DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This action is responsive to Applicant’s claims filed 01/05/2026.
Claims 1-2 and 4-12 are currently pending.
Claims 4-12 are withdrawn from consideration.
Claim 3 has been canceled.
Claim 1 has been amended.
Response to Arguments
Applicant's arguments, see pages 7-13 of Applicant’s Response, filed 01/05/2026, with respect to the 35 U.S.C. 101 rejections, have been fully considered but they are not persuasive.
Applicant argues, on pages 9 and 11, that the claims do not recite certain methods of organizing human activity since the claims do not recite any commercial interaction between a cybersecurity and a customer. Examiner respectfully disagrees. Examiner respectfully notes that paragraphs [0004, 21, 24] of the present invention clearly notes that the invention is used for, and geared toward cyber security risk assessments of and for businesses. As such, the categorization of the claims as reciting certain methods of organizing human activity including business relations and sales activities is not merely “hypothetical,” but rather holds direct correlation to the invention at hand. Applicant’s arguments are therefore unpersuasive.
Applicant next argues, on page11, that the newly added limitation of recording an aggregate loss distribution associated with a cyberattack in a dynamic client-server network architecture while accounting for a level of cybersecurity protection currently in effect in the architecture cannot be said to recite certain methods of organizing human activity or mental processes. Examiner respectfully notes that a human could indeed record an aggregate loss associated with a cyberattack which occurs in this type of environment by merely writing down an aggregate loss which accounts for current levels of protection. Applicant’s arguments are therefore unpersuasive.
Applicant next argues, on page 11, that the modeling a dynamic client-server network architecture as a random star graph cannot be performed by hand since it would not be possible for a human to model a dynamic architecture due to the complexity and virtual nature of the architecture. Examiner respectfully disagrees. Setting aside the fact that the broadest reasonable interpretation of the term dynamic does not indicate that it moves so fast that a human could not model it, and setting aside the fact that nothing is recited in the claims which operates in a “virtual” manner, the mere fact that a model is complex or would take a human an inordinate amount of time does not preclude a limitation from reciting an abstract idea. Calculations or modeling which can be performed by hand, which are sped up through the use of the capabilities of a general purpose computer still recite abstract ideas. Applicant’s arguments are therefore unpersuasive.
Applicant argues, on pages 12-13, that the claims improve the functioning of a computer by allowing the claimed systems to account for the evolution of a cyberattack on a constantly evolving network. Examiner respectfully disagrees. Setting aside the fact that nothing in the claims indicates that the network is constantly evolving, the entirety of the claimed limitations could be performed by hand (a mental process). The claims do no more than require the implementation of such on a generic computer component. Furthermore, if practiced by hand, the claims would bring about the same simulated end result and calculated sizes and losses. As such, the claims are directed to an improvement in the abstract idea itself, rather than to any computer component or technology. An improvement in the abstract idea itself (e.g. a recited fundamental economic concept) is not an improvement in technology. MPEP 2106.05(a)(II). Applicant’s arguments are therefore unpersuasive.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-2 are rejected under 35 U.S.C. § 101. The claims are drawn to ineligible patent subject matter, because the claims are directed to a recited judicial exception to patentability (an abstract idea), without claiming something significantly more than the judicial exception itself.
Claims are ineligible for patent protection if they are drawn to subject matter which is not within one of the four statutory categories, or, if the subject matter claimed does fall into one of the four statutory categories, the claims are ineligible if they recite a judicial exception, are directed to that judicial exception, and do not recite additional elements which amount to significantly more than the judicial exception itself. Alice Corp. v. CLS Bank Int'l, 375 U.S. ___ (2014). Accordingly, claims are first analyzed to determine whether they fall into one of the four statutory categories of patent eligible subject matter. Then, if the claims fall within one of the four statutory categories, it must be determined whether the claims are directed to a judicial exception to patentability (i.e., a law of nature, a natural phenomenon, or an abstract idea). In determining whether a claim is directed to a judicial exception, the claim is first analyzed to determine whether the claim recites a judicial exception. If the claim does not recite one of these exceptions, the claim is directed to patent eligible subject matter under 35 U.S.C. 101. If the claim recites one of these exceptions, the claim is then analyzed to determine whether the claim recites additional elements that integrate the exception into a practical application of that exception. Claims which integrate the exception into a practical application of that exception are directed to patent eligible subject matter under 35 U.S.C. 101. If the claim fails to integrate the exception into a practical application of that exception, the claim is directed to an abstract idea. Finally, if the claims are directed to a judicial exception to patentability, the claims are then analyzed determine whether the claims are directed to patent eligible subject matter by reciting meaningful limitations which transform the judicial exception into something significantly more than the judicial exception itself. If they do not, the claims are not directed towards eligible subject matter under 35 U.S.C. § 101.
Regarding independent claim 1 the claim is directed to one of the four statutory categories (a machine). The claimed invention of independent claim 1 is directed to a judicial exception to patentability, an abstract idea. The claims include limitations which recite elements which can be properly characterized under at least one of the following groupings of subject matter recognized as abstract ideas by MPEP 2106.04(a):
Mathematical Concepts: mathematical relationships, mathematical formulas or equations, and mathematical calculations;
Certain methods of organizing human activity: fundamental economic principles or practices (including hedging, insurance, mitigating risk); commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations); managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions); and
Mental processes: concepts performed in the human mind (including an observation, evaluation, judgment, opinion)
Claim 1, as a whole, recites the following limitations:
record an aggregate loss distribution associated with a cyberattack in a dynamic client-server network architecture having an at least one client type while accounting for a level of cybersecurity protection currently in effect in the client-server network architecture, (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment could record an aggregate loss distribution associated with a cyber attack of this type while accounting for a level of current protection; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers)
models a plurality of times at which the cyberattack occurs; (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment model a plurality of times at which an attack occurs; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers)
models the dynamic client-server network architecture as a random star graph including a plurality of nodes connected by a plurality of edges, wherein the plurality of nodes represents a plurality of clients and a central server at the times at which the cyberattack occurs, wherein each client of the plurality of clients includes a client type and each edge of the plurality of edges includes both a probability of infection from the central server to a client and a probability of infection from the client to the central server; (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment create a random star graph of this type; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers)
attaches a dynamic value of cost to each node in the plurality of nodes as a local random cost sampled from a cost distribution selected from a plurality of cost distributions, wherein the cost distribution is dependent on the client type; (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment attach values of costs to nodes as a local random cost sampled from a selected cost distribution dependent upon a client type; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers)
simulates a contagion of a client-server network via an oriented bond percolation process on the random star graph, wherein the simulation accounts for a level of cybersecurity protection currently in effect within the client-server network architecture by varying the probability of infection from the central server to a client and the probability of infection from the client to the central server; (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment simulate a contagion via an oriented bond percolation process on the graph, wherein the simulation accounts for probabilities of infection in both directions based on current levels of cybersecurity; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers)
calculates a peripheral size of the contagion starting from a random node; (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment could calculate a peripheral size a contagion; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers; alternatively still, the broadest reasonable interpretation of this limitation recites mathematical concepts since it is so broad as to encompass any mathematical formula or operation for performing this calculation)
calculates a peripheral loss and a central loss using the peripheral size of the contagion; (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment could calculate a peripheral loss and a central loss using a peripheral size of a contagion; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers; alternatively still, the broadest reasonable interpretation of this limitation recites mathematical concepts since it is so broad as to encompass any mathematical formula or operation for performing this calculation)
calculates a the aggregate loss and a variation of the aggregate loss due to the cyberattack using the random star graph, the peripheral loss, and the central loss. (claim 1; the broadest reasonable interpretation of this limitation recites mental processes since a human using their mind, pen and paper, and simple observation, evaluation, and judgment could calculate a total loss and a variation thereof using these factors; alternatively, the broadest reasonable interpretation of this limitation recites certain methods of organizing human activity in the form of commercial interactions such as business relations and sales activities since commercial cyber security companies would perform this step in performing cyber security services for their customers; alternatively still, the broadest reasonable interpretation of this limitation recites mathematical concepts since it is so broad as to encompass any mathematical formula or operation for performing this calculation)
Moving forward, the above recited abstract idea is not integrated into a practical application.
The added limitations do not represent an integration of the abstract idea into a practical application because:
the claims represent mere instructions to implement an abstract idea on a computer, and merely use a computer as a tool to perform an abstract idea. See MPEP 2106.05(f).
the claims merely add insignificant extra-solution activity to the judicial exception (activity which can be characterized as incidental to the primary purpose or product that is merely a nominal or tangential addition to the claim). See MPEP 2106.05(g) and/or
the claims represent mere general linking of the use of the judicial exception to a particular technological environment or field of use. See MPEP 2016.05(h)
Beyond those limitations which recite the abstract idea, the following limitations are added:
A system for calculating aggregate loss distribution for cyber risk in the class of client-server network architecture, comprising: (claim 1; the broadest reasonable interpretation of this limitation represents mere instructions to implement the abstract idea on a generic computer used as a tool in its ordinary capacity; alternatively, the broadest reasonable interpretation of this limitation represents mere general linking of the abstract idea to a particular computer environment or field of use)
a processor configured to perform one or more processes; (claim 1; the broadest reasonable interpretation of this limitation represents mere instructions to implement the abstract idea on a generic computer used as a tool in its ordinary capacity; alternatively, the broadest reasonable interpretation of this limitation represents mere general linking of the abstract idea to a particular computer environment or field of use)
and a machine-readable storage medium storing instructions executable by the processor to (claim 1; the broadest reasonable interpretation of this limitation represents mere instructions to implement the abstract idea on a generic computer used as a tool in its ordinary capacity; alternatively, the broadest reasonable interpretation of this limitation represents mere general linking of the abstract idea to a particular computer environment or field of use)
The claims, as a whole, are directed to the abstract idea(s) which they recite. The claim limitations do not present improvements to another technological field, nor do they improve the functioning of a computer or another technology. Nor do the claim limitations apply the judicial exception with, or by use of a particular machine. The claims do not effect a transformation or reduction of a particular article to a different state or thing. See MPEP 2106.05(c). None of the hardware in the claims "offers a meaningful limitation beyond generally linking 'the use of the [method] to a particular technological environment' that is, implementation via computers” such that the claim as a whole is more than a drafting effort designed to monopolize the exception. See MPEP 2106.05(e); Alice Corp. v. CLS Bank Int’l (citing Bilski v. Kappos, 561 U.S. 610, 611 (U.S. 2010)). Therefore, because the claims recite a judicial exception (an abstract idea) and do not integrate the judicial exception into a practical application, the claims, as a whole, are directed to the judicial exception.
Turning to the final prong of the test (Step 2B), independent claim 1 does not include additional elements that are sufficient to amount to significantly more than the judicial exception, because there are no meaningful limitations which transform the exception into a patent eligible application.
As outlined above, the claim limitations do not present improvements to another technological field, nor do they improve the functioning of a computer or another technology. Nor do the claim limitations apply the judicial exception with, or by use of a particular machine. The claims do not effect a transformation or reduction of a particular article to a different state or thing. See MPEP 2106.05(c). None of the hardware in the claims "offers a meaningful limitation beyond generally linking 'the use of the [method] to a particular technological environment' that is, implementation via computers” such that the claim as a whole is more than a drafting effort designed to monopolize the exception. See MPEP 2106.05(e); Alice Corp. v. CLS Bank Int’l (citing Bilski v. Kappos, 561 U.S. 610, 611 (U.S. 2010)).
Furthermore, no specific limitations are added which represent something other than what is well-understood, routine, and conventional activity in the field. See MPEP 2106.05(d). Besides performing the abstract idea itself, the generic computer components only serve to perform the court-recognized well-understood computer functions of receiving or transmitting data over a network, performing repetitive calculations, electronic record keeping, and storing and retrieving information in memory. See MPEP 2106.05(d). Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. Their collective functions merely provide conventional computer implementation. The specification details any combination of a generic computer system program to perform the method. Generically recited computer elements do not add a meaningful limitation to the abstract idea because they would be routine in any computer implementation and because the Alice decision noted that generic structures that merely apply the abstract ideas are not significantly more than the abstract ideas. Therefore, independent claim 1 is rejected under 35 U.S.C. §101 as being directed to ineligible subject matter.
Claim 2 recites the same abstract idea as their respective independent claims.
The following additional features are added in the dependent claims:
Claim 2:
wherein the system is industry independent.
The broadest reasonable interpretation of this limitation merely alters the type of system used in the abstract idea above, and therefore further recites one or more abstract ideas for the reasons outlined above.
The above limitations do not represent a practical application of the recited abstract idea. The claim limitations do not present improvements to another technological field, nor do they improve the functioning of a computer or another technology. Nor do the claim limitations apply the judicial exception with, or by use of a particular machine. The claims do not effect a transformation or reduction of a particular article to a different state or thing. See MPEP 2106.05(c). None of the hardware in the claims "offers a meaningful limitation beyond generally linking 'the use of the [method] to a particular technological environment' that is, implementation via computers” such that the claim as a whole is more than a drafting effort designed to monopolize the exception. See MPEP 2106.05(e); Alice Corp. v. CLS Bank Int’l (citing Bilski v. Kappos, 561 U.S. 610, 611 (U.S. 2010)). Therefore, because the claims recite a judicial exception (an abstract idea) and do not integrate the judicial exception into a practical application, the claims are also directed to the judicial exception.
Furthermore, the added limitations do not direct the claim to significantly more than the abstract idea. No specific limitations are added which represent something other than what is well-understood, routine, and conventional activity in the field. See MPEP 2106.05(d). Accordingly, claim 1, individually, or as an ordered combination, is not directed to patent eligible subject matter under 35 U.S.C. 101.
Please see MPEP §2106.05(d)(II) for a discussion of elements that the Courts have recognized as well-understood, routine, conventional, activity in particular fields.
Please see MPEP §2106 for examination guidelines regarding patent subject matter eligibility.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EMMETT K WALSH whose telephone number is (571)272-2624. The examiner can normally be reached Mon.-Fri. 6 a.m. - 4:45 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Resha Desai can be reached at 571-270-7792. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EMMETT K. WALSH/Primary Examiner, Art Unit 3628