Prosecution Insights
Last updated: July 17, 2026
Application No. 18/678,378

SYSTEMS AND METHODS FOR PREDICTING CYBERSECURITY RISK BASED ON ENTITY FIRMOGRAPHICS

Final Rejection §103
Filed
May 30, 2024
Examiner
NAHAR, SAYEDA S
Art Unit
2435
Tech Center
2400 — Computer Networks
Assignee
Bitsight Technologies Inc.
OA Round
2 (Final)
74%
Grant Probability
Favorable
3-4
OA Rounds
1y 4m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 74% — above average
74%
Career Allowance Rate
26 granted / 35 resolved
+16.3% vs TC avg
Strong +25% interview lift
Without
With
+25.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
22 currently pending
Career history
56
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
97.6%
+57.6% vs TC avg
§102
0.6%
-39.4% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 35 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment 2. This is in response to the amendments filed on 04/27/2026. Claims 1, 5, 10, 14, 16, and 21 have been amended. Claims 1-21 are currently pending and have been considered below. Response to Arguments 3. Applicant’s arguments filed on 04/27/2026 have been fully considered but they are not persuasive. On the Remarks, Applicant argues that; Gray, Light, and Sweeney, individually or in combination, fail to teach "each respective breach indicator value is (i) mapped to a respective entity of the entities and (ii) an evaluation of whether at least one of the first security incidents is associated with the respective entity during a time period," and "training, using (i) the breach indicator values, (ii) the aggregated risk feature values, and (iii) the firmographic parameter values of the training dataset, a cybersecurity risk assessment model" as presently recited in amended independent claim 1. Gray's confidence values fail to teach or suggest "each respective breach indicator value is (i) mapped to a respective entity of the entities and (ii) an evaluation of whether at least one of the first security incidents is associated with the respective entity during a time period" as presently recited in amended independent claim 1. The examiner respectfully disagrees. First, in response to applicant's argument that Gray does not disclose "each respective breach indicator value is (i) mapped to a respective entity of the entities and (ii) an evaluation of whether at least one of the first security incidents is associated with the respective entity during a time period", it is noted that, Gray at Para.0087, Para.0090 discloses, “a set of confidence values …. for the cyber security questionnaire”, “an indication of the …. high-risk security behaviors, a confidence value for the one or more high-risk security behaviors” which the examiner interpreted as being the claimed “plurality of breach indicator values” because the broadest reasonable interpretation of the claimed “plurality of breach indicator values” includes a set of confidence values associated with the cyber security questionnaire which is an indication of the high-risk security behaviors of the data sets derived from cyber security questionnaires, equivalent to the claimed ‘plurality of breach indicator values’/breach dataset comprising a plurality of breach indicator values. Also, it is noted that, Gray at Para.0054, Para.0005 discloses, “a set of confidence values …. for the cyber security questionnaire”, “a cyber security questionnaire for a vendor” which the examiner interpreted as being the claimed “each respective breach indicator value is (i) mapped to a respective entity of the entities”. Moreover, it is noted that, Gray at Para.0010, Para.0008, Para.0042, Para.0038 discloses, “a confidence value for the one or more high-risk security behaviors”, “a set of confidence values for …..the cyber security questionnaire.”, “cyber security questionnaire for a vendor…. include previous questionnaire data …. associated with the vendor (e.g., one or more events that have previously or are currently occurring at the vendor, such as data breaches, security behaviors or violations of security …. rules”, “analyzed …. high-risk practices. Periodically …e.g., quarterly, monthly, annually…. and corresponding confidence scores….. for various behaviors for the vendor …. Periodically”, which the examiner interpreted as being the claimed “each respective breach indicator value is…..(ii) an evaluation of at least one of the first security incidents being associated with the respective entity during a time period” because the broadest reasonable interpretation of the claimed “each respective breach indicator value is…..(ii) an evaluation of at least one of the first security incidents being associated with the respective entity during a time period” includes one or more events that have previously or are currently occurring at the vendor, such as data breaches, security behaviors or violations of security rule, equivalent to the claimed ‘one of the first security incidents being associated with the respective entity’. Also analyzing high-risk practices and corresponding confidence scores for various behaviors of a particular vendor, periodically [e.g., quarterly, monthly, annually] is equivalent to the claimed ‘each respective breach indicator value is…..(ii) an evaluation of at least one of the first security incidents being associated with the respective entity during a time period’. Second, in response to applicant's argument that Gray does not disclose "training, using (i) the breach indicator values, (ii) the aggregated risk feature values, and (iii) the firmographic parameter values of the training dataset, a cybersecurity risk assessment model", it is noted that, Gray at Para.0116, Para.0093, Para.0087 discloses “training the machine learning model based … on the set of questionnaire data”, “adding the set of …. response outputs for the cyber security questionnaire for the vendor to the set of questionnaire data”, “calculating a set of confidence values for the set of …. response outputs for the cyber security questionnaire”, “a confidence value for the one or more high-risk security behaviors“ which the examiner interpreted as being the claimed “training, using (i) the breach indicator values …. of the training dataset" because the broadest reasonable interpretation of the claimed “training, using (i) the breach indicator values …. of the training dataset" includes a set of confidence values for the one or more high-risk security behaviors [claimed ‘breach indicator values’] which is calculated for the set of response outputs for the cyber security questionnaire, which is then added to the set of questionnaire data, used to train a dataset [claimed ‘the training dataset’]. Also, Gray at Para.0116, Para.0108 discloses “a set of questionnaire data for a plurality of vendors…. comprising response inputs for the cyber security questionnaire ….. and training the machine learning model based …. on the set of questionnaire data”, “aggregating…. each …...set of risk score values for each of the ….. candidate response inputs for the cyber security questionnaire” which the examiner interpreted as being the claimed ‘training, using …. (ii) the aggregated risk feature values …. of the training dataset’’, because set of risk score values are aggregated for each of the multiple sets of candidate response inputs for the cyber security questionnaire, which is used to train a dataset. Finally, Gray at Para.0037, Para.0035, Para.0068 discloses; “train a data set …. input one or more parameters …..a probability of likelihood based on the parameters..”, “how a given vendor …. answer each question …. based on one or more parameters (e.g., firmographics)”, “inputting parameters …. using the trained data set to determine a …. set of answers to each …. questionnaire” which the examiner interpreted as being the claimed ‘training, using …. iii) the firmographic parameter values of the training dataset’’. In response to applicant's argument that, Gray's confidence values fail to teach or suggest "each respective breach indicator value is (i) mapped to a respective entity of the entities and (ii) an evaluation of whether at least one of the first security incidents is associated with the respective entity during a time period", it is already disclosed above that Gray teaches this limitation. It is clearly indicated that Gray discloses “each respective breach indicator value is (i) mapped to a respective entity of the entities and (ii) an evaluation of whether at least one of the first security incidents is associated with the respective entity during a time period," and "training, using (i) the breach indicator values, (ii) the aggregated risk feature values, and (iii) the firmographic parameter values of the training dataset, a cybersecurity risk assessment model", and the rejection of such is sustained below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 4. Claims 1,5-13,15-21 are rejected under AIA 35 U.S.C. 103 as being unpatentable over Gray et al (US 20240169293 A1) in view of Light et al. (US 10764298 B1) and further in view of Sweeney et al. (US 20170213292 A1) Regarding Claim 1: Gray discloses: a. A computer-implemented method for training a model to predict a cybersecurity risk based on entity firmographics, (Para.0004, Abstract; “method for predictively assessing vendor risk ….. include ……inputs for the cyber security questionnaire based ….. on a machine learning model”, “a given vendor will answer each question in a ….assessment based on ….. parameters (e.g., firmographics)”) the method comprising: b. generating, based on a first security incident dataset comprising a plurality of first security incidents, (Para.0042, Para.0002; “associated with the vendor (e.g., one or more events that have previously or are currently occurring at the vendor, such as data breaches, security behaviors or violations of security ….. rules”, “poor security behaviors of the one or more vendors” one or more events that have previously or are currently occurring at the vendor, such as data breaches, security behaviors or violations of security rule are construed as a plurality of first security incidents) a breach dataset (Para.0036, Para.0004, Para.0042; “data sets derived from …questionnaires”, “a cyber security questionnaire for a vendor”, “the device may receive…. cyber security questionnaire for a vendor. ….. security evaluations, …. associated with the vendor (e.g., one or more events that have previously or are currently occurring at the vendor, such as data breaches, security behaviors”) comprising a plurality of breach indicator values (Para.0087, Para.0090; “a set of confidence values …. for the cyber security questionnaire”, “an indication of the …. high-risk security behaviors, a confidence value for the one or more high-risk security behaviors” a set of confidence values associated with the cyber security questionnaire which is an indication of the high-risk security behaviors of the data sets derived from cyber security questionnaires (claimed ‘breach dataset’), are construed as a plurality of breach indicator values, breach dataset comprising a plurality of breach indicator values) for a plurality of entities, (Para.0002; “one or more vendors”) wherein each respective breach indicator value is (i) mapped to a respective entity of the entities (Para.0054, Para.0005; “a set of confidence values …. for the cyber security questionnaire”, “a cyber security questionnaire for a vendor”) and (ii) an evaluation of whether at least one of the first security incidents is associated with the respective entity during a time period; (Para.0010, Para.0008, Para.0042, Para.0038; “a confidence value for the one or more high-risk security behaviors”, “a set of confidence values for …..the cyber security questionnaire.”, “cyber security questionnaire for a vendor…. include …..one or more events that have previously or are currently occurring at the vendor, such as data breaches, security behaviors or violations of security …. rules”, “analyzed …. high-risk practices. Periodically …e.g., quarterly, monthly, annually…. and corresponding confidence scores….. for various behaviors for the vendor …. Periodically” analyzing high-risk practices and corresponding confidence scores for various behaviors of a particular vendor, periodically [e.g., quarterly, monthly, annually] is construed as ‘evaluation of at least one of the first security incidents being associated with the respective entity during a time period) c. joining, based on the entities, the breach indicator values of the breach dataset to a plurality of firmographic parameter values corresponding to the entities; (Para.0007, Para.0010, Para.0042, Para.0035; “one or more input parameter values for a cyber security questionnaire for a vendor, the one or more input parameter values comprising …. rating information associated with the vendor…..”, “a confidence value for the one or more high-risk security behaviors”, “ratings information ….associated with the vendor (e.g., security ratings or …. security evaluations”, “how a given vendor …. answer each question …. based on one or more parameters (e.g., firmographics)” input parameter values/ firmographics comprises rating information associated with the vendor/confidence value for the one or more high-risk security behaviors associated with the vendor which is construed as the claimed ‘joining, based on the entities, the breach indicator values of the breach dataset to a plurality of firmographic parameter values corresponding to the entities’) d. obtaining a …..security observation dataset …… associated with a …..geographic locations; (Para.0034, Para.0119; “the vendor 110-d …. fail to respond or refuse to respond …. resulting in insufficient security data and heightened risk ….. vendor 110-d may engage in risky behaviors, as indicated in a filled out security questionnaire….”, “the demographic data for the vendor may include …. a geographical location of the vendor”) e. determining, based on the …..security observation dataset, a plurality of aggregated risk feature values for the geographic locations, (Para.0038; “for a given vendor …. possible assessments that are individually scored for risk levels. The scores are then aggregated to …. produce the possible high-risk practices” for a given vendor, possible assessments that are individually scored for risk levels. are then aggregated which is construed as aggregated risk feature value for one vendor, aggregated risk feature values associated with multiple vendors are construed as a plurality of aggregated risk feature values) wherein …..geographic location is associated with at least one of the aggregated risk feature values; (Para.0094, Para.0086; “the candidate response input ….. support a means for a geographical location of the vendor”, “a set of predictive response ……for the cyber security questionnaire based on a distribution of the aggregated set of risk score values for each of the multiple sets of candidate response inputs for the cyber security questionnaire”) f. joining, based on the geographic locations, the aggregated risk feature values to the breach indicator values and the firmographic parameter values to form a training dataset (Para.0037, Para.0116, Para.0108, Para.0008; “train a data set ….for a given vendor …. input one or more parameters …..a probability of likelihood based on the parameters (e.g., company demographics ..”, “a set of questionnaire data for a plurality of vendors…. comprising response inputs for the cyber security questionnaire ….. and training the machine learning model based …. on the set of questionnaire data”, “aggregating…. each …...set of risk score values for each of the ….. candidate response inputs for the cyber security questionnaire”, “…..calculating a set of confidence values for the ….. cyber security questionnaire” set of risk score values are aggregated for each of the multiple sets of candidate response inputs for the cyber security questionnaire, which is used to train a dataset along with one or more parameters and confidence values, as confidence values are calculated for cyber security questionnaire and cyber security questionnaire are used to train dataset, thus it is construed that confidence values (claimed breach indicator values) are used to form a training dataset) comprising each of (i) the breach indicator values, (Para.0008, Para.0004; “a set of confidence values …. for the cyber security questionnaire”, “multiple sets of candidate response inputs for the cyber security questionnaire …. a machine learning model) (ii) the aggregated risk feature values, (Para.0116, Para.0108, Para.0028; “a set of questionnaire data for a plurality of vendors…. comprising response inputs for the cyber security questionnaire ….. and training the machine learning model based …. on the set of questionnaire data”, “aggregating…. each …...set of risk score values for each of the ….. candidate response inputs for the cyber security questionnaire”, “The scores are …. aggregated ….. to produce the possible high-risk practices”) and (iii) the firmographic parameter values; (Para.0037; “train a data set …. input one or more parameters …..a probability of likelihood based on the parameters (e.g., company demographics ..”) and g. training, using (i) the breach indicator values, (Para.0116, Para.0093, Para.0087; “training the machine learning model based … on the set of questionnaire data”, “adding the set of …. response outputs for the cyber security questionnaire for the vendor to the set of questionnaire data”, “calculating a set of confidence values for the set of …. response outputs for the cyber security questionnaire”, “a confidence value for the one or more high-risk security behaviors“ a set of confidence values for the one or more high-risk security behaviors [claimed ‘breach indicator values’] is calculated for the set of response outputs for the cyber security questionnaire, which is added to the set of questionnaire data, used to train a dataset [claimed ‘the training dataset’], construed as ‘training, using (i) the breach indicator values …. of the training dataset’) (ii) the aggregated risk feature values, (Para.0116, Para.0108; “a set of questionnaire data for a plurality of vendors…. comprising response inputs for the cyber security questionnaire ….. and training the machine learning model based …. on the set of questionnaire data”, “aggregating…. each …...set of risk score values for each of the ….. candidate response inputs for the cyber security questionnaire”) and (iii) the firmographic parameter values of the training dataset, (Para.0037, Para.0035, Para.0068; “train a data set …. input one or more parameters …..a probability of likelihood based on the parameters..”, “how a given vendor …. answer each question …. based on one or more parameters (e.g., firmographics)”, “inputting parameters ….using the trained data set to determine a …. set of answers to each …. questionnaire”) a cybersecurity risk assessment model configured to generate a predictive risk assessment for a first entity of the entities (Para.0013, Para.0027; “training the machine learning model may include ….. a set of …. response outputs for the cyber security questionnaire for a first subset of vendors of a plurality of vendors”, “a cyber security ….. questionnaire …. provide the assessment to multiple vendors, and request that each vendor provide assessment data (e.g., responses to the circulated questionnaire)”) based on a subset of the firmographic parameter values associated with the first entity. (Para.0013, Abstract; “for a first subset of vendors of a plurality of vendors ….according a first set of weight values corresponding to a set of input parameter values associated with the first subset of vendors”, “a given vendor will answer each question in a standardized assessment based on one or more parameters (e.g., firmographics)” first set of weight values corresponding to a set of input parameter values are construed as a subset of the firmographic parameter values) however, Gray does not explicitly disclose: d. obtaining a second security observation dataset comprising a plurality of second security observations associated with a plurality of geographic locations; e. determining, based on the second security observation dataset, a …..risk feature values for the geographic locations, wherein each geographic location is associated with ….. risk feature values; In an analogous reference Light discloses: d. obtaining a second security observation dataset comprising a plurality of second security observations associated with a ….. geographic locations; (Col.2, line 7-13/Col.2, line 25-30; “peer entities based on the value of one or more features can include ….The feature(s) can include ….; a geographical location of an entity ….”, “for a particular entity, (i) a value for one or more features of the entity and (ii) a number of security records for the entity, in which each security record being of a security risk type” a number of security records for each entity, in which each security record being of a security risk type construed as plurality of second security observation dataset) e. determining, based on the second security observation dataset, a …..risk feature values for the geographic locations, wherein ….. geographic location is associated with ….. risk feature values; (Col.4, line 1-15; “The features of an entity can include …. a geographical location of the entity….one or more security risk types of an entity (e.g., refer to …. Security Records”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gray’s method for predictively assessing vendor risk by enhancing Gray’s method to include Light’s method for comparing a particular entity to peer entities. The motivation: comparing a particular entity to peer entities so as to enable the particular entity to improve its security profile, is important. For example, the entity may improve its security profile by reducing its exposure to security threats and/or determining the measures the particular entity can take that would have greater impact on its security profile. however, Gray in view of Light does not explicitly disclose: d. ….a plurality of geographic locations…… e. …. each geographic location is associated with ….. risk feature values; In an analogous reference Sweeney discloses: d. ….a plurality of geographic locations…… (Para.0066; “multiple responding parties are geographically designated for their respective locations”) e. …. each geographic location is associated with ….. risk feature values; (Para.0100; “the multiple responding parties are geographically designated for their respective locations …. tracks risk placement parameters that specify amounts of risk ….by …. some of responding parties”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gray in view of Light’s method for predictively assessing vendor risk by enhancing Gray in view of Light’s method to include Sweeney’s method of graphically displaying distribution through placement channels for multiple placements. The motivation: multiple risk placements are possible on behalf of at least one requesting party through intermediaries to responding parties, a requesting party is depicted as a requesting party node in a first region. The two intermediaries are depicted as intermediary nodes in a second region adjoining the first region. The requesting party node is graphically connected by edges with the intermediary nodes. At least two responding parties are depicted as responding party nodes in a third region adjoining the second region and spaced apart from the first region. With respect to independent claim 21, a corresponding reasoning was given earlier in this section with respect to claim 1; therefore, claim 21 rejected, for similar reasons, under the grounds as set forth for claim 1. Regarding Claim 5: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein the evaluation of whether at least one of the first security incidents is associated with the respective entity during the time period (disclosed in claim 1) comprises a binary evaluation (Para.0043; “privacy controls of an entity's (e.g., vendor's) cyber security program…. may be …. binary information, with a value (e.g., 72) …..confirming the existence of a cyber security”) comprising (i) a first binary value identifying at least one of the first security incidents as associated with the respective entity during the time period (Gray, Para.0028, Para.0038; “high risk practices that are not mitigated with their own corresponding confidence scores”, “confidence scores for various behaviors for the vendor 110-a… and …. set of …. values corresponding to …. the …. Vendors…. for the cyber security questionnaire” high risk practices that are not mitigated with their own corresponding confidence scores are construed as a first binary value identifying at least one of the first security incidents) or (ii) a second value identifying none of the first security incidents as associated with the respective entity during the time period. Regarding Claim 6: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein the firmographic parameter values (Light, Col.2, line 5-15/Col.4, line 17-20; “the value of one or more features can include …. an industry of an entity….; a geographical location of an entity; or a size of an entity”, “entity features …. obtained from … a firmographics data source”) comprise one or more of: (i) …. geographic location parameter values, (Col.4, line 5-10; “a geographical location of the entity; …. based on one or more IP addresses associated with the entity”) (ii) a plurality of size parameter values, (Col.2, line 17-21; “The size of an entity can be based on a number of employees of the entity …. include …. 100 …. entities”) and (iii) a plurality of industry parameter values. (Col.4, line 1-5; “an industry; a sub-industry; a North American Industry … code…. an industry sector”) ….. (i) a plurality of geographic location …. (disclosed in claim 1) Regarding Claim 7: Gray in view of Light and further in view of Sweeney discloses: The method of claim 6, wherein: (i) a geographic location parameter value of the geographic location parameter values indicates a geographic location of the geographic locations associated with an entity of the entities; (ii) a size parameter value of the size parameter values indicates a size of the entity; and (iii) an industry parameter value of the industry parameter values indicates an industry associated with the entity. (disclosed in claim 6) Regarding Claim 8: Gray in view of Light and further in view of Sweeney discloses: The method of claim 6, wherein joining the breach indicator values to the firmographic parameter values (Gray, disclosed in claim 1) comprises: joining a breach indicator value of the breach indicator values to ….. parameter values based on the respective entity associated with the breach indicator value. ….. (Gray, disclosed in claim 1) joining a …. value …… to each of (i) a geographic location parameter value of the geographic location parameter values, (ii) a size parameter value of the size parameter values, and (iii) an industry parameter value of the industry parameter values based on the respective entity associated with the breach indicator value. (disclosed in claim 6) Regarding Claim 9: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein the second security observations comprise at least two security observation types. (Light, Col.4, line 1-15/Col.11, line 1-25; “features of an entity can include …. a security rating ….one or more security risk types of an entity (e.g., refer to …..Security Records”, “security ratings for a particular entity …. based on the historical security ratings ….. the future security ratings of the particular entity ….. the future time period (e.g., a month, quarter, half year, year, etc.) of the particular entity for which the security ratings are being forecasted can correspond to the historical time period (e.g., a month, quarter, half year, year, etc.) …..”) Regarding Claim 10: Gray in view of Light and further in view of Sweeney discloses: The method of claim 9, wherein the at least two security observation types comprise at least one of: a number and/or a severity of botnet infection instances of a computer system; a number of potentially exploited computing devices; (Light, Col.9, line 38-40; “number of potentially exploited devices associated with the entity.”) an evaluation of a Secure Sockets Layer (SSL) certificate and/or a Transport Layer Security (TLS) certificate; an evaluation of a Secure Sockets Layer (SSL) configuration and/or a Transport Layer Security (TLS) configuration; or a number and/or a type of service of open ports of a computer network. Regarding Claim 11: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein determining the aggregated risk feature values for the geographic locations comprises: …. determining at least one of the aggregated risk feature values corresponding to the geographic location by normalizing the …. security …. based on the geographic location. (Gray, Para.0062, Para.0060, Para.0015; “group score for an assessment …. The value after performing the summation may then be normalized … by multiplying…..”, “When ….completes an assessment, scores are generated from their answers to provide an overview of the level of risk in their cyber security …..”, “a geographical location of …. to provide …. inputs to the cyber security questionnaire”) identifying a subset of the second security observations associated with a geographic location of the geographic locations; (Light, Col.6, line 20-25/Col.12, line 50-55/Col.2, line 6-10/Col.1, line 40-45; “security record(s) of an entity….can be of a particular security risk type (also referred to herein as a “risk vector”)”, “a portion …security risk types (also referred to as “risk vectors”)”, “features can include ….. a geographical location of an entity”, “features …. including …. for a particular entity, ….a number of security records for the entity, in which each security record being of a security risk type”) and determining ….. subset of the second security observations based on the geographic location. (Light, Col.12, line 50-55/Col.2, line 6-10/Col.1, line 40-45; “a portion …security risk types (also referred to as “risk vectors”)”, “features can include ….. a geographical location of an entity”, “features …. including …. for a particular entity, ….a number of security records for the entity, in which each security record being of a security risk type”) Regarding Claim 12: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein at least one of the …. risk feature values comprises a continuous numerical value. (Light, Col.13, line 6-10; ”security risk …. ranked numerically”) …. aggregated risk feature values… (disclosed in claim 1) Regarding Claim 13: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein training the cybersecurity risk assessment model comprises applying a machine learning technique (Gray, Para.0028; “techniques utilize machine learning to produce possible answers …. in a cyber security questionnaire for a given vendor”) to (i) the breach indicator values, (Para.0008; “calculating a set of confidence values …. for the cyber security questionnaire”) (ii) the aggregated risk feature values, (Para.0028; “questionnaire to output answers. … from a machine learning model …. to produce possible assessments that are individually scored for risk levels. The scores are then aggregated …. to produce the possible high-risk practices”) and (iii) the firmographic parameter values; (Para.0028; “probability of likelihood based on one or more parameters (e.g., company demographics…. This is then modeled ….. of completed security questionnaires”) Regarding Claim 15: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein training the cybersecurity risk assessment model comprises applying a statistical technique (Gray, Para.0045, Para.0046; “The modeling may include modeling the …. probability distribution of assessment answers ….. ”, “the statistical nature of the model….”) to (i) the breach indicator values, (Para.0008; “calculating a set of confidence values …. for the cyber security questionnaire”) (ii) the aggregated risk feature values, (Para.0028; “questionnaire to output answers. … from a machine learning model …. to produce possible assessments that are individually scored for risk levels. The scores are then aggregated …. to produce the possible high-risk practices”) and (iii) the firmographic parameter values; (Para.0028; “probability of likelihood based on one or more parameters (e.g., company demographics…. This is then modeled ….. of completed security questionnaires”) Regarding Claim 16: Gray in view of Light and further in view of Sweeney discloses: The method of claim 15, wherein the statistical technique comprises at least one of (i) a classical logistic regression technique, (ii) a hierarchical mixed-effect logistic regression technique, or (iii) a Bayesian statistical hierarchical technique. (Gray, Para.0045, Para.0046; “The modeling may include modeling the …. probability distribution of assessment answers ….. a Bayesian network …. utilized to model the data”, “Bayesian networks …. are advantageous to modelling assessment data….”) Regarding Claim 17: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, further comprising: generating, by the cybersecurity risk assessment model, the predictive risk assessment for the first entity of the entities based on the subset of the firmographic parameter values associated with the first entity, wherein the predictive risk assessment is indicative of a future security incident being associated with the first entity during a future time period. (Gray, Para.0117, Para.0103; “the machine learning model may include …. predictive response outputs for the cyber security questionnaire for a first subset of vendors ….. according a first set of weight values corresponding to a set of input parameter values associated with the first subset of vendors…. predictive response outputs for the cyber security questionnaire …”, “techniques for predictive assessments of vendor risk…. to determine or predict future security behaviors”) Regarding Claim 18: Gray in view of Light and further in view of Sweeney discloses: The method of claim 17, wherein the cybersecurity risk assessment model is configured to generate a probability of the future security incident being associated with the first entity during the future time period, wherein the predictive risk assessment comprises the probability. (Gray, Para.0028, Para.0103; “utilize machine learning to produce possible answers …. in a cyber security questionnaire …… each possible answer can be accompanied by a probability of likelihood based on one or more parameters….to provide predictions from a machine learning model ….”, “for predictive assessments of vendor risk….. an ability to ….. predict future security behaviors …..”) Regarding Claim 19: Gray in view of Light and further in view of Sweeney discloses: The method of claim 17, wherein the cybersecurity risk assessment model is configured to generate a categorical assessment of the future security incident being associated with the first entity during the future time period, wherein the predictive risk assessment comprises the categorical assessment. (Gray, Para.0103; “for predictive assessments of vendor risk….. an ability to …. predict future security behaviors, and to more effectively select candidate vendors to maintain security by a business entity”) Regarding Claim 20: Gray in view of Light and further in view of Sweeney discloses: The method of claim 17, wherein a duration of the time period is equivalent to a duration of the future time period. (Light, Col.11, line 18-25; “the future time period (e.g., a month, quarter, half year, year, etc.) of the particular entity for which the security ratings are being forecasted ….. For example, a historical time period of ….security ratings …. used to determine a future four month time period of security ratings for the particular entity”) Claims 2-4 and 14 are rejected under AIA 35 U.S.C. 103 as being unpatentable over Gray et al (US 20240169293 A1) in view of Light et al. (US 10764298 B1) also in view of Sweeney et al. (US 20170213292 A1) and further in view of Thompson et al. (US 20240273227 A1) Regarding Claim 2: Gray in view of Light and further in view of Sweeney discloses: The method of claim 1, wherein ….. first security incident (disclosed in claim 1) …. however, Gray in view of Light and further in view of Sweeney does not explicitly disclose: …. the …. each respective …. security incident dataset comprises (i) a type of the respective …. security incident, (ii) a severity level of the respective ….. security incident, and (iii) a date associated with the respective …..security incident. In an analogous reference Thompson discloses: …. the …. each respective …..security incident dataset comprises (i) a type of the respective …. security incident, (Para.0075, Para.0168; “detecting specific events (e.g., transactions, in-app purchases, ……sending a contract to a vendor,….. differentiate between different types of events”, “in the event of a security incident”) (ii) a severity level of the respective ….. security incident, (Para.0143; “assessing the …. severity of different incident …. and evaluating the potential risks and vulnerabilities”) and (iii) a date associated with the respective …….security incident. (Para.0076, Para.0075, Para.0113; “the events may be organized … by …. timestamp”, “detecting specific events (e.g., transactions, in-app purchases…..through an incident”, “incident …. identifying …. Including…a time stamp, proof of date”) Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Gray in view of Light and further in view of Sweeney’s method for predictively assessing vendor risk by enhancing Gray in view of Light and further in view of Sweeney’s method to include Thompson’s method of protecting data. The motivation: cybersecurity protection includes cybersecurity protection plan corresponding to a cybersecurity attribute to protect the entity which ensures compliance with required cybersecurity measures and technologies, correspond to a verified and authenticated state of the entities' cybersecurity posture and resilience. Regarding Claim 3: Gray in view of Light also in view of Sweeney and further in view of Thompson discloses: The method of claim 2, wherein generating the breach dataset (Thompson, Para.0345; “analyze data related to …. cybersecurity incidents (e.g., data breaches”) is based on the types, the severity levels, and the dates of the first security incidents. (disclosed in Claim 2) Regarding Claim 4: Gray in view of Light also in view of Sweeney and further in view of Thompson discloses: The method of claim 2, wherein generating the breach dataset comprises: for at least one of the first security incidents: (Gray, disclosed in claim 1) ….. comparing…. (ii) a severity level of the first security incident to a threshold severity level, (Gray, Para.0063, Para.0010; “measure how often that confidence is correct …. within a threshold (e.g., a margin of error) …. 50% on the probability of capturing the true score within the margin of error may be used…. calculated using …. Confidence Precision=….”, “a confidence value for the one or more high-risk security behaviors.”) …. generating…. a breach indicator value of the breach indicator values, wherein the breach indicator value is mapped to the …. entity. (Gray, Para.0008, Para.0088; “a set of confidence values for …. the cyber security questionnaire”, “the multiple sets of candidate response inputs for the cyber security questionnaire….a means for identifying….one or more high-risk security behaviors for the vendor”) ……. identifying a second entity of the entities associated with the ….security incident; (Thompson, Para.0264, Para.0275; “generate a set of cybersecurity attributes ….. represents a specific aspect of the entity's cybersecurity. For example, one attribute might be the entity's vulnerability to phishing attacks, while another might be its adherence to data encryption standards”, “…..cybersecurity protection plan ….. Each of these plans is associated ….. specific aspect of the entity's cybersecurity”) comparing (i) a type of the …. security incident to one or more specified types, (Thompson, Para.0316, Para.0275, Para.0057; “for a selected cybersecurity protection plan…… associated with the first third-party”, “a first cybersecurity protection plan offered by a first third-party and a second cybersecurity protection plan offered by a second third-party. Each of these plans is associated ….. specific aspect of the entity's cybersecurity”, “a variety of cybersecurity solutions that the third-party has developed to address different types of threats and vulnerabilities”) ….. and (iii) a date of the …security incident to the time period; (Para.0113; “determined organization incident …. that can metadata identifying …. including….. a time stamp, proof of date”) and generating, based on the comparison, a …. value …… wherein the ….. value (Thompson, Para.0347; “a higher value associated with a higher degree of cybersecurity protection”) is mapped to the second entity. (Para.0348, Para.0275, Para.0002; “a match between cybersecurity protection plans and a group of entities is identified”, “… cybersecurity protection plan ….Each of these plans is associated with the …..specific aspect of the entity's cybersecurity”, “entities such as people or companies have vulnerability that can result in security incidents. Some entities …. offer protections”) Regarding Claim 14: Gray in view of Light also in view of Sweeney and further in view of Thompson discloses: The method of claim 13, wherein the machine learning technique comprises at least one of (i) a deep neural network binary classification technique (Thompson, Para.0105, Para.0112; “a …. machine-learning model …. trained to identify remediation actions based on incident…..Include…. convolutional neural network”, “an organization follows to prepare for a cyber incident …. Readiness levels are calculated by binary completion of the n tasks”) or (ii) a gradient boosted decision tree algorithm. (Para.0268; “modeling … security objectives can involve …. computational algorithms such as…. decision tree analysis”) Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAYEDA SALMA NAHAR whose telephone number is (703)756-4609. The examiner can normally be reached M-F 12:00 PM to 6:00 PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached on (571) 270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAYEDA SALMA NAHAR/Examiner, Art Unit 2435 /BEEMNET W DADA/Primary Examiner, Art Unit 2435
Read full office action

Prosecution Timeline

May 30, 2024
Application Filed
Nov 26, 2025
Non-Final Rejection mailed — §103
Apr 27, 2026
Response Filed
Jun 17, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12627979
METHOD FOR LICENSE-BASED ACCESS NETWORK ACCESS CONTROL INDEPENDENT OF SUBSCRIBER DATA IN A TELECOMMUNICATIONS NETWORK AND TELECOMMUNICATIONS NETWORK THEREOF
4y 1m to grant Granted May 12, 2026
Patent 12537850
CONCEALED MONITOR COMMUNICATIONS FROM A TASK IN A TRUSTED EXECUTION ENVIRONMENT
3y 11m to grant Granted Jan 27, 2026
Patent 12506751
METHOD AND SYSTEM FOR SCORING SEVERITY OF CYBER ATTACKS
3y 7m to grant Granted Dec 23, 2025
Patent 12493681
PUF-RAKE: A PUF-BASED ROBUST AND LIGHTWEIGHT AUTHENTICATION AND KEY ESTABLISHMENT PROTOCOL
3y 8m to grant Granted Dec 09, 2025
Patent 12457490
ON-DEMAND SUBSCRIPTION CONCEALED IDENTIFIER (SUCI) DECONCEALMENT FOR SELECT APPLICATIONS
3y 5m to grant Granted Oct 28, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
74%
Grant Probability
99%
With Interview (+25.0%)
3y 5m (~1y 4m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 35 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month