DISPLAY DEVICE, DISPLAY METHOD, AND RECORDING MEDIUM

§101 §103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the applicant’s filing on 08/21/2024. Claims 1-20 are pending. Claims 1, 9, and 15 are independent. Priority Acknowledgment is made of applicant's claim for foreign priority to JP 2023-150831. Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55. Information Disclosure Statement The information disclosure statement (IDS) submitted on 08/21/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Objections Claims 1, 9, and 15 are objected to because of the following informalities: In claims 1, 9, and 15 “… performing specific setting” should read “… performing specific settings”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 9, and 15 recite “acquire cyberattack information including information of a damaged company by a plurality of cyberattack groups using a dedicated tool or a website browsable by performing specific setting”. It’s unclear whether “using a dedicated tool or a website browsable by performing specific setting” refers to how the company was damaged, or how the acquisition of the information occurs. The dependent claims inherit the defect of the independent claims. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Although each of the claims fall within one of the four statutory categories they are directed to an abstract idea. Claim 1 recites “acquire cyberattack information including information of a damaged company by a plurality of cyberattack groups …”. This limitation of acquiring information, under its broadest reasonable interpretation, is a mental process. As drafted, this is a process that covers the performance of the limitation in the mind but for the recitation of generic computer components. The claim recites a judicial exception. The additional elements of the claim do not integrate the judicial exception into a practical application. The claim recites “a display device comprising at least one memory configured to store instructions and at least one processor configured to execute the instructions to acquire cyberattack information … using a dedicated tool or a website browsable by performing specific setting.” These additional elements amount to no more than mere instructions to apply the exception using a generic computer and/or computer components. The claim also recites the display device …. display the cyberattack information of the plurality of cyberattack groups. This limitation is merely insignificant post solution activity. Hence, the claim is directed to an abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As explained above with respect to integration of the abstract idea into a practical application, the use of a display device, memory, processor and dedicated tool amount to no more than mere instructions to apply the exception using a generic computer and/or computer component. The additional element of “… using … a website browsable by performing specific setting” is merely using the internet to gather data and as such is well-understood, routine, and conventional activity in the art, see MPEP 2106.05(d).II.i “Receiving or transmitting data over a network”. See Berkheimer v. HP, Inc., 881 F.3d 1360, 1368, 125 USPQ2d 1649, 1654 (Fed. Cir. 2018). Therefore, the claim is not patent eligible. Claim 9 is a method that recites steps corresponding to the functions recited in claim 1. Hence, claim 9 is patent ineligible for substantially the same reasons as claim 1. Claim 15 is a computer readable method claim that records a program for causing a computer to execute the functionality recited in claim 1. The use of a generic computer component as a tool to implement the abstract idea does not integrate the exception into a practical application, nor does it amount to significantly more than the abstract idea. Dependent claims 2-8, 10-14, and 16-20 all recite limitations for manipulating data and displaying the result. Hence, these claims recite mental steps and additional elements that are insignificant post solution activity. Hence, these dependent claims are also not patent eligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-2, 9-10, and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over TANIGUCHI et al. (US 2020/0065482; hereinafter “TANIGUCHI”) in view of Paget et al. (US PGPub No. 2023/0081144; hereinafter “Paget”). As per claim 1: TANIGUCHI discloses a display device comprising: at least one memory configured to store instructions (a non-transitory computer-readable storage medium storing a program that cause a processor included in an information processing apparatus to execute a process [TANIGUCHI ¶ 0010, ¶ 0082, Fig. 12]); and at least one processor configured to execute the instructions to (a processor included in an information processing apparatus to execute a process [TANIGUCHI ¶ 0010, ¶ 0082, Fig. 12]): acquire cyberattack information (The cyber threat intelligence collection unit 10 collects various cyber threat intelligences provided by analysts and the like via the Internet and the like and stores the collected cyber threat intelligence in the cyber threat intelligence DB 20 [TANIGUCHI ¶ 0027]) [including information of a damaged company] by a plurality of cyberattack groups (collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034, Examiner’s Note: each intelligence includes threat actor information]) using a dedicated tool or a website browsable by performing specific setting (the cyber threat intelligence collection unit 10 collects various cyber threat intelligences by crawling preset sites on the Internet [TANIGUCHI ¶ 0028, Examiner’s Note: settings being the preset sites]; collects the cyber threat intelligence 11 through the Internet and the like and stores the cyber threat intelligence 11 in the cyber threat intelligence DB 20 [TANIGUCHI ¶ 0073]); and display the cyberattack information (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]) of the plurality of cyberattack groups (collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034]). TANIGUCHI discloses the claimed subject matter as discussed above but does not explicitly disclose including information of a damaged company. However, Paget teaches including information of a damaged company (the business intelligence unit 140 discovers a digital footprint and business data of the entity based on the associated domain name and based on non-intrusively gathered information from a computer network 120 and from various connected data sources 110 [Paget ¶ 0025]; A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]; The adjustments can reduce a vulnerability to ransom attacks of cyber infrastructure associated with the one or more of the entities that are analyzed by the cyber-risk assessment system 100 or the user organization(s) [Paget ¶ 0030]). TANIGUCHI and Paget are analogous art because they are from the same field of endeavor of cyberattack analysis. Therefore, based on TANIGUCHI in view of Paget, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Paget to the system of TANIGUCHI in order to analyze attack information to show how remediation from attacks can result in improved cyber security stance conditions (¶ 0030). Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim. As per claim 2: TANIGUCHI in view of Paget teach all the limitations of claim 1. Furthermore, TANIGUCHI and Paget disclose aggregate a number of cyberattacks for each cyberattack group (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]; collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034]) or each type of damaged company based on the cyberattack information (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]); and display (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]) the number of cyberattacks for each of the cyberattack groups or each of the types (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]; A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]). As per claim 9: TANIGUCHI in view of Paget teach all the limitations of claim 1. The limitations of claim 9 are substantially similar to claim 1 above, and therefore are likewise rejected. As per claim 10: TANIGUCHI in view of Paget teach all the limitations of claim 9. The limitations of claim 10 are substantially similar to claim 2 above, and therefore the claim is likewise rejected. As per claim 15: TANIGUCHI in view of Paget teach all the limitations of claim 1. Furthermore, TANIGUCHI discloses A non-transitory computer-readable recording medium that records a program for causing a computer to execute (a non-transitory computer-readable storage medium storing a program that cause a processor included in an information processing apparatus to execute a process [TANIGUCHI ¶ 0010, ¶ 0082, Fig. 12]): The limitations of claim 15 are substantially similar to claim 1 above, and therefore are likewise rejected. As per claim 16: TANIGUCHI in view of Paget teach all the limitations of claim 15. The limitations of claim 16 are substantially similar to claim 2 above, and therefore the claim is likewise rejected. Claims 3-4, 11-12, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over TANIGUCHI in view of Paget in view of KIM et al. (US PGPub No. 2025/0028825; hereinafter “KIM ‘825”). As per claim 3: TANIGUCHI in view of Paget teach all the limitations of claim 2. Furthermore, TANIGUCHI and Paget disclose aggregate the number of cyberattacks (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]) [for each business type of damaged company] (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027, Examiner’s Note: industry is business type]); and display the number of cyberattacks (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]; evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]) [of each business type]. TANIGUCHI in view of Paget discloses the claimed subject matter as discussed above but does not explicitly disclose for each business type of damaged company; of each business type. However, KIM ‘825 teaches for each business type of damaged company (Here, the analyzed CTI includes a document or a script included in the document, an executable or non-executable file, assembly code converted from the file, function information in the code, or maliciousness according to a CFG instruction sequence, a hash value indicating maliciousness, an attack technique, an attack group, an attack campaign, an attack nation, an attack industry, etc. The analyzed CTI includes visualization information of the above analysis information [KIM ¶ 1050, Examiner’s Note: an attack industry]; information on attack actions and attack groups, attack campaigns related to files, attack nations, attack industries, etc [KIM ¶ 1056]); of each business type (Here, the analyzed CTI includes a document or a script included in the document, an executable or non-executable file, assembly code converted from the file, function information in the code, or maliciousness according to a CFG instruction sequence, a hash value indicating maliciousness, an attack technique, an attack group, an attack campaign, an attack nation, an attack industry, etc. The analyzed CTI includes visualization information of the above analysis information [KIM ¶ 1050]). TANIGUCHI in view of Paget and KIM ‘825 are analogous art because they are from the same field of endeavor of cyberthreat analysis. Therefore, based on TANIGUCHI in view of Paget in view of KIM ‘825, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of KIM ‘825 to the system of TANIGUCHI in view of Paget in order to analyze the common attributes of the attack such as the target industry for appropriate response. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim. As per claim 4: TANIGUCHI in view of Paget teach all the limitations of claim 2. Furthermore, TANIGUCHI and Paget disclose wherein the at least one processor is further configured to execute the instructions to: aggregate the number of cyberattacks (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]; collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034]) for each host country of the damaged company (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]); and display the number of cyberattacks (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]; evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]) [for the each host country]. TANIGUCHI in view of Paget discloses the claimed subject matter as discussed above but does not explicitly disclose display the number of cyberattacks for the each host country. However, KIM ‘825 teaches display the number of cyberattacks for the each host country (Here, the analyzed CTI includes a document or a script included in the document, an executable or non-executable file, assembly code converted from the file, function information in the code, or maliciousness according to a CFG instruction sequence, a hash value indicating maliciousness, an attack technique, an attack group, an attack campaign, an attack nation, an attack industry, etc. The analyzed CTI includes visualization information of the above analysis information [KIM ¶ 1050, Examiner’s Note: an attack industry]; information on attack actions and attack groups, attack campaigns related to files, attack nations, attack industries, etc [KIM ¶ 1056]). TANIGUCHI in view of Paget and KIM ‘825 are analogous art because they are from the same field of endeavor of cyberthreat analysis. Therefore, based on TANIGUCHI in view of Paget in view of KIM ‘825, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of KIM ‘825 to the system of TANIGUCHI in view of Paget in order to analyze the common attributes of the attack such as the country for appropriate response. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim. As per claim 11: TANIGUCHI in view of Paget teach all the limitations of claim 10. The limitations of claim 11 are substantially similar to claim 3 above, and therefore the claim is likewise rejected. As per claim 12: TANIGUCHI in view of Paget teach all the limitations of claim 10. The limitations of claim 12 are substantially similar to claim 4 above, and therefore the claim is likewise rejected. As per claim 17: TANIGUCHI in view of Paget teach all the limitations of claim 16. The limitations of claim 17 are substantially similar to claim 3 above, and therefore the claim is likewise rejected. As per claim 18: TANIGUCHI in view of Paget teach all the limitations of claim 16. The limitations of claim 18 are substantially similar to claim 4 above, and therefore the claim is likewise rejected. Claims 5, 13, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over TANIGUCHI in view of Paget in view of KIM et al. (KR 20210118321 A, citations refer to English translation; hereinafter “KIM ‘321”). As per claim 5: TANIGUCHI in view of Paget teach all the limitations of claim 2. Furthermore, TANIGUCHI and Paget disclose wherein the at least one processor is further configured to execute the instructions to: aggregate the number of cyberattacks (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]; collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034]) for each host country (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]) [of a headquarter of the damaged company]; and display the number of cyberattacks (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]; evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]) for each host country (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]) [of the headquarter]. TANIGUCHI in view of Paget discloses the claimed subject matter as discussed above but does not explicitly disclose of a headquarter of the damaged company; of the headquarter. However, KIM ‘321 teaches of a headquarter of the damaged company (In this case, the security events may have information such as event generation time, IP address, port number, security event name, operation headquarters, and operating company constituting the corresponding event [Kim ‘321, Page 3, 12th para.]; First, when the name of the operating company, the operating headquarters, and the security equipment exists in the event group, in the case of the operating company node [Kim ‘321, Page 7, 10th para.]); of the headquarter (In this case, the security events may have information such as event generation time, IP address, port number, security event name, operation headquarters, and operating company constituting the corresponding event [Kim ‘321, Page 3, 12th para.]; First, when the name of the operating company, the operating headquarters, and the security equipment exists in the event group, in the case of the operating company node [Kim ‘321, Page 7, 10th para.]). TANIGUCHI in view of Paget and KIM ‘321 are analogous art because they are from the same field of endeavor of cyberattack analysis. Therefore, based on TANIGUCHI in view of Paget in view of KIM ‘321, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of KIM ‘321 to the system of TANIGUCHI in view of Paget in order to analyze the common attributes of the attack such as the headquarters for appropriate response. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim. As per claim 13: TANIGUCHI in view of Paget teach all the limitations of claim 10. The limitations of claim 13 are substantially similar to claim 5 above, and therefore the claim is likewise rejected. As per claim 19: TANIGUCHI in view of Paget teach all the limitations of claim 16. The limitations of claim 19 are substantially similar to claim 5 above, and therefore the claim is likewise rejected. Claims 6, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over TANIGUCHI in view of Paget in view of Talbot et al. (US PGPub No. 2022/0294819; hereinafter “Talbot”). As per claim 6: TANIGUCHI in view of Paget teach all the limitations of claim 2. Furthermore, TANIGUCHI and Paget disclose wherein the at least one processor is further configured to execute the instructions to: aggregate the number of cyberattacks of each of the cyberattack groups (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]; collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034]) or each type of damaged company (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]) [a predetermined period of time ago]; and display (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]; evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]) [a difference in the number of cyberattacks from the predetermined period of time ago]. TANIGUCHI in view of Paget discloses the claimed subject matter as discussed above but does not explicitly disclose a predetermined period of time ago; a difference in the number of cyberattacks from the predetermined period of time ago. However, Talbot teaches a predetermined period of time ago (the visual cyber-attack representation details different cyber-attack types in different dialogue boxes and this facilitates the user and/or administrator to visualize, in real-time, a current cyber-attack threat frequency state of an enterprise computing environment. In some embodiment, the visual cyber-attack representation details a likelihood of a cyber-attack, of an enterprise computing environment. The bottom of each dialogue box may have a graph to illustrate the frequencies of each cyber-attack type. Each of the dialogue boxes may also have one or more numeric values 401. In some embodiments, a numeric value 401, by way of example, may be the number of times on an annual basis that cyber-attacks of a cyber-attack type are expected to occur, succeed and/or cause harm. In some embodiments, the numeric value 401 is the cyber-attack event frequency value [¶ 0061]); a difference in the number of cyberattacks from the predetermined period of time ago (the visual cyber-attack representation details different cyber-attack types in different dialogue boxes and this facilitates the user and/or administrator to visualize, in real-time, a current cyber-attack threat frequency state of an enterprise computing environment. In some embodiment, the visual cyber-attack representation details a likelihood of a cyber-attack, of an enterprise computing environment. The bottom of each dialogue box may have a graph to illustrate the frequencies of each cyber-attack type. Each of the dialogue boxes may also have one or more numeric values 401. In some embodiments, a numeric value 401, by way of example, may be the number of times on an annual basis that cyber-attacks of a cyber-attack type are expected to occur, succeed and/or cause harm. In some embodiments, the numeric value 401 is the cyber-attack event frequency value [¶ 0061]). TANIGUCHI in view of Paget and Talbot are analogous art because they are from the same field of endeavor of cyberattack analysis. Therefore, based on TANIGUCHI in view of Paget in view of Talbot, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Talbot to the system of TANIGUCHI in view of Paget in order to analyze the common attributes of the attack such as the time period for appropriate response and prediction. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim. As per claim 14: TANIGUCHI in view of Paget teach all the limitations of claim 10. The limitations of claim 14 are substantially similar to claim 6 above, and therefore the claim is likewise rejected. As per claim 20: TANIGUCHI in view of Paget teach all the limitations of claim 16. The limitations of claim 20 are substantially similar to claim 6 above, and therefore the claim is likewise rejected. Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over TANIGUCHI in view of Paget in view of COSTEA et al. (US PGPub No. 2021/0136089; hereinafter “COSTEA”). As per claim 7: TANIGUCHI in view of Paget teach all the limitations of claim 2. Furthermore, TANIGUCHI and Paget disclose wherein the at least one processor is further configured to execute the instructions to: aggregate the number of cyberattacks for each of the cyberattack groups (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]; collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034]) or each type of damaged company (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]) [in each predetermined period]; and display the number of cyberattacks (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]; evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]) [in each predetermined period]. TANIGUCHI in view of Paget discloses the claimed subject matter as discussed above but does not explicitly disclose in each predetermined period; in each predetermined period. However, COSTEA teaches in each predetermined period (he clusters of instances of the cyberattack can be analyzed, based on visualizations and interpretations of cluster segments of the instance of the activity (e.g., cyberattack segments), to generate multi-attribute cluster-identifiers. For example, by clustering emails in a single cyberattack campaign over a period of time (e.g., days, weeks, months, etc.), malicious activity management operations can assist in determining the nature of the cyberattack and its impact. Features of a campaign, such as IOCs, spanning a large dataset are identified and showcase a cybercriminal's infrastructure used for email sending and payload hosting [¶ 0033]); in each predetermined period (he clusters of instances of the cyberattack can be analyzed, based on visualizations and interpretations of cluster segments of the instance of the activity (e.g., cyberattack segments), to generate multi-attribute cluster-identifiers. For example, by clustering emails in a single cyberattack campaign over a period of time (e.g., days, weeks, months, etc.), malicious activity management operations can assist in determining the nature of the cyberattack and its impact. Features of a campaign, such as IOCs, spanning a large dataset are identified and showcase a cybercriminal's infrastructure used for email sending and payload hosting [¶ 0033]). TANIGUCHI in view of Paget and COSTEA are analogous art because they are from the same field of endeavor of cyberattack analysis. Therefore, based on TANIGUCHI in view of Paget in view of COSTEA, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of COSTEA to the system of TANIGUCHI in view of Paget in order to analyze the common attributes of the attack such as specific time periods for effective response and further detection. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over TANIGUCHI in view of Paget in view of FALKOWITZ et al. (US PGPub NO. 2016/0134648; hereinafter “FALKOWITZ”). As per claim 8: TANIGUCHI in view of Paget teach all the limitations of claim 2. Furthermore, TANIGUCHI and Paget disclose wherein the at least one processor is further configured to execute the instructions to: aggregate [a cumulative number] of the number of cyberattacks for each of the cyberattack groups (evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]; collects various cyber threat intelligences [TANIGUCHI ¶ 0027, Examiner’s Note: plural intelligences]; explaining the cyber threat intelligence … Structured Threat Information eXpression (STIX) … eight information groups … cyberattack activities (Campaigns), attackers (Threat_Actors) [TANIGUCHI ¶ 0029]; in an area 11/ sandwiched by tags of "Threat_Actors", information regarding a person/organization for contributing to the cyberattack is individually described from viewpoints of a type of the attacker of the cyberattack, synchronization of the attacker, a skill of the attacker, an intention of the attacker … an account of a social network service [TANIGUCHI ¶ 0034]) or each of the types (A ransomware attacks database 130 stores statistical information related to real ransomware attacks, for example, the industry, size, country, and digital footprint of the target organization, the attack method, the cyber identity of the attacker, etc., that is generated using the non-intrusively gathered information from the computer network 120 and from the data sources 110 [Paget ¶ 0027]) [from a predetermined time]; and display (Outputs the evaluation results … to a file, a display, and the like [TANIGUCHI ¶ 0060]; The monitor 103 displays, for example, various screens operated by the operator [TANIGUCHI ¶ 0081]; evaluates the number of types of the cyberattacks (campaign and malware) in which the element appears regarding each element indicating the feature of the cyberattack such as the observable (IP, domain, hash value, and the like) [TANIGUCHI ¶ 0036-0037]) [the cumulative number]. TANIGUCHI in view of Paget discloses the claimed subject matter as discussed above but does not explicitly disclose a cumulative number of the cyberattacks from a predetermined time; the cumulative number. However, FALKOWITZ teaches a cumulative number of the cyberattacks from a predetermined time (The operations of block 236, 238 may comprise generating and displaying data at a user computer or workstation that is coupled to security control computer 120 for the purpose of trend analysis, geographic analysis, or other reporting relating to threats. For example, risk reports relating to a particular enterprise computer 112 or compromised computer 106 may be generated that catalog all threats that have been identified. Other reports or graphics may indicate total attacks by geographic location, total attacks of different types by hour, day or other period [¶ 0099]); the cumulative number (The operations of block 236, 238 may comprise generating and displaying data at a user computer or workstation that is coupled to security control computer 120 for the purpose of trend analysis, geographic analysis, or other reporting relating to threats. For example, risk reports relating to a particular enterprise computer 112 or compromised computer 106 may be generated that catalog all threats that have been identified. Other reports or graphics may indicate total attacks by geographic location, total attacks of different types by hour, day or other period [¶ 0099]). TANIGUCHI in view of Paget and FALKOWITZ are analogous art because they are from the same field of endeavor of attack analysis. Therefore, based on TANIGUCHI in view of Paget in view of FALKOWITZ, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of FALKOWITZ to the system of TANIGUCHI in view of Paget in order to analyze the common attributes of the attack such as a cumulative number of attacks in a time period for effective response and further detection. Hence, it would have been obvious to combine the references above to obtain the invention as specified in the instant claim. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES P MOLES whose telephone number is (703)756-1043. The examiner can normally be reached M-F 8:00am-5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAMES P MOLES/Examiner, Art Unit 2494 /JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494