ¶[0058]; see also ¶[0042] discussing learning over time).
Further, it would have been obvious before the effective filing date of the claimed invention, to combine the compliance monitoring of Clark with the compliance validation of Ravi because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F. That is, one of ordinary skill would have recognized users of Clark would likely also be interested in validating compliance with regulations of their assets and accordingly would have modified Clark to incorporate the compliance validation of Ravi.
Regarding claim 18, the combination of Clark and Ravi teaches all the limitations of claim 17 and Ravi further teaches:
wherein the compliance result applied is a vulnerable status in response to the anomaly being classified as suspicious (flags asset as non-compliant or suspicious ¶¶[0057]-[0059]).
Further, it would have been obvious before the effective filing date of the claimed invention, to combine the compliance monitoring of Clark with the compliance validation of Ravi because known work in one field of endeavor may prompt variations of it for use in the same field based on design incentives, see MPEP 2143.I.F. That is, one of ordinary skill would have recognized users of Clark would likely also be interested in validating compliance with regulations of their assets and accordingly would have modified Clark to incorporate the compliance validation of Ravi.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Goodlett et al, US Pub. No. 2004/0193634 teaches a similar regulatory management system
Hotchkiss et al, US Pub. No. 2006/0101027 teaches a similar method for deriving compliance requirements
D. G. Gordon and T. D. Breaux, "Comparing requirements from multiple jurisdictions," 2011 Fourth International Workshop on Requirements Engineering and Law, Trento, Italy, 2011, pp. 43-49 teaches a similar process of assessing requirements from multiple jurisdictions
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRENDAN S O'SHEA whose telephone number is (571)270-1064. The examiner can normally be reached Monday to Friday 10-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nathan Uber can be reached at (571) 270-3923. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRENDAN S O'SHEA/Examiner, Art Unit 3626
1 Examiner notes claims 10 and 16 refer to regional authorities instead of regulatory authorities but does not find this difference significantly alters the eligibility analysis because the concepts are generally similar and Examiner analyzes the claims concurrently here for the sake of brevity.