DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-18 are presented for examination.
Priority
The claim for priority from US Provisional 63/580,440 filed on 5 September 2023 is duly noted.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 7, and 13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) accessing a cascading classification schema, identifying a plurality of Key Risk Indicators, assigning the plurality of KRIs, defining a plurality of data points, determining a plurality of KRI score values, and determining a cascading schema of aggregate scores.
The limitation of accessing a cascading classification schema …, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the processor” language, “accessing a cascading classification schema…” in the context of this claim encompasses the user manually accessing a classification schema. Similarly, the limitation of identifying a plurality of Key Risk Indicators…, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the processor” language, “identifying a plurality of Key Risk Indicators…” in the context of this claim encompasses the user manually identifying Key Risk Indicators. Further, the limitation of assigning the plurality of KRIs…, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the processor” language, “assigning the plurality of KRIs …” in the context of this claim encompasses the user manually assigning KRIs to the lowest level of classification. Also, the limitation of defining a plurality of data points…, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the processor” language, “defining a plurality of data points …” in the context of this claim encompasses the user manually defining data points corresponding to KRIs. Similarly, the limitation of determining a plurality of KRI score values…, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the processor” language, “determining a plurality of KRI score values …” in the context of this claim encompasses the user manually determining KRI scores. Similarly, the limitation of determining a cascading schema of aggregate scores…, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the processor” language, “determining a cascading schema of aggregate scores …” in the context of this claim encompasses the user manually determining a schema of aggregate scores.
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claim only recites using a processor coupled to a non-transitory storage memory to perform the accessing, identifying, assigning, defining, and determining steps. The processor in both steps is recited at a high-level of generality (i.e. as a generic processor performing a generic computer function of accessing a schema) such that it amounts to no more than mere instructions to apply the exception using a generic computer component. Accordingly this additional element does not integrate the abstract idea into a practical application because it does not impose meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the accessing, identifying, assigning, defining, and determining steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
Claims 2-6, 8-12, and 14-18 are rejected for being dependent on a rejected based claim.
Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Alroobaea et al. (US 2023/0308465 A1) discloses a system and method for cyber-security using federated learning-based generative adversarial network.
Barton et al. (US 2025/0080564 A1) discloses a system and method for vulnerability management based on network infrastructure.
Crabtree et al. (US 2025/0175456 A1) discloses a system and method for AI-controlled sensor network for threat mapping and characterization and risk adjusted response.
Doron et al. (US 2016/0261628 A1) discloses a system and method for multi-tiered mitigation of cyber-attacks.
Eyada (EP 2164228 A1) discloses a system and method for hierarchical application of security services with a computer network.
Jones (US 2019/0364073 A1) discloses a system and method for determining the efficacy of computer system security policies.
Kloberdans et al. (CA 2550788 A1) discloses a system and method for telephony extension attack-detection, recording, and intelligent prevention.
Petersen et al. (US 2017/0366561 A1) discloses a system and method for risk based priority processing of data.
Reddy et al. (US 2019/0311367 A1) discloses a system and method for using a data genome to identify suspicious financial transactions.
Yadav et al. (US 2020/0120144 A1) discloses a system and method for multi-dimensional drift nuance intelligence threat engine.
Yampolskiy et al. (US Patent 9,501,647 B2) discloses a system and a method for calculating and benchmarking an entity’s cybersecurity risk score.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 6:30 AM - 3:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARAH SU/Primary Examiner, Art Unit 2431