Prosecution Insights
Last updated: July 17, 2026
Application No. 18/910,170

RISK ASSESSMENT SYSTEM

Final Rejection §101§103
Filed
Oct 09, 2024
Priority
Oct 16, 2023 — provisional 63/544,308
Examiner
WEBB III, JAMES L
Art Unit
3624
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Johnson & Johnson
OA Round
2 (Final)
15%
Grant Probability
At Risk
3-4
OA Rounds
1y 11m
Est. Remaining
38%
With Interview

Examiner Intelligence

Grants only 15% of cases
15%
Career Allowance Rate
30 granted / 205 resolved
-37.4% vs TC avg
Strong +24% interview lift
Without
With
+23.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 9m
Avg Prosecution
42 currently pending
Career history
257
Total Applications
across all art units

Statute-Specific Performance

§101
11.0%
-29.0% vs TC avg
§103
87.3%
+47.3% vs TC avg
§102
1.5%
-38.5% vs TC avg
§112
0.2%
-39.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 205 resolved cases

Office Action

§101 §103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Notice for all US Patent Applications filed on or after March 16, 2013 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Status of the Claims This communication is in response to communications received on 1/21/26. Claim(s) 1, 6, 13, and 18 is/are amended, claim(s) 3-5 and 15-17 is/are cancelled, claim(s) 21-25 is/are new, and applicant states support can be found at instant specification [0026-0027, 0046, 0053]. Therefore, Claims 1-2, 6-14, and 18-25 is/are pending and have been addressed below. Claims Without Prior Art Rejections Claim(s) 1-2, 6-12, and 18-25 do not have prior art rejections. The remaining rejections are 101 as noted below. Closest prior art to the invention claims without rejections include Linton et al. (US 2014/0018951 A1) in view of Connell et al. (US 2020/0065727 A1), Brown et al. (US 2013/0275176 A1), and Harris et al. (US 2019/0266533 A1) for claims 1-2, 6-7, 11-12, and 21-25, and Linton in view of Connell, Brown, and Harris as applied to claim(s) 1 and 18 above and further in view of Tam et al. (US 2022/0101113 A1) for claims 8-10, and 20, and Linton et al. (US 2014/0018951 A1) in view of Connell et al. (US 2020/0065727 A1), Brown et al. (US 2013/0275176 A1), Harris et al. (US 2019/0266533 A1), and Tseng (US 2015/0324445 A1) for claims 18-20. Regarding claims 1-2 and 6-12, the references do not teach based on a determination the generated impact score and the generated likelihood score are not materially changed, generating a second output including the generated initial combined risk score. While Connell implies the limitation in Fig. 8 where historical information of the overall score change based on specific dates it does not specifically show the sub scores are unchanged. Regarding claims 18-20, the references teach all the limitations. For the claims above, the combination of references (which would be 5 if art were found claim 1 and its dependents and which is 5 arts for claims 18-20) would not yield appropriate motivations for combination thus while the number of references it not necessarily an issue the lacking motivations is rationale for not applying a prior art, 103, rejection. The prior art teaching are provided below for reference only. Regarding claim 1 and 18, Linton teaches a computer-implemented method, comprising: receiving a first indication of a supplier, the received indication including an identification tag [see at least see at least [0141] “In step 500, the scheduling module 304 receives a stimulus. Stimuli include, for example, a request from a tier 1 manager, notification by the data collection module 300 of newly received and/or updated reported performance information, a request from the risk manager 316 and/or analytical engine 312, passage of time, and the like.”; Fig. 13 and [0132] where Fig. 13 shows the company in the bottom of item (image) 1304 “With reference to FIG. 13, the reporting module provides a display 1300 providing information about the impact of a selected event on the supply chain. The display 1300 includes a picture 1304 showing the epicenter and impact radius of the event and supply chain sites affected within the impact radius, a description of the event 1308, products potentially affected by the event 1312, parts and/or components potentially affected by the event 1316, and other potential supply chain impacts 1320.”]; generating an impact score for the supplier [see at least [0134] “a supplier risk category 1504 (e.g., low, moderate, and high) and the various factors used in developing the risk category. These factors are: supplier performance score 1508 (based on historical supplier performance information)”]; generating a likelihood score for the supplier {, the generated likelihood score indicating a likelihood the new supplier will be a victim of one or more of a cyber-attack or an operational failure – claim 13, 18}; the generated impact score and the generated likelihood score [for the limitations above, see at least [0134] at least one of supplier location score 1512, supplier financial score 1516, and supplier geo-political score 1520 “a supplier risk category 1504 (e.g., low, moderate, and high) and the various factors used in developing the risk category. These factors are: supplier performance score 1508 (based on historical supplier performance information), supplier location score 1512 (the degree to which the supplier site location can positively or negatively impact supply chain performance), supplier financial score 1516 (the degree to which the supplier financial condition can positively or negatively impact supply chain performance), and supplier geo-political score 1520”]; receiving a second indication of the supplier, the second received indication including the identification tag [see at least [0141] “In step 500, the scheduling module 304 receives a stimulus. Stimuli include, for example, a request from a tier 1 manager, notification by the data collection module 300 of newly received and/or updated reported performance information, a request from the risk manager 316 and/or analytical engine 312, passage of time, and the like.”; Fig. 13 and [0132] where Fig. 13 shows the company in the bottom of item (image) 1304 “With reference to FIG. 13, the reporting module provides a display 1300 providing information about the impact of a selected event on the supply chain. The display 1300 includes a picture 1304 showing the epicenter and impact radius of the event and supply chain sites affected within the impact radius, a description of the event 1308, products potentially affected by the event 1312, parts and/or components potentially affected by the event 1316, and other potential supply chain impacts 1320.”]. Linton doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as supplier risk assessment, Connell discloses generating an initial combined risk score based on the generated variable 1and the generated variable 2{, the generated combined risk score indicating an overall risk of the supplier based on an impact of the supplier and the generated likelihood score – claim 18} [see at least [0069] “As is illustrated in FIG. 1, in an exemplary embodiment, a supplier risk index 102 (SRI) is determined. As shown, in some exemplary embodiments, the SRI 102 may be based on three inputs. The first input is an inherent risk rating (IRR) 104 of the supplier. The second input is a control assessment 106 of the supplier. The third input is a combination of additional supplier risk attributes 108 of the supplier.”]; evaluating the generated initial combined risk score relative to a risk threshold; and based on the evaluation, generating an output including the generated initial combined risk score {based on the generated initial combined risk score relative to a risk threshold, - claim 18}; storing the generated initial combined risk score and the generated output in a data storage location, the stored generated initial combined risk score and the generated output including the received identification tag [for the limitations above, see at least [0069] “As is illustrated in FIG. 1, in an exemplary embodiment, a supplier risk index 102 (SRI) is determined. As shown, in some exemplary embodiments, the SRI 102 may be based on three inputs. The first input is an inherent risk rating (IRR) 104 of the supplier. The second input is a control assessment 106 of the supplier. The third input is a combination of additional supplier risk attributes 108 of the supplier. In accordance with aspects of the disclosure, these three inputs are utilized (e.g., combined) to determine (e.g., calculate) the SRI 102, which, in embodiments, is displayed in an exemplary user interface SRI summary 110.”; [0087] “the risk attributes 112, controls assessments 132, and other risk attributes 152 of the supplier are combined to derive (e.g., calculate) an SRI 102 for the supplier. In some exemplary embodiments, this is shown as a percentage,”; [0008] “In accordance with aspects of the disclosure, the SRI represents a holistic, end-to-end view of the risk associated to a supplier. In accordance with aspects of the disclosure, the SRI may be used as an absolute reference, which may be subject to a threshold with suppliers—for example, above a certain predetermined risk, the business or organization may remove the supplier from consideration.”; [0093] “In addition to risk data, the SRI summary 110 may comprise … . In certain embodiments, the supplier may be provided with a performance rating in the form of supplier preference tiers (e.g. “Gold Supplier,” “Silver Supplier,” “Bronze Supplier.”) As illustrated, the exemplary embodiment of FIG. 2, the SRI summary 110 indicates a “preference rating” 226 (e.g., “Gold Supplier”), which indicates possible performance benefits that may be realized by selecting the supplier.”; [0090, 0094] “As shown in FIG. 2, in addition to the SRI 102 and grade 202, an exemplary embodiment of the SRI summary 110 may also include a scorecard 204 (or current scorecard). … In addition to SRI 102 scores, scorecards 204, and a grade 304, the user interface 300 may indicate recommendations (or warnings) 306 in cases (e.g., for “Supplier 1” and “Supplier 4”). These recommendations 306 can be positive or negative in nature (e.g., warnings) and provide information 308 regarding the ramifications of selecting a particular supplier. For example, real-time risk data for suppliers who are part of preferred supplier program (e.g. “Gold Supplier” program) indicates a proven track record of meeting performance risk (based on collected historical data), and commercial and contractual requirements. In accordance with aspects of the disclosure, this information 308 increases the confidence in supplier selection, significantly reduces supplier onboarding times, and reduces the risk exposure to the organization.”; [0180] data from various sources can be saved “The security module can enable the collected information to be maintained in one data location (and common database) without the use of a partitioned database. In other words, the database is not partitioned logically (horizontally or vertically) into distinct and independent parts corresponding to different monitored supply chains, and the data and/or data structures for different monitored supply chains can be commingled and/or conform to a common data model in the database. This can enable the use of a simpler data model that enables ease of constructing relationships between enterprises and organizations, provide stability, and provide scalability. Each data row of the model can have a different schema. The data model can also enable sharing of information across and among different supply chains.”; Fig. 2 and [0090] supplier identification in Fig. 2 is as above item 204]; based on the second identification tag matching the first identification tag stored the data storage location, determining the supplier is an existing supplier; the generated initial combined risk score and the generated output; and [for the limitations above, see at least Fig. 8 and [0108] “FIG. 8 is an exemplary performance detailed view 814, which provides historical performance data for completed scorecards and insights into scores, IRR, risk ratings, engagement status and contract start/end dates for engagements with completed scorecards in accordance with aspects of the disclosure. As shown in FIG. 8, the detailed view 814 may include listed IDs 805, an IRR category 810 (e.g., “high,” “medium,” or “low”), a numerical rating 815, a completion date 820, a scorecard due date 825, an engagement status 830, a contract start date 835, and a contract end date 840.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Linton with Connell to include the limitation(s) above as disclosed by Connell. Doing so would improve Linton’s (Linton) supplier evaluation methodology via “determining the risk associated with a supplier and presenting that information to those responsible for selecting suppliers for a particular good and service, which accounts for relevant factors including both supplier characteristics and characteristics of the good and/or service supplied” [see at least Connell [0003-0006] ]. Furthermore, all of the claimed elements were known in the prior arts of a) Linton and b) Connell and c) one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Connell also teaches generating a likelihood score for the supplier {, the generated likelihood score indicating a likelihood the new supplier will be a victim of one or more of a cyber-attack or an operational failure – claim 18} [see at least [0086] “determining a supplier's SRI 102 also include accounting for other risk attributes 152. These other risk attributes 152 may include, for example, financial viability assessments 154 (FVA), … an analysis of concentration of risk 158, a performance rating 160 attributed to the supplier by a delivery manager that results from prior supplier engagements with the rated supplier, a vulnerability impact assessment 162, and reporting on cyber incidents 164. Cyber incidents 164 may include, for example, cyber-attacks directed against the supplier that may impact the operations and/or data of the organization. Severity of attacks, breaches, data loss, action plan performance, delays in remediating vulnerabilities, and delays in remediating application controls as measured by agreed upon timeliness or organizational standards are considered and may have varying degrees of impact to the other risk attributes 152. For example, concentration of risk 158 may exist (or be deemed high) when a limited number of suppliers or subcontractors are used to provide similar services.”]. Linton in view of Connell doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as supplier risk assessment, Brown discloses evaluating the generated combined risk score relative to a dynamic risk threshold {based on the generated combined risk score being greater than a dynamic risk threshold, triggering a questionnaire to be transmitted to the supplier - claim 18} [for the limitations above, Examiner notes, it is unclear if applicant has not acted as his or her own lexicographer to specifically define or redefine dynamic risk threshold in instant specification [0018, 0056, 0085] therefore the broadest reasonable interpretation is being used, then see at least [0059] “At step 214, a supplier ranking is created, where the identified suppliers are ranked according to their risk. The ranking may be based on the risk scores, environmental factors, and/or any other suitable information. … Risk score information, ranking, information associated with the identified suppliers, and/or any other suitable information may be displayed at step 215, for example, on GUI 116.”; [0060] “At step 216, the method determines whether the risk assessment should continue. If not, the method ends. Otherwise, the method proceeds with step 218. In this step, additional risk-related criteria (e.g., additional questions) may be added into the existing pool of criteria. For example, an administrator of risk assessment module 112 and/or an associate of organization 103 may add new criteria in order to incorporate different types of risk into the risk assessment.”; [0040-0041] “Results data 142 includes risk scores calculated according to rules and instructions specified in management software 138 and management data 140. In certain embodiments, results data 142 includes a data structure 114 that indicates calculated risk scores for suppliers 104, any applicable environmental factors for each supplier 104, and whether an additional assessment will be performed. In the depicted embodiment, Company A has a risk score of 60, Company B has a risk score of 80, and both Company C and Company D have a risk score of 75. Additionally, risk assessment module 112 has determined that Company C is subject to an OCC consent order, which may require more stringent protocols for its processes. The last column of data structure 114 indicates that risk assessment module 112 recommends that Company B and Company C should have additional assessments. Risk assessment module 112 does not recommend additional assessments for Company A and Company D.”; [0061, 0045] “The method proceeds again to step 206, where previous selections may be updated and new selections are determined for new criteria added in step 218. These updates allow for an updated risk score to be calculated in step 210.”; [0044] “For a particular supplier 104 chosen for an additional assessment, risk assessment module 112 generates risk assessment information 110. Risk assessment information 110 includes any information suitable for effecting an additional assessment of supplier 104. For example, risk assessment information 110 includes a form with additional questions to be answered for supplier 104.”; [0057] “The risk related criteria may have been previously provided in the form of a questionnaire provided to the identified suppliers.”], the dynamic risk threshold based on organization-focused dynamics and one or more supplier-focused dynamics [the limitation is interpreted based on broadest reasonable interpretation of instant specification [0018], see at least [0040-0041] “In certain embodiments, risk assessment module may create a ranking of the suppliers 104 included in a risk assessment. The ranking may be built according to risk score, from highest level of risk to lowest level of risk or vice versa. A certain amount of the top-ranked (i.e., highest risk) suppliers may be recommended for additional assessment. A predetermined threshold may exist for the risk score above which risk assessment module 112 will recommend an additional assessment for a particular supplier 114. For example, the embodiment depicted includes a threshold of 78. Because Company B's risk score is greater than the threshold, risk assessment module 112 recommends Company B for additional assessment. Even though Company C has a risk score lower than this threshold, risk assessment module 112 recommends Company C for additional assessment because Company C is subject to an OCC consent order. Risk assessment module 112 may use a secondary threshold for suppliers associated with environmental factors, where this secondary threshold is determined in any suitable manner. For example, the secondary threshold may be set at a predetermined value, such as 70 in the depicted embodiment. In certain embodiments, a secondary threshold may be a function of a primary threshold value, type of environmental factor, the number of environmental factors associated with the particular supplier, and/or any other suitable factor.”; [0028] further define secondary threshold may be a function of any other suitable factor (of [0041]) to include organization-focused dynamics and one or more supplier-focused dynamics “As another example, organization 103 may be the entity subject to an OCC consent order, where a particular supplier 104 provides organization 103 with the services subject to the new requirements. Other examples of environmental factors include results of audits on the practices of supplier 104 and/or organization 103, service areas designated as high risk, changes in the structure of applicable oversight agencies, media attention, customer complaints, news/media/legal settlements, and/or any other suitable factor.”]; {based on a response received from the supplier in response to the transmitted questionnaire, the received response with the triggered questionnaire, and updating the combined risk score; evaluating the updated combined risk score relative to the dynamic risk threshold; and - claim 18} [see at least [0044] “For a particular supplier 104 chosen for an additional assessment, risk assessment module 112 generates risk assessment information 110. Risk assessment information 110 includes any information suitable for effecting an additional assessment of supplier 104. For example, risk assessment information 110 includes a form with additional questions to be answered for supplier 104.”; [0046] “The answers/information corresponding to the criteria included in risk assessment information 110 for supplier 104 chosen for additional assessment may be provided directly by supplier 104.”; [0061, 0045] “At step 220, the method modifies the priority level associated with the risk-related criteria. In this step, the criteria may receive different priority levels that account for the importance of the new criteria added in step 218. For example, a new criterion added at step 218 may now have the highest priority of all criteria while all the previously included criteria moves down to the next lower priority level. The method proceeds again to step 206, where previous selections may be updated and new selections are determined for new criteria added in step 218. These updates allow for an updated risk score to be calculated in step 210.”]; and {based on the evaluation, generating an output including the updated combined risk score - claim 18} [see at least [0059] “Risk score information, ranking, information associated with the identified suppliers, and/or any other suitable information may be displayed at step 215, for example, on GUI 116.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Linton in view of Connell with Brown to include the limitation(s) above as disclosed by Brown. Doing so would improve Linton in view of Connell’s (Linton) supplier evaluation methodology via a) determine the risk associated with using a supplier across the various lines of business within a business and b) “forecasting risk associated with a supplier before engaging that supplier to provide goods and/or services for an organization.” [see at least Brown [0003-0007] ]. Furthermore, all of the claimed elements were known in the prior arts of a) Linton and b) Brown and c) one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Harris discloses (claim 1 and 18) based on the determination the supplier is the existing supplier, retrieving, from the data storage location, the data [for the limitations above, see at least [0049, 0061, 0063, ] “In step 402, a selection of a supplier identifier value that identifies a supplier during a supplier onboarding process in an e-procurement system is received. … Referring again to FIG. 4, in step 404, a digital data repository of the e-procurement system is queried to seek a data record matching the selected supplier identifier value. … In step 406, in response to determining that the data repository has a record matching the selected supplier identifier, a risk score value associated with the selected supplier identifier is identified from a dataset of risk score values that is stored in the data repository.”]. Tseng discloses (claim 18) based on a response received from the user in response to the transmitted questionnaire, identifying a second identification tag included in the response, matching the second identification tag to the first identification tag to associate the received response with the triggered questionnaire [see at least [0068] “In embodiments where the required information fields include a field that identifies the survey participant in some manner—for instance, a name, a physical address, a phone number, or an email address—the receiving software module 111 may compare the value for this field, alongside the source ID and/or the subject matter ID if provided, to the values for previously provided and stored survey answers in the database 115A, at S231. If a match is found in the database 115A at S231, the survey answer is stored as an edit for the match at S233, rather than an original and separate survey answer as would be done at S235.”]. Response to Arguments Applicant’s arguments, see applicant’s remarks, filed 1/21/26, with respect to rejections under 35 USC 112 for claim(s) 18-20 have been fully considered and are persuasive. The Examiner respectfully withdraws rejections under 35 USC 112 for claim(s) 18-20. Applicant’s arguments, see applicant’s remarks, filed 1/21/26, with respect to rejections under 35 USC 103 for claim(s) 1-20 have been fully considered and are persuasive in part. The Examiner respectfully withdraws rejections under 35 USC 103 for claim(s) 1-12 and 15-20. They are not persuasive as far as they apply to the amended 103 rejection(s) below for claims 13-14. Applicant’s arguments, see applicant’s remarks, filed 1/21/26, with respect to rejections under 35 USC 101 for claim(s) 1-20 have been fully considered but they are not persuasive as far as they apply to the amended 101 rejection(s) below. Applicant respectfully traversed the rejection on pg. 9-14. The Examiner respectfully disagrees because the claims here are not like those the Federal Circuit found patent eligible in Enfish because the claimed steps are a process that qualifies as an abstract idea for which computers are invoked merely as a tool, rather than being directed to a specific asserted improvement in computer capabilities.. Applicant is relying on 2106.05(d) “well understood, routine, and conventional” however Examiner is relying on 2106.05(f) “apply it.” Examiner relied on “apply it” because of item (2) Whether the claim invokes computers or other machinery merely as a tool to perform an existing process of 2106.05(f). Thus, the argument(s) are unpersuasive. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim(s) 1-2, 6-14, and 18-25 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter as noted below. The limitation(s) below for representative claim(s) 1, 13, and 18 that, under its broadest reasonable interpretation, is directed to supplier risk assessment. Step 1: The claim(s) as drafted, is/are a process (claim(s) 1-2, 6-12 recites a series of steps) and system (claim(s) 13-14 and 18-25 recites a series of components). Step 2A – Prong 1: The claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) (emphasis added): Claim 1: receiving a first indication of a supplier, the received indication including an identification tag; generating an impact score for the supplier; generating a likelihood score for the supplier; generating an initial combined risk score based on the generated impact score and the generated likelihood score; evaluating the generated initial combined risk score relative to a dynamic risk threshold, the dynamic risk threshold based on organization-focused dynamics and one or more supplier-focused dynamics; based on the evaluation, generating an output including the generated initial combined risk score; storing the generated initial combined risk score and the generated output in a data storage location, the stored generated initial combined risk score and the generated output including the received identification tag; receiving a second indication of the supplier, the second received indication including the identification tag; based on the second identification tag matching the first identification tag stored the data storage location, determining the supplier is an existing supplier; based on the determination the supplier is the existing supplier, retrieving, from the data storage location, the generated initial combined risk score and the generated output; and based on a determination the generated impact score and the generated likelihood score are not materially changed, generating a second output including the generated initial combined risk score. Claim(s) 13 and 18: same analysis as claim(s) 1. Claim 13 and 18 additionally: the generated likelihood score indicating a likelihood the new supplier will be a victim of one or more of a cyber-attack or an operational failure; the generated initial combined risk score indicating an overall risk of the supplier based on an impact of the supplier and the generated likelihood score. Claim 13 additionally: based on a determination the generated impact score and the generated likelihood score are materially changed, generate at least one of an updated impact score or an updated likelihood score for the supplier; based on the generated at least one of the updated impact score or the updated likelihood score, generate an updated combined risk score for the supplier; evaluate the updated combined risk score relative to the dynamic risk threshold; and based on the evaluation of the updated combined risk score relative to the dynamic risk threshold, generate a second output including the generated initial combined risk score. Claim 18 additionally: based on the generated initial combined risk score being greater than a dynamic risk threshold, triggering a questionnaire to be transmitted to the supplier; based on a response received from the supplier in response to the transmitted questionnaire, identifying a second identification tag included in the response, matching the second identification tag to the first identification tag to associate the received response with the triggered questionnaire, and updating the combined risk score; evaluating the updated combined risk score relative to the dynamic risk threshold; and based on the evaluation, generating an output including the updated combined risk score. Dependent claims 2, 6-12, 14, and 19-25 recite the same or similar abstract idea(s) as independent claim(s) 1, 13, and 18 with merely a further narrowing of the abstract idea(s): . The identified limitations of the independent and dependent claims above fall well-within the groupings of subject matter identified by the courts as being abstract concepts of: a method of organizing human activity (commercial or legal interactions including advertising, marketing or sales activities or behaviors, or business relations) because the invention is directed to economic and/or business relationships as they are associated with supplier risk assessment. Step 2A – Prong 2: This judicial exception is not integrated into a practical application because: The additional elements unencompassed by the abstract idea include data storage (claim(s) 1, 13, 18), computer (claim(s) 1), a system comprising: a memory; and a processor coupled to the memory (claim(s) 13), one or more non-transitory computer readable media, a processor (claim(s) 18), machine learning (claim 8-10, 20, 23-25). The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements as described above with respect to Step 2A Prong 2 fails to describe: Improvements to the functioning of a computer, or to any other technology or technical field - see MPEP 2106.05(a) Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition – see Vanda Memo Applying the judicial exception with, or by use of, a particular machine – see MPEP 2106.05(b) Effecting a transformation or reduction of a particular article to a different state or thing - see MPEP 2106.05(c) Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception - see MPEP 2106.05(e) and Vanda Memo. Thus the additional elements as described above with respect to Step 2A Prong 2 are merely (as additionally noted by instant specification [0077]) invoked as a tool and/or general purpose computer to apply instructions of an abstract idea in a particular technological environment, and/or mere application of an abstract idea in a particular technological environment and merely limiting the use of an abstract idea to a particular technological field do not integrate an abstract idea into a practical application (MPEP 2106.05(f)&(h)). Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Thus the additional elements as described above with respect to Step 2A Prong 2 are merely (as additionally noted by instant specification [0077]) invoked as a tool and/or a general purpose computer to apply instructions of an abstract idea in a particular technological environment, and/or mere application of an abstract idea in a particular technological environment and merely limiting the use of an abstract idea to a particular technological field do not integrate an abstract idea into a practical application and thus similarly the combination and arrangement of the above identified additional elements when analyzed under Step 2B also fails to necessitate a conclusion that the claims amount to significantly more than the abstract idea for the same reasons as set forth above (MPEP 2106.05(f)&(h)). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. It has been held that a prior art reference must either be in the field of applicant’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the applicant was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). Claim(s) 13-14 and 21-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Linton et al. (US 2014/0018951 A1) in view of Connell et al. (US 2020/0065727 A1) Brown et al. (US 2013/0275176 A1), and Harris et al. (US 2019/0266533 A1). Regarding claim 13 (currently amended), Linton teaches a system comprising: a memory; and a processor coupled to the memory configured to: receive a first indication of a supplier, the received indication including an identification tag [see at least see at least [0141] “In step 500, the scheduling module 304 receives a stimulus. Stimuli include, for example, a request from a tier 1 manager, notification by the data collection module 300 of newly received and/or updated reported performance information, a request from the risk manager 316 and/or analytical engine 312, passage of time, and the like.”; Fig. 13 and [0132] where Fig. 13 shows the company in the bottom of item (image) 1304 “With reference to FIG. 13, the reporting module provides a display 1300 providing information about the impact of a selected event on the supply chain. The display 1300 includes a picture 1304 showing the epicenter and impact radius of the event and supply chain sites affected within the impact radius, a description of the event 1308, products potentially affected by the event 1312, parts and/or components potentially affected by the event 1316, and other potential supply chain impacts 1320.”]; generate an impact score for the supplier [see at least [0134] “a supplier risk category 1504 (e.g., low, moderate, and high) and the various factors used in developing the risk category. These factors are: supplier performance score 1508 (based on historical supplier performance information)”]; generate a likelihood score for the supplier, the generated likelihood score indicating a likelihood the supplier will be a victim of one or more of a cyber-attack or an operational failure – claim 13; the generated impact score and the generated likelihood score [for the limitations above, see at least [0134] at least one of supplier location score 1512, supplier financial score 1516, and supplier geo-political score 1520 “a supplier risk category 1504 (e.g., low, moderate, and high) and the various factors used in developing the risk category. These factors are: supplier performance score 1508 (based on historical supplier performance information), supplier location score 1512 (the degree to which the supplier site location can positively or negatively impact supply chain performance), supplier financial score 1516 (the degree to which the supplier financial condition can positively or negatively impact supply chain performance), and supplier geo-political score 1520”]; receive a second indication of the supplier, the second received indication including the identification tag [see at least [0141] “In step 500, the scheduling module 304 receives a stimulus. Stimuli include, for example, a request from a tier 1 manager, notification by the data collection module 300 of newly received and/or updated reported performance information, a request from the risk manager 316 and/or analytical engine 312, passage of time, and the like.”; Fig. 13 and [0132] where Fig. 13 shows the company in the bottom of item (image) 1304 “With reference to FIG. 13, the reporting module provides a display 1300 providing information about the impact of a selected event on the supply chain. The display 1300 includes a picture 1304 showing the epicenter and impact radius of the event and supply chain sites affected within the impact radius, a description of the event 1308, products potentially affected by the event 1312, parts and/or components potentially affected by the event 1316, and other potential supply chain impacts 1320.”]; based on a determination the generated impact score and the generated likelihood score are materially changed, generate at least one of an updated impact score or an updated likelihood score for the supplier; based on the generated at least one of the updated impact score or the updated likelihood score [for the limitations above, see at least [0134] at least one of supplier location score 1512, supplier financial score 1516, and supplier geo-political score 1520 “a supplier risk category 1504 (e.g., low, moderate, and high) and the various factors used in developing the risk category. These factors are: supplier performance score 1508 (based on historical supplier performance information), supplier location score 1512 (the degree to which the supplier site location can positively or negatively impact supply chain performance), supplier financial score 1516 (the degree to which the supplier financial condition can positively or negatively impact supply chain performance), and supplier geo-political score 1520”; [0182] “The analytical engine 320 can also calculate and update performance measures as information is collected by the data collection module 300. In other words, the calculation and updating of performance measures is done substantially in real time. Alternatively, the analytical engine 320 can calculate the performance measures when and as requested by a user. In other words, the performance measures are not precalculated. This can obviate the need for an analytics database altogether.”]. Linton doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as supplier risk assessment, Connell discloses generate an initial combined risk score based on the generated variable 1 and the generated variable 2, the generated combined risk score indicating an overall risk of the supplier based on an impact of the supplier and the generated likelihood score – claim 13 [see at least [0069] “As is illustrated in FIG. 1, in an exemplary embodiment, a supplier risk index 102 (SRI) is determined. As shown, in some exemplary embodiments, the SRI 102 may be based on three inputs. The first input is an inherent risk rating (IRR) 104 of the supplier. The second input is a control assessment 106 of the supplier. The third input is a combination of additional supplier risk attributes 108 of the supplier.”]; evaluate the generated initial combined risk score relative to a risk threshold; and based on the evaluation, generating an output including the generated initial combined risk score; store the generated initial combined risk score and the generated output in a data storage location, the stored generated initial combined risk score and the generated output including the received identification tag [for the limitations above, see at least [0069] “As is illustrated in FIG. 1, in an exemplary embodiment, a supplier risk index 102 (SRI) is determined. As shown, in some exemplary embodiments, the SRI 102 may be based on three inputs. The first input is an inherent risk rating (IRR) 104 of the supplier. The second input is a control assessment 106 of the supplier. The third input is a combination of additional supplier risk attributes 108 of the supplier. In accordance with aspects of the disclosure, these three inputs are utilized (e.g., combined) to determine (e.g., calculate) the SRI 102, which, in embodiments, is displayed in an exemplary user interface SRI summary 110.”; [0087] “the risk attributes 112, controls assessments 132, and other risk attributes 152 of the supplier are combined to derive (e.g., calculate) an SRI 102 for the supplier. In some exemplary embodiments, this is shown as a percentage,”; [0008] “In accordance with aspects of the disclosure, the SRI represents a holistic, end-to-end view of the risk associated to a supplier. In accordance with aspects of the disclosure, the SRI may be used as an absolute reference, which may be subject to a threshold with suppliers—for example, above a certain predetermined risk, the business or organization may remove the supplier from consideration.”; [0093] “In addition to risk data, the SRI summary 110 may comprise … . In certain embodiments, the supplier may be provided with a performance rating in the form of supplier preference tiers (e.g. “Gold Supplier,” “Silver Supplier,” “Bronze Supplier.”) As illustrated, the exemplary embodiment of FIG. 2, the SRI summary 110 indicates a “preference rating” 226 (e.g., “Gold Supplier”), which indicates possible performance benefits that may be realized by selecting the supplier.”; [0090, 0094] “As shown in FIG. 2, in addition to the SRI 102 and grade 202, an exemplary embodiment of the SRI summary 110 may also include a scorecard 204 (or current scorecard). … In addition to SRI 102 scores, scorecards 204, and a grade 304, the user interface 300 may indicate recommendations (or warnings) 306 in cases (e.g., for “Supplier 1” and “Supplier 4”). These recommendations 306 can be positive or negative in nature (e.g., warnings) and provide information 308 regarding the ramifications of selecting a particular supplier. For example, real-time risk data for suppliers who are part of preferred supplier program (e.g. “Gold Supplier” program) indicates a proven track record of meeting performance risk (based on collected historical data), and commercial and contractual requirements. In accordance with aspects of the disclosure, this information 308 increases the confidence in supplier selection, significantly reduces supplier onboarding times, and reduces the risk exposure to the organization.”; [0180] data from various sources can be saved “The security module can enable the collected information to be maintained in one data location (and common database) without the use of a partitioned database. In other words, the database is not partitioned logically (horizontally or vertically) into distinct and independent parts corresponding to different monitored supply chains, and the data and/or data structures for different monitored supply chains can be commingled and/or conform to a common data model in the database. This can enable the use of a simpler data model that enables ease of constructing relationships between enterprises and organizations, provide stability, and provide scalability. Each data row of the model can have a different schema. The data model can also enable sharing of information across and among different supply chains.”; Fig. 2 and [0090] supplier identification in Fig. 2 is as above item 204]; based on the second identification tag matching the first identification tag stored the data storage location, determining the supplier is an existing supplier; the generated initial combined risk score and the generated output [for the limitations above, see at least Fig. 8 and [0108] “FIG. 8 is an exemplary performance detailed view 814, which provides historical performance data for completed scorecards and insights into scores, IRR, risk ratings, engagement status and contract start/end dates for engagements with completed scorecards in accordance with aspects of the disclosure. As shown in FIG. 8, the detailed view 814 may include listed IDs 805, an IRR category 810 (e.g., “high,” “medium,” or “low”), a numerical rating 815, a completion date 820, a scorecard due date 825, an engagement status 830, a contract start date 835, and a contract end date 840.”]; based on the generated at least one of the variable 1 or the variable 2, generate an updated combined risk score for the supplier [see at least [0069] “As is illustrated in FIG. 1, in an exemplary embodiment, a supplier risk index 102 (SRI) is determined. As shown, in some exemplary embodiments, the SRI 102 may be based on three inputs. The first input is an inherent risk rating (IRR) 104 of the supplier. The second input is a control assessment 106 of the supplier. The third input is a combination of additional supplier risk attributes 108 of the supplier.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Linton with Connell to include the limitation(s) above as disclosed by Connell. Doing so would improve Linton’s (Linton) supplier evaluation methodology via “determining the risk associated with a supplier and presenting that information to those responsible for selecting suppliers for a particular good and service, which accounts for relevant factors including both supplier characteristics and characteristics of the good and/or service supplied” [see at least Connell [0003-0006] ]. Furthermore, all of the claimed elements were known in the prior arts of a) Linton and b) Connell and c) one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Connell also teaches generate a likelihood score for the supplier, the generated likelihood score indicating a likelihood the new supplier will be a victim of one or more of a cyber-attack or an operational failure – claim 13 [see at least [0086] “determining a supplier's SRI 102 also include accounting for other risk attributes 152. These other risk attributes 152 may include, for example, financial viability assessments 154 (FVA), … an analysis of concentration of risk 158, a performance rating 160 attributed to the supplier by a delivery manager that results from prior supplier engagements with the rated supplier, a vulnerability impact assessment 162, and reporting on cyber incidents 164. Cyber incidents 164 may include, for example, cyber-attacks directed against the supplier that may impact the operations and/or data of the organization. Severity of attacks, breaches, data loss, action plan performance, delays in remediating vulnerabilities, and delays in remediating application controls as measured by agreed upon timeliness or organizational standards are considered and may have varying degrees of impact to the other risk attributes 152. For example, concentration of risk 158 may exist (or be deemed high) when a limited number of suppliers or subcontractors are used to provide similar services.”]. Linton in view of Connell doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as supplier risk assessment, Brown discloses evaluate the generated combined risk score relative to a dynamic risk threshold [Examiner notes, it is unclear if applicant has not acted as his or her own lexicographer to specifically define or redefine dynamic risk threshold in instant specification [0018, 0056, 0085] therefore the broadest reasonable interpretation is being used, then see at least [0059] “At step 214, a supplier ranking is created, where the identified suppliers are ranked according to their risk. The ranking may be based on the risk scores, environmental factors, and/or any other suitable information. … Risk score information, ranking, information associated with the identified suppliers, and/or any other suitable information may be displayed at step 215, for example, on GUI 116.”; [0060] “At step 216, the method determines whether the risk assessment should continue. If not, the method ends. Otherwise, the method proceeds with step 218. In this step, additional risk-related criteria (e.g., additional questions) may be added into the existing pool of criteria. For example, an administrator of risk assessment module 112 and/or an associate of organization 103 may add new criteria in order to incorporate different types of risk into the risk assessment.”; [0040-0041] “Results data 142 includes risk scores calculated according to rules and instructions specified in management software 138 and management data 140. In certain embodiments, results data 142 includes a data structure 114 that indicates calculated risk scores for suppliers 104, any applicable environmental factors for each supplier 104, and whether an additional assessment will be performed. In the depicted embodiment, Company A has a risk score of 60, Company B has a risk score of 80, and both Company C and Company D have a risk score of 75. Additionally, risk assessment module 112 has determined that Company C is subject to an OCC consent order, which may require more stringent protocols for its processes. The last column of data structure 114 indicates that risk assessment module 112 recommends that Company B and Company C should have additional assessments. Risk assessment module 112 does not recommend additional assessments for Company A and Company D.”; [0061, 0045] “The method proceeds again to step 206, where previous selections may be updated and new selections are determined for new criteria added in step 218. These updates allow for an updated risk score to be calculated in step 210.”; [0044] “For a particular supplier 104 chosen for an additional assessment, risk assessment module 112 generates risk assessment information 110. Risk assessment information 110 includes any information suitable for effecting an additional assessment of supplier 104. For example, risk assessment information 110 includes a form with additional questions to be answered for supplier 104.”; [0057] “The risk related criteria may have been previously provided in the form of a questionnaire provided to the identified suppliers.”], the dynamic risk threshold based on organization-focused dynamics and one or more supplier-focused dynamics [the limitation is interpreted based on broadest reasonable interpretation of instant specification [0018], see at least [0040-0041] “In certain embodiments, risk assessment module may create a ranking of the suppliers 104 included in a risk assessment. The ranking may be built according to risk score, from highest level of risk to lowest level of risk or vice versa. A certain amount of the top-ranked (i.e., highest risk) suppliers may be recommended for additional assessment. A predetermined threshold may exist for the risk score above which risk assessment module 112 will recommend an additional assessment for a particular supplier 114. For example, the embodiment depicted includes a threshold of 78. Because Company B's risk score is greater than the threshold, risk assessment module 112 recommends Company B for additional assessment. Even though Company C has a risk score lower than this threshold, risk assessment module 112 recommends Company C for additional assessment because Company C is subject to an OCC consent order. Risk assessment module 112 may use a secondary threshold for suppliers associated with environmental factors, where this secondary threshold is determined in any suitable manner. For example, the secondary threshold may be set at a predetermined value, such as 70 in the depicted embodiment. In certain embodiments, a secondary threshold may be a function of a primary threshold value, type of environmental factor, the number of environmental factors associated with the particular supplier, and/or any other suitable factor.”; [0028] further define secondary threshold may be a function of any other suitable factor (of [0041]) to include organization-focused dynamics and one or more supplier-focused dynamics “As another example, organization 103 may be the entity subject to an OCC consent order, where a particular supplier 104 provides organization 103 with the services subject to the new requirements. Other examples of environmental factors include results of audits on the practices of supplier 104 and/or organization 103, service areas designated as high risk, changes in the structure of applicable oversight agencies, media attention, customer complaints, news/media/legal settlements, and/or any other suitable factor.”]; evaluate the updated combined risk score relative to the dynamic risk threshold [see at least [0044] “For a particular supplier 104 chosen for an additional assessment, risk assessment module 112 generates risk assessment information 110. Risk assessment information 110 includes any information suitable for effecting an additional assessment of supplier 104. For example, risk assessment information 110 includes a form with additional questions to be answered for supplier 104.”; [0046] “The answers/information corresponding to the criteria included in risk assessment information 110 for supplier 104 chosen for additional assessment may be provided directly by supplier 104.”; [0061, 0045] “At step 220, the method modifies the priority level associated with the risk-related criteria. In this step, the criteria may receive different priority levels that account for the importance of the new criteria added in step 218. For example, a new criterion added at step 218 may now have the highest priority of all criteria while all the previously included criteria moves down to the next lower priority level. The method proceeds again to step 206, where previous selections may be updated and new selections are determined for new criteria added in step 218. These updates allow for an updated risk score to be calculated in step 210.”]; and based on the evaluation of the updated combined risk score relative to the dynamic risk threshold, generate a second output including the generated initial combined risk score [see at least [0059] “Risk score information, ranking, information associated with the identified suppliers, and/or any other suitable information may be displayed at step 215, for example, on GUI 116.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Linton in view of Connell with Brown to include the limitation(s) above as disclosed by Brown. Doing so would improve Linton in view of Connell’s (Linton) supplier evaluation methodology via a) determine the risk associated with using a supplier across the various lines of business within a business and b) “forecasting risk associated with a supplier before engaging that supplier to provide goods and/or services for an organization.” [see at least Brown [0003-0007] ]. Furthermore, all of the claimed elements were known in the prior arts of a) Linton and b) Brown and c) one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Linton in view of Connell and Brown doesn’t/don’t explicitly teach but Harris discloses based on the determination the supplier is the existing supplier, retrieving, from the data storage location, the data [for the limitations above, see at least [0049, 0061, 0063, ] “In step 402, a selection of a supplier identifier value that identifies a supplier during a supplier onboarding process in an e-procurement system is received. … Referring again to FIG. 4, in step 404, a digital data repository of the e-procurement system is queried to seek a data record matching the selected supplier identifier value. … In step 406, in response to determining that the data repository has a record matching the selected supplier identifier, a risk score value associated with the selected supplier identifier is identified from a dataset of risk score values that is stored in the data repository.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Linton in view of Connell and Brown with Harris to include the limitation(s) above as disclosed by Harris. Doing so would improve Linton in view of Connell and Brown’s (Linton) supplier evaluation methodology via a) determine the risk associated with using a supplier across the various lines of business within a business and b) “forecasting risk associated with a supplier before engaging that supplier to provide goods and/or services for an organization.” [see at least Harris [0003-0007] ]. Furthermore, all of the claimed elements were known in the prior arts of a) Linton and b) Harris and c) one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Regarding claim 21, modified Linton teaches the system of claim 13, as well as updated combined risk. Modified Linton doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as supplier risk assessment, Brown discloses based on the generated combined risk score being greater than a dynamic risk threshold, triggering an additional analysis of the supplier [Examiner notes, it is unclear if applicant has not acted as his or her own lexicographer to specifically define or redefine dynamic risk threshold in instant specification [0018, 0056, 0085] therefore the broadest reasonable interpretation is being used, then see at least [0059] “At step 214, a supplier ranking is created, where the identified suppliers are ranked according to their risk. The ranking may be based on the risk scores, environmental factors, and/or any other suitable information. … Risk score information, ranking, information associated with the identified suppliers, and/or any other suitable information may be displayed at step 215, for example, on GUI 116.”; [0060] “At step 216, the method determines whether the risk assessment should continue. If not, the method ends. Otherwise, the method proceeds with step 218. In this step, additional risk-related criteria (e.g., additional questions) may be added into the existing pool of criteria. For example, an administrator of risk assessment module 112 and/or an associate of organization 103 may add new criteria in order to incorporate different types of risk into the risk assessment.”; [0040-0041] “Results data 142 includes risk scores calculated according to rules and instructions specified in management software 138 and management data 140. In certain embodiments, results data 142 includes a data structure 114 that indicates calculated risk scores for suppliers 104, any applicable environmental factors for each supplier 104, and whether an additional assessment will be performed. In the depicted embodiment, Company A has a risk score of 60, Company B has a risk score of 80, and both Company C and Company D have a risk score of 75. Additionally, risk assessment module 112 has determined that Company C is subject to an OCC consent order, which may require more stringent protocols for its processes. The last column of data structure 114 indicates that risk assessment module 112 recommends that Company B and Company C should have additional assessments. Risk assessment module 112 does not recommend additional assessments for Company A and Company D.”; [0061, 0045] “The method proceeds again to step 206, where previous selections may be updated and new selections are determined for new criteria added in step 218. These updates allow for an updated risk score to be calculated in step 210.”; [0044] “For a particular supplier 104 chosen for an additional assessment, risk assessment module 112 generates risk assessment information 110. Risk assessment information 110 includes any information suitable for effecting an additional assessment of supplier 104. For example, risk assessment information 110 includes a form with additional questions to be answered for supplier 104.”; [0057] “The risk related criteria may have been previously provided in the form of a questionnaire provided to the identified suppliers.”]; and based on the additional analysis, performing a second evaluation of the generated combined risk score to the dynamic risk threshold [see at least [0044] “For a particular supplier 104 chosen for an additional assessment, risk assessment module 112 generates risk assessment information 110. Risk assessment information 110 includes any information suitable for effecting an additional assessment of supplier 104. For example, risk assessment information 110 includes a form with additional questions to be answered for supplier 104.”; [0046] “The answers/information corresponding to the criteria included in risk assessment information 110 for supplier 104 chosen for additional assessment may be provided directly by supplier 104.”; [0061, 0045] “The method proceeds again to step 206, where previous selections may be updated and new selections are determined for new criteria added in step 218. These updates allow for an updated risk score to be calculated in step 210.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify modified Linton with Brown to include the limitation(s) above as disclosed by Brown. Doing so would improve modified Linton’s (Linton) supplier evaluation methodology via a) determine the risk associated with using a supplier across the various lines of business within a business and b) “forecasting risk associated with a supplier before engaging that supplier to provide goods and/or services for an organization.” [see at least Brown [0003-0007] ]. Furthermore, all of the claimed elements were known in the prior arts of a) modified Linton and b) Brown and c) one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Regarding claim 22, modified Linton teaches the system of claim 21, as well as impact score or likelihood score. Modified Linton doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as supplier risk assessment, Brown discloses wherein, to perform the additional analysis, is further configured to: generating a questionnaire, the questionnaire including at least one question that, when answered, provides additional information regarding at least one of the different types of risk of an event of the supplier [see at least [0060] “At step 216, the method determines whether the risk assessment should continue. If not, the method ends. Otherwise, the method proceeds with step 218. In this step, additional risk-related criteria (e.g., additional questions) may be added into the existing pool of criteria. For example, an administrator of risk assessment module 112 and/or an associate of organization 103 may add new criteria in order to incorporate different types of risk into the risk assessment.”; [0044] “For a particular supplier 104 chosen for an additional assessment, risk assessment module 112 generates risk assessment information 110. Risk assessment information 110 includes any information suitable for effecting an additional assessment of supplier 104. For example, risk assessment information 110 includes a form with additional questions to be answered for supplier 104.”; [0045] “As to information included based on a particular category of risk, risk assessment information 110 may include questions specifically tailored to the risk categories for which supplier 104 has high risk scores while excluding questions tailored to risk categories for which supplier 104 has low risk scores. As to environmental factors, risk assessment information 110 may include questions tailored to compliance with OCC consent orders, procedures identified for improvement in an audit, and/or any other suitable question. As another example, risk assessment information 110 may include specific questions tailored to a supplier type associated with supplier 104, such as shipping servicer, food services supplier, website developer, and/or any other suitable supplier type.”]; transmitting the questionnaire to the supplier; receiving a response from the supplier, the received response including the additional information responding to the at least one question; and analyzing the received additional information received from the supplier [for the limitations above, see at least [0060] “At step 216, the method determines whether the risk assessment should continue. If not, the method ends. Otherwise, the method proceeds with step 218. In this step, additional risk-related criteria (e.g., additional questions) may be added into the existing pool of criteria. For example, an administrator of risk assessment module 112 and/or an associate of organization 103 may add new criteria in order to incorporate different types of risk into the risk assessment.”; [0057] “The risk related criteria may have been previously provided in the form of a questionnaire provided to the identified suppliers.”; [0046] “The answers/information corresponding to the criteria included in risk assessment information 110 for supplier 104 chosen for additional assessment may be provided directly by supplier 104.”; [0061, 0045] “The method proceeds again to step 206, where previous selections may be updated and new selections are determined for new criteria added in step 218. These updates allow for an updated risk score to be calculated in step 210.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify modified Linton with Brown to include the limitation(s) above as disclosed by Brown. Doing so would improve modified Linton’s (Linton) supplier evaluation methodology via a) determine the risk associated with using a supplier across the various lines of business within a business and b) “forecasting risk associated with a supplier before engaging that supplier to provide goods and/or services for an organization.” [see at least Brown [0003-0007] ]. Furthermore, all of the claimed elements were known in the prior arts of a) modified Linton and b) Brown and c) one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Claim(s) 23-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Linton in view of Connell, Brown, and Harris as applied to claim(s) 13 above and further in view of Tam et al. (US 2022/0101113 A1). Regarding claim 23, modified Linton teaches the system of claim 13, as well as impact score and likelihood score. Modified Linton doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as scoring, Tam discloses wherein the processor is further configured to: implement a first machine-learning (ML) model to generate the score; implement a second ML model to generate the score [see at least [0078] one or more machine learning models that generate scores “In at least one embodiment, one or more transformer-based language neural networks 302 include a scoring function to sum and normalize a score of an association between each word of a query phrase and each word of a target phrase.”; [0399, 0274] iterative neural networks; [0399] “In at least one embodiment, and without limitation, machine learning models used by system 4400 may include machine learning model(s) using … neural networks (e.g., auto-encoders, convolutional, recurrent, perceptrons, Long/Short Term Memory (LSTM), Bi-LSTM, Hopfield, Boltzmann, deep belief, deconvolutional, generative adversarial, liquid state machine, etc.), and/or other types of machine learning models.”; [0274] “In at least one embodiment, second layer 3212 may be referred to as a “recurrent layer.” In at least one embodiment, neuromorphic processor 3200 may include, without limitation, any suitable combination of recurrent layers and feed-forward layers, including, without limitation, both sparsely connected feed-forward layers and fully connected feed-forward layers.”; [0056, 0058, 0068, 0382, 0398] iterative training using training data or feedback; [0056] “In at least one embodiment, code and/or data storage 101 stores weight parameters and/or input/output data of each layer of a neural network trained or used in conjunction with one or more embodiments during forward propagation of input/output data and/or weight parameters during training and/or inferencing using aspects of one or more embodiments.”; [0058] “In at least one embodiment, code and/or data storage 105 stores weight parameters and/or input/output data of each layer of a neural network trained or used in conjunction with one or more embodiments during backward propagation of input/output data and/or weight parameters during training and/or inferencing using aspects of one or more embodiments.”; [0068] “In at least one embodiment, training framework 204 trains untrained neural network 206 until untrained neural network 206 achieves a desired accuracy. In at least one embodiment, trained neural network 208 can then be deployed to implement any number of machine learning operations.”; [0382] “In at least one embodiment, a training pipeline 4404 (FIG. 44) may include a scenario where facility 4302 is training their own machine learning model, or has an existing machine learning model that needs to be optimized or updated. … In at least one embodiment, feedback data 4308 may be received from various channels, such as forums, web forms, or similar channels. In at least one embodiment, once feedback data 4308 is received, AI-assisted annotation 4310 may be used to aid in generating annotations corresponding to feedback data 4308 to be used as ground truth data for a machine learning model. In at least one embodiment, AI-assisted annotation 4310 may include one or more machine learning models (e.g., convolutional neural networks (CNNs)) that may be trained to generate annotations corresponding to certain types of feedback data 4308 (e.g., from certain devices) and/or certain types of anomalies in feedback data 4308.”; [0398] “In at least one embodiment, training system 4304 may execute training pipelines 4404, similar to those described herein with respect to FIG. 43. In at least one embodiment, where one or more machine learning models are to be used in deployment pipelines 4410 by deployment system 4306, training pipelines 4404 may be used to train or retrain one or more (e.g., pre-trained) models, and/or implement one or more of pre-trained models 4306 (e.g., without a need for retraining or updating). In at least one embodiment, as a result of training pipelines 4404, output model(s) 4316 may be generated. In at least one embodiment, training pipelines 4404 may include any number of processing steps, AI-assisted annotation 4310, labeling or annotating of feedback data 4308 to generate labeled data 4312, model selection from a model registry, model training 4314, training, retraining, or updating models, and/or other processing steps.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify modified Linton with Tam to include the limitation(s) above as disclosed by Tam. Doing so would help ensure that modified Linton’s (Linton) scoring is improved by utilizing machine learning such as neural network which will resolve computationally difficult problems such as pattern matching or optimization [see at least Tam [0002] ]. Furthermore, all of the claimed elements were known in the prior arts of modified Linton and Tam and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Regarding claim 24, modified Linton teaches the system of claim 23, as well as impact score and likelihood score. Modified Linton doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as scoring, Tam discloses wherein the processor is further configured to: receive feedback regarding the generated score; and based on the received feedback, update the first ML model [see at least [0078] one or more machine learning models that generate scores “In at least one embodiment, one or more transformer-based language neural networks 302 include a scoring function to sum and normalize a score of an association between each word of a query phrase and each word of a target phrase.”; [0399, 0274] iterative neural networks; [0399] “In at least one embodiment, and without limitation, machine learning models used by system 4400 may include machine learning model(s) using … neural networks (e.g., auto-encoders, convolutional, recurrent, perceptrons, Long/Short Term Memory (LSTM), Bi-LSTM, Hopfield, Boltzmann, deep belief, deconvolutional, generative adversarial, liquid state machine, etc.), and/or other types of machine learning models.”; [0274] “In at least one embodiment, second layer 3212 may be referred to as a “recurrent layer.” In at least one embodiment, neuromorphic processor 3200 may include, without limitation, any suitable combination of recurrent layers and feed-forward layers, including, without limitation, both sparsely connected feed-forward layers and fully connected feed-forward layers.”; [0056, 0058, 0068, 0382, 0398] iterative training using training data or feedback; [0056] “In at least one embodiment, code and/or data storage 101 stores weight parameters and/or input/output data of each layer of a neural network trained or used in conjunction with one or more embodiments during forward propagation of input/output data and/or weight parameters during training and/or inferencing using aspects of one or more embodiments.”; [0058] “In at least one embodiment, code and/or data storage 105 stores weight parameters and/or input/output data of each layer of a neural network trained or used in conjunction with one or more embodiments during backward propagation of input/output data and/or weight parameters during training and/or inferencing using aspects of one or more embodiments.”; [0068] “In at least one embodiment, training framework 204 trains untrained neural network 206 until untrained neural network 206 achieves a desired accuracy. In at least one embodiment, trained neural network 208 can then be deployed to implement any number of machine learning operations.”; [0382] “In at least one embodiment, a training pipeline 4404 (FIG. 44) may include a scenario where facility 4302 is training their own machine learning model, or has an existing machine learning model that needs to be optimized or updated. … In at least one embodiment, feedback data 4308 may be received from various channels, such as forums, web forms, or similar channels. In at least one embodiment, once feedback data 4308 is received, AI-assisted annotation 4310 may be used to aid in generating annotations corresponding to feedback data 4308 to be used as ground truth data for a machine learning model. In at least one embodiment, AI-assisted annotation 4310 may include one or more machine learning models (e.g., convolutional neural networks (CNNs)) that may be trained to generate annotations corresponding to certain types of feedback data 4308 (e.g., from certain devices) and/or certain types of anomalies in feedback data 4308.”; [0398] “In at least one embodiment, training system 4304 may execute training pipelines 4404, similar to those described herein with respect to FIG. 43. In at least one embodiment, where one or more machine learning models are to be used in deployment pipelines 4410 by deployment system 4306, training pipelines 4404 may be used to train or retrain one or more (e.g., pre-trained) models, and/or implement one or more of pre-trained models 4306 (e.g., without a need for retraining or updating). In at least one embodiment, as a result of training pipelines 4404, output model(s) 4316 may be generated. In at least one embodiment, training pipelines 4404 may include any number of processing steps, AI-assisted annotation 4310, labeling or annotating of feedback data 4308 to generate labeled data 4312, model selection from a model registry, model training 4314, training, retraining, or updating models, and/or other processing steps.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify modified Linton with Tam to include the limitation(s) above as disclosed by Tam. Doing so would help ensure that modified Linton’s (Linton) scoring is improved by utilizing machine learning such as neural network which will resolve computationally difficult problems such as pattern matching or optimization [see at least Tam [0002] ]. Furthermore, all of the claimed elements were known in the prior arts of modified Linton and Tam and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Regarding claim 25, modified Linton teaches the system of claim 23, as well as impact score and likelihood score. Modified Linton doesn’t/don’t explicitly teach but, in the field pertinent to the particular problem with which the applicant was concerned such as scoring, Tam discloses wherein the processor is further configured to: receive feedback regarding the generated score; and based on the received feedback, update the second ML model [see at least [0078] one or more machine learning models that generate scores “In at least one embodiment, one or more transformer-based language neural networks 302 include a scoring function to sum and normalize a score of an association between each word of a query phrase and each word of a target phrase.”; [0399, 0274] iterative neural networks; [0399] “In at least one embodiment, and without limitation, machine learning models used by system 4400 may include machine learning model(s) using … neural networks (e.g., auto-encoders, convolutional, recurrent, perceptrons, Long/Short Term Memory (LSTM), Bi-LSTM, Hopfield, Boltzmann, deep belief, deconvolutional, generative adversarial, liquid state machine, etc.), and/or other types of machine learning models.”; [0274] “In at least one embodiment, second layer 3212 may be referred to as a “recurrent layer.” In at least one embodiment, neuromorphic processor 3200 may include, without limitation, any suitable combination of recurrent layers and feed-forward layers, including, without limitation, both sparsely connected feed-forward layers and fully connected feed-forward layers.”; [0056, 0058, 0068, 0382, 0398] iterative training using training data or feedback; [0056] “In at least one embodiment, code and/or data storage 101 stores weight parameters and/or input/output data of each layer of a neural network trained or used in conjunction with one or more embodiments during forward propagation of input/output data and/or weight parameters during training and/or inferencing using aspects of one or more embodiments.”; [0058] “In at least one embodiment, code and/or data storage 105 stores weight parameters and/or input/output data of each layer of a neural network trained or used in conjunction with one or more embodiments during backward propagation of input/output data and/or weight parameters during training and/or inferencing using aspects of one or more embodiments.”; [0068] “In at least one embodiment, training framework 204 trains untrained neural network 206 until untrained neural network 206 achieves a desired accuracy. In at least one embodiment, trained neural network 208 can then be deployed to implement any number of machine learning operations.”; [0382] “In at least one embodiment, a training pipeline 4404 (FIG. 44) may include a scenario where facility 4302 is training their own machine learning model, or has an existing machine learning model that needs to be optimized or updated. … In at least one embodiment, feedback data 4308 may be received from various channels, such as forums, web forms, or similar channels. In at least one embodiment, once feedback data 4308 is received, AI-assisted annotation 4310 may be used to aid in generating annotations corresponding to feedback data 4308 to be used as ground truth data for a machine learning model. In at least one embodiment, AI-assisted annotation 4310 may include one or more machine learning models (e.g., convolutional neural networks (CNNs)) that may be trained to generate annotations corresponding to certain types of feedback data 4308 (e.g., from certain devices) and/or certain types of anomalies in feedback data 4308.”; [0398] “In at least one embodiment, training system 4304 may execute training pipelines 4404, similar to those described herein with respect to FIG. 43. In at least one embodiment, where one or more machine learning models are to be used in deployment pipelines 4410 by deployment system 4306, training pipelines 4404 may be used to train or retrain one or more (e.g., pre-trained) models, and/or implement one or more of pre-trained models 4306 (e.g., without a need for retraining or updating). In at least one embodiment, as a result of training pipelines 4404, output model(s) 4316 may be generated. In at least one embodiment, training pipelines 4404 may include any number of processing steps, AI-assisted annotation 4310, labeling or annotating of feedback data 4308 to generate labeled data 4312, model selection from a model registry, model training 4314, training, retraining, or updating models, and/or other processing steps.”]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify modified Linton with Tam to include the limitation(s) above as disclosed by Tam. Doing so would help ensure that modified Linton’s (Linton) scoring is improved by utilizing machine learning such as neural network which will resolve computationally difficult problems such as pattern matching or optimization [see at least Tam [0002] ]. Furthermore, all of the claimed elements were known in the prior arts of modified Linton and Tam and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention. Conclusion When responding to the office action, any new claims and/or limitations should be accompanied by a reference as to where the new claims and/or limitations are supported in the original disclosure. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP §706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES WEBB whose telephone number is (313)446-6615. The examiner can normally be reached on M-F 10-3. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jerry O’Connor can be reached on (571) 272-6787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAMES WEBB/Examiner, Art Unit 3624
Read full office action

Prosecution Timeline

Oct 09, 2024
Application Filed
Oct 21, 2025
Non-Final Rejection mailed — §101, §103
Jan 21, 2026
Response Filed
Jun 15, 2026
Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12524716
Operations Management Network System and Method
6y 8m to grant Granted Jan 13, 2026
Patent 12045747
TALENT PLATFORM EXCHANGE AND RECRUITER MATCHING SYSTEM
1y 0m to grant Granted Jul 23, 2024
Patent 12008606
VOLUNTEER CONNECTION SYSTEM
2y 1m to grant Granted Jun 11, 2024
Patent 11907874
APPARATUS AND METHOD FOR GENERATION AN ACTION VALIDATION PROTOCOL
1y 7m to grant Granted Feb 20, 2024
Patent 11861534
SYSTEM, METHOD, AND COMPUTER PROGRAM FOR SCHEDULING CANDIDATE INTERVIEW
3y 3m to grant Granted Jan 02, 2024
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
15%
Grant Probability
38%
With Interview (+23.6%)
3y 9m (~1y 11m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 205 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month