AUTOMATED SERVICE TICKET GENERATION

§103 §DP

DETAILED ACTION The following is a Final Office action in response to applicants’ amendment and remarks filed on 02/12/2026. Claims 1-10, 13, 14, 16, 18, and 19 have been amended, and new Claim 21 has been added. Claim 11 has been canceled. Therefore, Claims 1-10 and 12-21 are currently pending and have been considered as follows. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments In light of the amendment to Claims 3, 4, 13, and 14, the 35 U.S.C. 112(b) rejection of Claims 3, 4, 13, and 14 is withdrawn. The nonstatutory obviousness-type double patenting rejection of Claims 1-10 and 12-20 is maintained as no terminal disclaimer has yet been filed. Applicants’ amendment of independent Claims 1, 10, and 16 incorporating some but not all of the features of dependent claims 7 and 8 has newly changed the scope of the claimed invention. Therefore, applicants’ arguments on page 10 of the remarks filed 02/12/2026 have been fully considered but are moot because the amendment necessitates new ground(s) of rejection where applicants’ arguments do not apply to the updated reference(s) for any teaching or matter specifically challenged in the argument. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Parent Patent No. 12,107,894 B1 Claims 1-10 and 12-21 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1-9, 11, 13, 15-17, and 20 of parent U.S. Patent No. 12, 107,894 B1 (common inventive entity and assignee). Although the conflicting claims are not identical, they are not patentably distinct from each other because it is clear that all the elements of the instant application claims 1-10 and 12-21 are to be found in parent patent claims 1-9, 11, 13, 15-17, and 20. The difference between the application claim and the patent claim lies in the fact that the patent claim includes more elements and is more specific. Thus, the invention of claims 1-9, 11, 13, 15-17, and 20 of the patent is in effect a “species” of the “generic” invention of the instant application claims 1-10 and 12-21. It has been held that the generic invention is “anticipated” by the “species”. See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993). The following Claims Comparison Table illustrates the anticipatory relationship of the claims at issue. Claims Comparison Table Instant Application: 18/817,587 U.S. Patent No. 12,107,894 B1 (common inventive entity and assignee) Claim 1: A system, comprising: one or more processors; and computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time, wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message; generating an executable command to generate a ticket associated with the asset, the executable command including at least a portion of the risk data; providing the executable command to a second device; receiving, from the second device and in response to providing the executable command to the second device, a first ticket associated with the asset, the first ticket including a unique identifier; and outputting the unique identifier. Claim 1: A system comprising: a display; one or more processors; and computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: receiving, from a first computing device via an electronic mail message and via an information technology asset management (ITAM) application, risk data identifying an asset that will be out of compliance with a policy or a regulation within a period of time; receiving an input associated with access to a second computing device; generating, by the ITAM application and based at least in part on the input, a command to generate a service ticket associated with the asset, the command including at least a portion of the risk data; sending the command to the second computing device; receiving a first service ticket from the second computing device, the first service ticket being associated with the asset, and the first service ticket including a unique identifier; and causing, by the ITAM application, at least the unique identifier to be presented on the display. Claim 6: The system of claim 1, the operations further comprising: determining that the asset comprises a hardware asset; and determining the risk data based at least in part on a document attached to the electronic mail message. Claim 2: The system of claim 1, wherein the unique identifier is output via a display operably connected to the one or more processors. Claim 1: … via an information technology asset management (ITAM) application… causing, by the ITAM application, at least the unique identifier to be presented on the display. Claim 3: The system of claim 1, the operations further comprising: determining, based at least in part on the risk data, a user associated with the asset; and transmitting at least one of the unique identifier or the first ticket to a third computing device associated with the user. Claim 2: The system of claim 1, the operations further comprising: determining, based at least in part on the risk data, a user associated with the asset; and sending at least one of the unique identifier or the service ticket to a third computing device associated with the user. Claim 4: The system of claim 3, the operations further comprising: determining, based at least in part on the first ticket, a mitigation task that will bring the asset into compliance with the predetermined requirement; and causing a display of the third computing device to display the mitigation task in association with the unique identifier or the first ticket. Claim 3: The system of claim 1, the operations further comprising: determining, based at least in part on the risk data, a user associated with the asset; determining, based at least in part on the first service ticket, a mitigation task that will bring the asset into compliance with the policy or the regulation; and causing a display associated with a third computing device associated with the user to identify the mitigation task. Claim 5: The system of claim 4, the operations further comprising: receiving, from the third computing device, an indication that the mitigation task has been completed; and providing the indication to the second device. Claim 4: The system of claim 3, the operations further comprising: receiving, from the third computing device, an indication that the mitigation task has been completed; and sending the indication to the second computing device. Claim 6: The system of claim 1, wherein the risk data comprises first risk data associated with the asset, and the asset will be out of compliance with the predetermined requirement at a first time, the operations further comprising: receiving, from the first device at a second time, second risk data associated with the asset, wherein the second risk data comprises an indication that the asset is out of compliance with the predetermined requirement; receiving a second input indicating access credentials to a third computing device associated with generating service tickets for non-compliant assets; generating, based at least in part on the second risk data, a second command to generate a second service ticket associated with the asset, the second command including at least a portion of the second risk data; transmitting, using the second input, the second command to the third computing device; and receiving the second service ticket from the third computing device, the second service ticket comprising a record of non-compliance with the predetermined requirement. Claim 5: The system of claim 1, wherein the risk data comprises first risk data associated with the asset, and the asset will be out of compliance with the policy or the regulation at a first time, the operations further comprising: receiving, from the first computing device at a second time, second risk data associated with the asset, wherein the second risk data comprises an indication that the asset is out of compliance with the policy or the regulation; receiving a second input associated with access to a third computing device associated with generating service tickets for non-compliant assets; generating, by the ITAM application and based at least in part on the second input, a second command to generate a second service ticket associated with the asset, the second command including at least a portion of the second risk data; sending the second command to the third computing device; and receiving the second service ticket from the third computing device, the second service ticket comprising a record of non-compliance with the policy or the regulation. Claim 7: The system of claim 1, the operations further comprising: determining that the asset comprises a hardware asset, wherein the risk data is determined based at least in part on the document. Claim 6: The system of claim 1, the operations further comprising: determining that the asset comprises a hardware asset; and determining the risk data based at least in part on a document attached to the electronic mail message. Claim 8: The system of claim 1, the operations further comprising: determining that the asset comprises a software asset, wherein the risk data is determined based at least in part on accessing the hyperlink. Claim 7: The system of claim 1, the operations further comprising: determining that the asset comprises a software asset; accessing a hyperlink in a text of the electronic mail message; and determining the risk data based at least in part on the hyperlink. Claim 9: The system of claim 1, wherein the portion of the risk data comprises at least one of: an identifier associated with a user; a type of asset associated with the asset; or a policy or a regulation associated with the predetermined requirement. Claim 8: The system of claim 1, wherein the at least the portion of the risk data comprises at least one of: an identifier associated with a user; a type of asset associated with the asset; or the policy or the regulation associated with the risk data. Claim 10: A method, comprising: determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time; wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message; generating an executable command to generate a ticket associated with the asset, the executable command including at least a portion of the risk data; providing the executable command to a second device; receiving, from the second device and in response to providing the executable command to the second device, a first ticket associated with the asset, the first ticket including a unique identifier; and outputting the unique identifier. Claim 9: A method, comprising: receiving, from a first computing device via an electronic mail message and via a network, risk data identifying an asset that is at risk of being out of compliance with a policy or a regulation within a period of time; receiving an input associated with access to a second computing device; generating, by an information technology asset management (ITAM) application and based at least in part on the input, a command to generate a service ticket associated with the asset, the command including at least a portion of the risk data; sending the command to the second computing device; receiving a first service ticket, from the second computing device via the network, the first service ticket being associated with the asset, and the service ticket including a unique identifier; and causing, by the ITAM application, at least the unique identifier to be presented on a display associated with the ITAM application. Claim 12: The method of claim 10, wherein the portion of the risk data comprises at least one of: an identifier associated with a user; a type of asset associated with the asset; or a policy or a regulation associated with the risk data. Claim 8: … wherein the at least the portion of the risk data comprises at least one of: an identifier associated with a user; a type of asset associated with the asset; or the policy or the regulation associated with the risk data. Claim 13: The method of claim 10, further comprising: determining, based at least in part on the risk data, a user associated with the asset; and transmitting at least one of the unique identifier or the first ticket to a third computing device associated with the user. Claim 13: The method of claim 9, further comprising: determining, based at least in part on the risk data, a user associated with the asset; determining, based at least in part on the service ticket, a mitigation task that will bring the asset into compliance with the policy or the regulation within the period of time; and causing a display associated with a third computing device associated with the user to identify the mitigation task. Claim 14: The method of claim 10, further comprising: determining, based at least in part on the risk data, a user associated with the asset; determining, based at least in part on the first ticket, a mitigation task that will bring the asset into compliance with the predetermined requirement, the predetermined requirement comprising a policy or a regulation; and causing a display of a third device associated with the user to display the mitigation task. Claim 13: The method of claim 9, further comprising: determining, based at least in part on the risk data, a user associated with the asset; determining, based at least in part on the service ticket, a mitigation task that will bring the asset into compliance with the policy or the regulation within the period of time; and causing a display associated with a third computing device associated with the user to identify the mitigation task. Claim 15: The method of claim 14, further comprising: receiving, from the third device, an indication that the mitigation task has been completed; and sending the indication to the second device. Claim 4: … receiving, from the third computing device, an indication that the mitigation task has been completed; and sending the indication to the second computing device. Claim 16: A method comprising: determining, by a processor, and based on a message from a first device received by an application, risk data associated with an asset that is out of compliance with a predetermined requirement, wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message; generating, by the processor and based at least in part on receiving an input, an executable command to generate a ticket associated with the asset, the command including at least a portion of the risk data receiving, by the processor and from a second device and in response to sending the command to the second device, a first ticket associated with the asset, the first ticket including a unique identifier; and outputting, by the processor and via the application, at least the unique identifier. Claim 15: A method, comprising: receiving, from a first computing device via an electronic mail message and via a network, risk data associated with an asset that is out of compliance with a policy or a regulation, the asset comprising a hardware asset or a software asset; receiving an input associated with access to a second computing device; generating, by an information technology asset management (ITAM) application and based at least in part on the input, a command to generate a service ticket associated with the asset, the command including at least a portion of the risk data including whether the asset comprises the hardware asset or the software asset; sending the command to the second computing device; receiving a first service ticket from the second computing device via the network, the first service ticket being associated with the asset, and the service ticket including a unique identifier; and causing, by the ITAM application, at least the unique identifier to be presented on a display associated with the ITAM application. Claim 16: The method of claim 15, further comprising: determining that the asset comprises the hardware asset; and determining the risk data based at least in part on a document attached to the electronic mail message. Claim 17: The method of claim 16, wherein the application comprises an information technology asset management application and wherein the unique identifier is output via a display of the first device. Claim 15: … an information technology asset management (ITAM) application… the unique identifier to be presented on a display… Claim 18: The method of claim 16, further comprising: determining that the asset comprises a hardware asset, wherein the risk data is determined based at least in part on the document. Claim 16: The method of claim 15, further comprising: determining that the asset comprises the hardware asset; and determining the risk data based at least in part on a document attached to the electronic mail message. Claim 19: The method of claim 16, further comprising: determining that the asset comprises a software asset, wherein the risk data is determined based at least in part on accessing the hyperlink. Claim 17: The method of claim 15, further comprising: determining that the asset comprises the software asset; accessing a hyperlink in a text of the electronic mail message; and determining the risk data based at least in part on the hyperlink. Claim 20: The method of claim 16, wherein the risk data further comprises one or more of an asset identifier, an asset user identifier associated with a user, or a deadline associated with compliance. Claim 20: The method of claim 15, wherein the risk data further comprises one or more of an asset identifier, an asset user identifier associated with a user, or a deadline associated with compliance. Claim 21: The method of claim 10, wherein the risk data is first risk data, and the asset will be out of compliance with the predetermined requirement at a first time, the method further comprising: receiving, from the first device at a second time, second risk data associated with the asset, wherein the second risk data comprises an indication that the asset is out of compliance with the predetermined requirement; receiving a second input indicating access credentials to a third computing device associated with generating service tickets for non-compliant assets; and accessing, based at least in part on the second input, the third computing device to generate second service ticket associated with the asset, the second service ticket comprising a record of on-compliance of the asset with the predetermined requirement. Claim 11: The method of claim 9, wherein the risk data comprises first risk data associated with the asset that is at risk of being out of compliance at a first time, the method further comprising: receiving, from the first computing device at a second time, second risk data associated with the asset, wherein the second risk data comprises an indication that the asset is out of compliance with the policy or the regulation; receiving a second input associated with access to a third computing device associated with generating service tickets for non-compliant assets; generating, by the ITAM application and based at least in part on the second input, a second command to generate a second service ticket associated with the asset, the second command including at least a portion of the second risk data; sending the second command to the third computing device; and receiving the second service ticket from the third computing device, the second service ticket comprising a record of non-compliance with the policy or the regulation. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-5, 9, 10, 12-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over CARD et al. (US 20150347751 A1, IDS submitted 08/28/2024, hereinafter Card) in view of Angus et al. (US 20160099969 A1, hereinafter Angus), and further in view of Jakobsson (US 20180091453 A1). As to Amended Claim 1: Card discloses a system (e.g. Card “Systems and methods are provided which enable client environments, such as corporate and government enterprises, to adopt an integrated, strategic approach to governance, risk and compliance… An advanced security information and event management system, also referred to as an information assurance portal (IAP)” [Abstract]), comprising: one or more processors (e.g. Card processor [0069]); and computer-readable media storing computer-executable instructions (e.g. Card “Computer storage media may include volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules” [0155]) that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: generating an executable command to generate a ticket associated with the asset, the executable command including at least a portion of the risk data (e.g. Card “The leaf node 52, when located within the client environment 10 sends event objects in a secure manner over the internet 18 or other available communication connection to the hub 40. The hub 40 performs authentication and reporting services and communicates with a ticketing component 42 to identify, track, and resolve security threats, initiate remediation of a security breach, communicate with IT agents within the client environment 10, etc. The ticketing component 42 enables security analysts to be engaged in the monitoring and remediation and may also include automated processes, e.g., for communicating with the client environment 10 to identify threats, escalate threats, etc” [0060]; “At 108 the leaf node 52 detects a notification of a threat, generated in the processing performed at 106, and sends the notification to the hub 40 at 110. The hub 40 receives the notification at 112 and acknowledges receipt of the notification” [0070]); providing the executable command to a second device (e.g. Card “The hub 40 may then authenticate the message at 114 and send the notification for ticketing at 116”” [0070]); receiving, from the second device and in response to providing the executable command to the second device, a first ticket associated with the asset, the first ticket including a unique identifier (e.g. Card “The ticketing component 42 creates a ticket associated with the notification at 120 and enables the potential threat to be monitored at 122, e.g., by enabling a security analyst to access and view the ticket and/or be assigned to a ticket” [0070]; [0099] TABLE 5 “Message ID 16 UUID that uniquely identifies this particular message. Each message must have a UUID”); But Card does not specifically disclose: determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time; wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message; outputting the unique identifier. However, the analogous art Angus does disclose determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time and outputting the unique identifier (e.g. Angus “receiving an authentication certificate in response to the compliance authenticator verifying the configuration information complies with the policy. The authentication certificate expires after a predetermined period of time” [Abstract]; “the notification module 306 may send compliance check notifications… the notification module 306 presents a message that the authentication certificate… is about to expire, such that a user may prepare or perform an appropriate compliance action in order to receive a new authentication certificate, a new key, and/or extend the lifetime of the current authentication certificate” [0064]; “The access module 308 is configured to present the authentication certificate, including the public key for the authentication certificate, for the electronic device 102 to a secure resource of a computing system” [0065]; “The certificate module 206 is configured to receive an authentication certificate, and... a unique identifier” [0040]; [0050]; [0052]). Furthermore, the analogous art Jakobsson does disclose wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message (e.g. Jakobsson “a risk score associated with a message is a heuristically computed score that depends on... whether the message contents match a high-risk pattern (e.g., contains a URL associated with a site that is not trusted, contains a potentially executable attachment, or contains keywords associated with high risk” [0040]; “For example, consider a potentially risky email message that contains a text component, a URL and an attachment, and which has an associated sender profile. Assume that this message is identified as potentially risky by the system” [0048]). Card, Angus, and Jakobsson are analogous art because they are from the same field of endeavor in risk assessment. It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Card, Angus, and Jakobsson before him or her, to modify the disclosure of Card with the teachings of Angus and Jakobsson to include determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time, wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message, and outputting the unique identifier as claimed. First suggestion/motivation for doing so would have been in response to the problems and needs of authenticating devices by enforcing policy compliance on the devices (Angus [0004]). Second suggestion/motivation for doing so would have been to enable additional security measures that were not practically meaningful in a world where filtering decisions need to be made within milliseconds (Jakobsson [0023]). Therefore, it would have been obvious to combine Card, Angus, and Jakobsson to obtain the invention as specified in the instant claim(s). As to Amended Claim 2: Card in view of Angus and Jakobsson discloses the system of claim 1, (e.g. Card “an information assurance portal (IAP), is described, which enables client customers to select various services such as threat and vulnerability management, asset classification and tracking, and business threat and risk assessments through a software-as-a-service portal” [Abstract]) wherein the unique identifier is output via a display operably connected to the one or more processors (e.g. Card “enabling a security analyst to access and view the ticket and/or be assigned to a ticket” [0070]; Angus FIG. 1 computer(s) 102 displays). The Examiner supplies the same rationale for the combination of references Card, Angus, and Jakobsson as in Claim 1 above. As to Amended Claim 3: Card in view of Angus and Jakobsson discloses the system of claim 1, the operations further comprising: determining, based at least in part on the risk data, a user associated with the asset (e.g. Card “At this stage, event objects will be “enriched” with additional information that can be used by TRCE 226 later. This can include for example asset information, geo-IP location information, or identity information (the name of the user using the technology asset that generated the event)” [0076]); and transmitting at least one of the unique identifier or the first ticket to a third computing device associated with the user (e.g. Card “enabling a security analyst to access and view the ticket and/or be assigned to a ticket” [0070]; Angus FIG. 1 computer(s) 102 displays). As to Amended Claim 4: Card in view of Angus and Jakobsson discloses the system of claim 3, the operations further comprising: (e.g. Card “At this stage, event objects will be “enriched” with additional information that can be used by TRCE 226 later. This can include for example asset information, geo-IP location information, or identity information (the name of the user using the technology asset that generated the event)” [0076]) determining, based at least in part on the first ticket, a mitigation task that will bring the asset into compliance with the predetermined requirement (e.g. Card “the ticket is reviewed and the threat monitored. In this example it is assumed that the ticket status is moved to an escalation at 352 to highlight the potential vulnerability. For example, the analyst may review alerts, and if they are determined to be valid they are escalated to the client (client is notified of an incident taking place on their network). At this point, the analyst may follow up with the support client at 354, or an email or other communication may be sent automatically. The analyst and/or system may then wait for client feedback or a response confirming that the threat has been addresses, the system shut down, or other remediation is in progress” [0092]; “to ensure compliance with various industry regulation” [0051]); and causing a display of the third computing device to display the mitigation task in association with the unique identifier or the first ticket (e.g. Angus “the notification module 306 presents a message that the authentication certificate is expired, has expired, or is about to expire, such that a user may prepare or perform an appropriate compliance action in order to receive a new authentication certificate, a new key, and/or extend the lifetime of the current authentication certificate” [0064]; “a compliance notification that it is time to perform a new compliance action” [0079]; [0099] TABLE 5 “Message ID 16 UUID that uniquely identifies this particular message. Each message must have a UUID”). The Examiner supplies the same rationale for the combination of references Card, Angus, and Jakobsson as in Claim 1 above. As to Amended Claim 5: Card in view of Angus and Jakobsson discloses the system of claim 4, the operations further comprising: receiving, from the third computing device, an indication that the mitigation task has been completed (e.g. Card “The analyst and/or system may then wait for client feedback or a response confirming that the threat has been addresses, the system shut down, or other remediation is in progress” [0092]); and providing the indication to the second device (e.g. Card feedback or a response confirming that the threat has been addressed [0092]). As to Amended Claim 9: Card in view of Angus and Jakobsson discloses the system of claim 1, wherein the portion of the risk data comprises at least one of: an identifier associated with a user (e.g. Card “At this stage, event objects will be “enriched” with additional information that can be used by TRCE 226 later. This can include for example asset information, geo-IP location information, or identity information (the name of the user using the technology asset that generated the event)” [0076]; “The user object contains information relevant to the individual (e.g., name, contact information, etc.)” [0093]; [0097]); a type of asset associated with the asset; or a policy or a regulation associated with the predetermined requirement. As to Amended Claim 10: Card discloses a method (e.g. Card “methods are provided which enable client environments, such as corporate and government enterprises, to adopt an integrated, strategic approach to governance, risk and compliance… An advanced security information and event management system, also referred to as an information assurance portal (IAP)” [Abstract]), comprising: generating an executable command to generate a ticket associated with the asset, the executable command including at least a portion of the risk data (e.g. Card “The leaf node 52, when located within the client environment 10 sends event objects in a secure manner over the internet 18 or other available communication connection to the hub 40. The hub 40 performs authentication and reporting services and communicates with a ticketing component 42 to identify, track, and resolve security threats, initiate remediation of a security breach, communicate with IT agents within the client environment 10, etc. The ticketing component 42 enables security analysts to be engaged in the monitoring and remediation and may also include automated processes, e.g., for communicating with the client environment 10 to identify threats, escalate threats, etc” [0060]; “At 108 the leaf node 52 detects a notification of a threat, generated in the processing performed at 106, and sends the notification to the hub 40 at 110. The hub 40 receives the notification at 112 and acknowledges receipt of the notification” [0070]); providing the executable command to a second device e.g. Card “The hub 40 may then authenticate the message at 114 and send the notification for ticketing at 116”” [0070]); receiving, from the second device and in response to providing the executable command to the second device, a first ticket associated with the asset, the first ticket including a unique identifier (e.g. Card “The ticketing component 42 creates a ticket associated with the notification at 120 and enables the potential threat to be monitored at 122, e.g., by enabling a security analyst to access and view the ticket and/or be assigned to a ticket” [0070]; [0099] TABLE 5 “Message ID 16 UUID that uniquely identifies this particular message. Each message must have a UUID”); But Card does not specifically disclose: determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time; wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message; outputting the unique identifier. However, the analogous art Angus does disclose determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time and outputting the unique identifier (e.g. Angus “receiving an authentication certificate in response to the compliance authenticator verifying the configuration information complies with the policy. The authentication certificate expires after a predetermined period of time” [Abstract]; “the notification module 306 may send compliance check notifications… the notification module 306 presents a message that the authentication certificate… is about to expire, such that a user may prepare or perform an appropriate compliance action in order to receive a new authentication certificate, a new key, and/or extend the lifetime of the current authentication certificate” [0064]; “The access module 308 is configured to present the authentication certificate, including the public key for the authentication certificate, for the electronic device 102 to a secure resource of a computing system” [0065]; “The certificate module 206 is configured to receive an authentication certificate, and... a unique identifier” [0040]; [0050]; [0052]). Furthermore, the analogous art Jakobsson does disclose wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message (e.g. Jakobsson “a risk score associated with a message is a heuristically computed score that depends on... whether the message contents match a high-risk pattern (e.g., contains a URL associated with a site that is not trusted, contains a potentially executable attachment, or contains keywords associated with high risk” [0040]; “For example, consider a potentially risky email message that contains a text component, a URL and an attachment, and which has an associated sender profile. Assume that this message is identified as potentially risky by the system” [0048]). Card, Angus, and Jakobsson are analogous art because they are from the same field of endeavor in risk assessment. It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Card, Angus, and Jakobsson before him or her, to modify the disclosure of Card with the teachings of Angus and Jakobsson to include determining, based on a message from a first device, risk data identifying an asset that will be out of compliance with a predetermined requirement within a period of time, wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message, and outputting the unique identifier as claimed. First suggestion/motivation for doing so would have been in response to the problems and needs of authenticating devices by enforcing policy compliance on the devices (Angus [0004]). Second suggestion/motivation for doing so would have been to enable additional security measures that were not practically meaningful in a world where filtering decisions need to be made within milliseconds (Jakobsson [0023]). Therefore, it would have been obvious to combine Card, Angus, and Jakobsson to obtain the invention as specified in the instant claim(s). As to Claim 12: Card in view of Angus and Jakobsson discloses the method of claim 10, wherein the portion of the risk data comprises at least one of: an identifier associated with a user (e.g. Card “At this stage, event objects will be “enriched” with additional information that can be used by TRCE 226 later. This can include for example asset information, geo-IP location information, or identity information (the name of the user using the technology asset that generated the event)” [0076]; “The user object contains information relevant to the individual (e.g., name, contact information, etc.)” [0093]; [0097]); a type of asset associated with the asset; or a policy or a regulation associated with the risk data. As to Amended Claim 13: Card in view of Angus and Jakobsson discloses the method of claim 10, further comprising: determining, based at least in part on the risk data, a user associated with the asset (e.g. Card “At this stage, event objects will be “enriched” with additional information that can be used by TRCE 226 later. This can include for example asset information, geo-IP location information, or identity information (the name of the user using the technology asset that generated the event)” [0076]); and transmitting at least one of the unique identifier or the first ticket to a third computing device associated with the user (e.g. Card “enabling a security analyst to access and view the ticket and/or be assigned to a ticket” [0070]; Angus FIG. 1 computer(s) 102 displays). As to Amended Claim 14: Card in view of Angus and Jakobsson discloses the method of claim 10, further comprising: determining, based at least in part on the risk data, a user associated with the asset (e.g. Card “At this stage, event objects will be “enriched” with additional information that can be used by TRCE 226 later. This can include for example asset information, geo-IP location information, or identity information (the name of the user using the technology asset that generated the event)” [0076]); determining, based at least in part on the first ticket, a mitigation task that will bring the asset into compliance with the predetermined requirement, the predetermined requirement comprising a policy or a regulation (e.g. Card “the ticket is reviewed and the threat monitored. In this example it is assumed that the ticket status is moved to an escalation at 352 to highlight the potential vulnerability. For example, the analyst may review alerts, and if they are determined to be valid they are escalated to the client (client is notified of an incident taking place on their network). At this point, the analyst may follow up with the support client at 354, or an email or other communication may be sent automatically. The analyst and/or system may then wait for client feedback or a response confirming that the threat has been addresses, the system shut down, or other remediation is in progress” [0092]; “to ensure compliance with various industry regulation” [0051]); and causing a display of a third device associated with the user to display the mitigation task (e.g. Angus “the notification module 306 presents a message that the authentication certificate is expired, has expired, or is about to expire, such that a user may prepare or perform an appropriate compliance action in order to receive a new authentication certificate, a new key, and/or extend the lifetime of the current authentication certificate” [0064]; “a compliance notification that it is time to perform a new compliance action” [0079]). The Examiner supplies the same rationale for the combination of references Card, Angus, and Jakobsson as in Claim 10 above. As to Claim 15: Card in view of Angus and Jakobsson discloses the method of claim 14, further comprising: receiving, from the third device, an indication that the mitigation task has been completed (e.g. Card “The analyst and/or system may then wait for client feedback or a response confirming that the threat has been addresses, the system shut down, or other remediation is in progress” [0092]); and sending the indication to the second device (e.g. Card feedback or a response confirming that the threat has been addressed [0092]). As to Amended Claim 16: Card discloses a method (e.g. Card “methods are provided which enable client environments, such as corporate and government enterprises, to adopt an integrated, strategic approach to governance, risk and compliance… An advanced security information and event management system, also referred to as an information assurance portal (IAP)” [Abstract]), comprising: determining, by a processor, and based on a message from a first device received by an application (e.g. Card “an information assurance portal (IAP), is described, which enables client customers to select various services such as threat and vulnerability management, asset classification and tracking, and business threat and risk assessments through a software-as-a-service portal” [Abstract]; “The customer data 70 in this example is stored within the IAP 12 environment and a batch processor” [0069]), risk data associated with an asset that is out of compliance with a predetermined requirement (e.g. Card “The IAP may also facilitate compliance by providing enhanced information security controls, online real-time information, and comprehensive reporting to ensure compliance with various industry regulations. The IAP can also enable improved operational efficiency by providing more effective management and monitoring of a security environment with real-time views of the efficiencies/inefficiencies of information security systems, allowing key stakeholders to identify where and how performance can be improved. Various other advantages include, without limitation, proactive management to improve processes for identifying and remediating technical vulnerabilities before they impact your business, cost savings to reduces costs (e.g. for staffing, training, maintenance, and infrastructure) associated with securing information assets, and enhanced security posture, which ensures proactive risk management and improves an organization's overall security posture by gaining a deeper knowledge of potential problems and allowing senior leadership to make decisions faster and more effectively” [0051]; “The leaf node 52, when located within the client environment 10 sends event objects in a secure manner over the internet 18 or other available communication connection to the hub 40. The hub 40 performs authentication and reporting services and communicates with a ticketing component 42 to identify, track, and resolve security threats, initiate remediation of a security breach, communicate with IT agents within the client environment 10, etc. The ticketing component 42 enables security analysts to be engaged in the monitoring and remediation and may also include automated processes, e.g., for communicating with the client environment 10 to identify threats, escalate threats, etc” [0060]; “At 108 the leaf node 52 detects a notification of a threat, generated in the processing performed at 106, and sends the notification to the hub 40 at 110. The hub 40 receives the notification at 112 and acknowledges receipt of the notification” [0070]); generating, by the processor and based at least in part on receiving an input, an executable command to generate a ticket associated with the asset, the command including at least a portion of the risk data (e.g. Card “At 108 the leaf node 52 detects a notification of a threat, generated in the processing performed at 106, and sends the notification to the hub 40 at 110. The hub 40 receives the notification at 112 and acknowledges receipt of the notification. The hub 40 may then authenticate the message at 114 and send the notification for ticketing at 116. The ticketing component 42 creates a ticket associated with the notification at 120 and enables the potential threat to be monitored at 122, e.g., by enabling a security analyst to access and view the ticket and/or be assigned to a ticket. The hub 40 may also enable reporting at 118, the reporting including details of the notification received at 112” [0070]); receiving, by the processor and from a second device and in response to sending the command to the second device, a first ticket associated with the asset, the first ticket including a unique identifier (e.g. Card “The ticketing component 42 creates a ticket associated with the notification at 120 and enables the potential threat to be monitored at 122, e.g., by enabling a security analyst to access and view the ticket and/or be assigned to a ticket” [0070]; “Message ID 16 UUID that uniquely identifies this particular message” [0099] Table 5); But Card does not specifically disclose: wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message; outputting, by the processor and via the application, at least the unique identifier. However, the analogous art Angus does disclose outputting, by the processor and via the application, at least the unique identifier (e.g. Angus “the notification module 306 may send compliance check notifications… the notification module 306 presents a message that the authentication certificate… is about to expire, such that a user may prepare or perform an appropriate compliance action in order to receive a new authentication certificate, a new key, and/or extend the lifetime of the current authentication certificate” [0064]; “The access module 308 is configured to present the authentication certificate, including the public key for the authentication certificate, for the electronic device 102 to a secure resource of a computing system” [0065]; “The certificate module 206 is configured to receive an authentication certificate, and... a unique identifier” [0040]; [0050]; [0052]; “Modules may also be implemented in software for execution by various types of processors” [0082]). Furthermore, the analogous art Jakobsson does disclose wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message (e.g. Jakobsson “a risk score associated with a message is a heuristically computed score that depends on... whether the message contents match a high-risk pattern (e.g., contains a URL associated with a site that is not trusted, contains a potentially executable attachment, or contains keywords associated with high risk” [0040]; “For example, consider a potentially risky email message that contains a text component, a URL and an attachment, and which has an associated sender profile. Assume that this message is identified as potentially risky by the system” [0048]). Card, Angus, and Jakobsson are analogous art because they are from the same field of endeavor in risk assessment. It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Card, Angus, and Jakobsson before him or her, to modify the disclosure of Card with the teachings of Angus and Jakobsson to include wherein the risk data is determined based on: a document included in the message, or a hyperlink in a text of the message and outputting, by the processor and via the application, at least the unique identifier as claimed. First suggestion/motivation for doing so would have been in response to the problems and needs of authenticating devices by enforcing policy compliance on the devices (Angus [0004]). Second suggestion/motivation for doing so would have been to enable additional security measures that were not practically meaningful in a world where filtering decisions need to be made within milliseconds (Jakobsson [0023]). Therefore, it would have been obvious to combine Card, Angus, and Jakobsson to obtain the invention as specified in the instant claim(s). As to Claim 17: Card in view of Angus and Jakobsson discloses the method of claim 16, wherein the application comprises an information technology asset management application (e.g. Card “an information assurance portal (IAP), is described, which enables client customers to select various services such as threat and vulnerability management, asset classification and tracking, and business threat and risk assessments through a software-as-a-service portal” [Abstract]) and wherein the unique identifier is output via a display of the first device (e.g. Card “enabling a security analyst to access and view the ticket and/or be assigned to a ticket” [0070]; Angus FIG. 1 computer(s) 102 displays). The Examiner supplies the same rationale for the combination of references Card, Angus, and Jakobsson as in Claim 16 above. As to Claim 20: Card in view of Angus and Jakobsson discloses the method of claim 16, wherein the risk data further comprises one or more of an asset identifier, an asset user identifier associated with a user (e.g. Card “At this stage, event objects will be “enriched” with additional information that can be used by TRCE 226 later. This can include for example asset information, geo-IP location information, or identity information (the name of the user using the technology asset that generated the event)” [0076]; “The user object contains information relevant to the individual (e.g., name, contact information, etc.)” [0093]; [0097]), or a deadline associated with compliance. Conclusion The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure. Fisher et al. (US 8042178 B1) Stein et al. (US 20120124664 A1) HAWTHORN et al. (US 20150229664 A1) Applicants’ amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9:30am-5:30pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached at 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KENNETH W CHANG/Primary Examiner, Art Unit 2438 PNG media_image1.png 35 280 media_image1.png Greyscale 03.05.2026