Prosecution Insights
Last updated: July 17, 2026
Application No. 18/914,034

APPARATUS AND METHOD FOR PROVIDING CYBER SECURITY DEFENSE IN DIGITAL ENVIRONMENTS

Non-Final OA §101§102§112
Filed
Oct 11, 2024
Priority
May 31, 2022 — provisional 63/347,389 +2 more
Examiner
LOPEZ, MIGUEL ALEXANDER
Art Unit
Tech Center
Assignee
As0001 Inc.
OA Round
1 (Non-Final)
8%
Grant Probability
At Risk
1-2
OA Rounds
1y 4m
Est. Remaining
20%
With Interview

Examiner Intelligence

Grants only 8% of cases
8%
Career Allowance Rate
2 granted / 26 resolved
-52.3% vs TC avg
Moderate +12% lift
Without
With
+12.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
26 currently pending
Career history
60
Total Applications
across all art units

Statute-Specific Performance

§101
0.4%
-39.6% vs TC avg
§103
73.1%
+33.1% vs TC avg
§102
18.9%
-21.1% vs TC avg
§112
4.9%
-35.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 26 resolved cases

Office Action

§101 §102 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows: The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). The disclosure of the prior-filed applications, Application No. 63/457,671, 63/347,389, and 18/203,630 fail to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for one or more claims of this application. None of the relied upon applications provide adequate written description support for the claim limitations “wherein analyzing the cyber profile and the security posture comprises identifying at least one area of vulnerability for a digital environment; calculate a security assessment for a cybersecurity program based on analyzing the cyber profile and security posture utilizing a machine learning model” found in claims 1, 10, and 19. None of the relied upon applications provide adequate written description support for the claim limitations “initiate a cyber-attack defense program issuance based on the security assessment; and generate the user interface data structure that further includes the cyber-attack defense program issuance” found in claims 3 and 12. None of the relied upon applications provide adequate written description support for the claim limitations “wherein calculating the cyber coverage amount comprises utilizing the machine learning model” found in claims 8 and 17. None of the relied upon applications provide adequate written description support for the claim limitations “wherein classifying data from the cyber profile and the security posture comprises utilizing the machine learning model” found in claims 9 and 18. Accordingly, claims 1-20 are not entitled to the benefit of the prior-filed applications. Information Disclosure Statement The information disclosure statements (IDS) submitted on 10/11/2024, 11/18/2024, 03/03/2025, 09/29/2025, 12/05/2025, 03/19/2026, 05/03/2026, and 05/11/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Drawings The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference character “700” has been used to refer to different interfaces of Figures 7A-7J. Similarly, Figures 8A-8E utilize the same reference character “800” to refer to different interfaces, reference character “900” for Figures 9A-9H respectively, and so on. This deficiency is found in the following figures: Figures 7A-7J, 7L-7O, 8A-8E, 9A-9H, 10A-10E, 11A-11D, 13A-13E, 14A-14B, 15A-15G, 16A-16D, 18A-18C, 20A-20B, and 21A-21B with the respective reference characters 700, 800, 900, 1000, 1100, 1200, 1300, 1400, 1500, 1600, 1800, 2000, and 2100. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance. Specification The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification. The disclosure is objected to because of the following informalities: Paragraphs [0037] and [0041] refer to “Figure 1” generically, while there is no Figure 1 specifically, there is Figure 1A and Figure 1B. The citation to “Figure 1” should be amended such that it properly references the correct figures. Paragraphs [0049] refers to “FIGS. 2-49” while the originally filed figure numbers only go up to Figure 24. The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the following is required: The specification fails to provide proper antecedent basis for the claim terms: Calculate a cyber coverage amount as a function of the request decision Cyber profile Digital environment Cyber-attack defense program issuance Temporary cyber-attack defense program Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Regarding Claims 1, 10, and 19: Independent claim 1, 7, and 14 recite the limitations “wherein analyzing the cyber profile and the security posture comprises identifying at least one area of vulnerability for a digital environment; calculate a security assessment for a cybersecurity program based on analyzing the cyber profile and security posture utilizing a machine learning model; … determine a request decision based on the cybersecurity program and the request; calculate a cyber coverage amount as a function of the request decision”. The limitations in question do not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. The originally filed disclosure is devoid of any description regarding how the claimed invention performs the specialized claim functions of identifying at least one area of vulnerability for a digital environment, calculating a security assessment based on a machine learning model, determining a request decision based on the program and request, and calculating a cyber coverage amount as a function of the request decision. The limitations, at most, only appear as repetitions of claim language in the abstract, or within the originally filed claims themselves, which is insufficient with regard to the requirements under § 112(a) as in MPEP 2161.01, "computer-implemented functional claim language must still be evaluated for sufficient disclosure under the written description". And MPEP 2161.01(I) "generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed." For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date. As in MPEP 2161.01 (I), "The description requirement of the patent statute requires a description of an invention, not an indication of a result that one might achieve if one made that invention." It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015). AS in MPEP 2161.01 “For instance, generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed. Ariad, 598 F.3d at 1349-50, 94 USPQ2d at 1171 ("[A]n adequate written description of a claimed genus requires more than a generic statement of an invention’s boundaries.") (citing Eli Lilly, 119 F.3d at 1568, 43 USPQ2d at 1405-06); Enzo Biochem, Inc. v. Gen-Probe, Inc., 323 F.3d 956, 968, 63 USPQ2d 1609, 1616 (Fed. Cir. 2002) (holding that generic claim language appearing in ipsis verbis in the original specification did not satisfy the written description requirement because it failed to support the scope of the genus claimed); Fiers v. Revel, 984 F.2d 1164, 1170, 25 USPQ2d 1601, 1606 (Fed. Cir. 1993) (rejecting the argument that "only similar language in the specification or original claims is necessary to satisfy the written description requirement").” “The Federal Circuit has explained that a specification cannot always support expansive claim language and satisfy the requirements of 35 U.S.C. 112 "merely by clearly describing one embodiment of the thing claimed." LizardTech v. Earth Resource Mapping, Inc., 424 F.3d 1336, 1346, 76 USPQ2d 1731, 1733 (Fed. Cir. 2005). The issue is whether a person skilled in the art would understand applicant to have invented, and been in possession of, the invention as broadly claimed. In LizardTech, claims to a generic method of making a seamless discrete wavelet transformation (DWT) were held invalid under 35 U.S.C. 112, first paragraph, because the specification taught only one particular method for making a seamless DWT and there was no evidence that the specification contemplated a more generic method. "[T]he description of one method for creating a seamless DWT does not entitle the inventor . . . to claim any and all means for achieving that objective." LizardTech, 424 F.3d at 1346, 76 USPQ2d at 1733.” Dependent claims 8 and 17 recite “wherein calculating the cyber coverage amount comprises utilizing the machine learning model”. There is no support in the disclosure regarding how the inventor intended to perform these various claimed functionalities. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. The originally filed disclosure is silent with respect to how the inventor intended to achieve the claimed desired function of configuring a machine learning model to preferably calculate the cyber coverage amount. Dependent claims 9 and 18 recite “wherein classifying data from the cyber profile and the security posture comprises utilizing the machine learning model”. There is no support in the disclosure regarding how the inventor intended to perform these various claimed functionalities. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. The originally filed disclosure is silent with respect to how the inventor intended to achieve the claimed desired function of configuring a machine learning model to preferably calculate the cyber coverage amount. Respective dependent claims fall together accordingly. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The terms “cyber profile, digital environment, calculate a cyber coverage amount as a function of the request decision, cyber-attack defense program issuance, temporary cyber-attack defense program” found throughout the original claims are terms which currently render the claims indefinite. The terms “cyber profile, digital environment, calculate a cyber coverage amount as a function of the request decision, cyber-attack defense program issuance, temporary cyber-attack defense program” are not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. One of ordinary skill would not be appraised of the scope of the broadest reasonable interpretation of the claim terms “cyber profile, digital environment, calculate a cyber coverage amount as a function of the request decision, cyber-attack defense program issuance, temporary cyber-attack defense program” because there are no definitions of the terms provided in the originally filed disclosure as of the current record. Claims 5-6 and 14-15 recite the limitation “temporary cyber-attack defense program”. The term “temporary cyber-attack defense program” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. One of ordinary skill in the art would not be apprised of the scope of the broadest reasonable interpretation of what length of time would be considered temporary as opposed to not temporary, and the specification does not indicate the requisite degree. Independent claims 1, 10, and 19 recite the limitation “receive a request based on the cybersecurity program”. The recited function does not follow from the structure recited in the claim, so it is unclear whether the function requires some other structure or is simply a result of operating the “device” in a certain manner. Thus, one of ordinary skill in the art would not be able to draw a clear boundary between what is and is not covered by the claim. See MPEP 2173.05(g) for more information. Claims 9 and 18 recites the limitation "wherein classifying data from the cyber profile and the security posture comprises utilizing the machine learning model" in lines 1-2. There is insufficient antecedent basis for this limitation in the claim. Dependent claims fall together accordingly. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. ***receiving is tied to the computer because it cannot be performed in the mind Independent claim(s) 1 recite(s) analyze a cyber profile and a security posture, wherein analyzing the cyber profile and the security posture comprises identifying at least one area of vulnerability for a digital environment; calculate a security assessment for a cybersecurity program based on analyzing the cyber profile and security posture utilizing a machine learning model; [receive] a request based on the cybersecurity program; determine a request decision based on the cybersecurity program and the request; calculate a cyber coverage amount as a function of the request decision; [and generate a user interface data structure] including the security assessment and the request; [and provide the user interface data structure for displaying] the security assessment and the cyber coverage amount. Under the 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”), effective January 7, 2019, independent claim 1 is directed to an abstract idea without being significantly more nor being integrated into a practical application. The claimed invention analyzes “a cyber profile and a security posture”, calculates “a security assessment for a cybersecurity program”, [receives] “a request based on the cybersecurity program”, determines “a request decision based on the cybersecurity program and the request”, calculates “a cyber coverage amount as a function of the request decision”, generates “a user interface data structure including the security assessment and the request” and provides “the user interface data structure for displaying the security assessment and the cyber coverage amount”. The claim limitations identified above, as drafted, under the broadest reasonable interpretation, are broad enough to encompass limitations that can practically be performed in the human mind, including for example, observations, evaluations, judgments, and opinions. Except for an apparatus for providing cyber security defense in digital environments, the apparatus comprising: at least one processor; a memory communicatively coupled to the at least one processor, the memory containing instructions configuring the at least one processor to language in the preamble of independent claim 1, which does no more than generally link the use of the judicial exception to a particular technological environment or field of use. This judicial exception is not integrated into a practical application. The additional generically recited computer elements beyond the abstract idea, taken both individually and as a combination, in independent claim 1 does not integrate the judicial exception into a practical application. The limitation of generate a user interface data structure including the security assessment and the request; and provide the user interface data structure for displaying the security assessment and the cyber coverage amount is recited at a high level of generality (i.e. in the context of these claims, as a general way (as the claimed receive) of obtaining information and a generic GUI with a generic user interface data structure) and amounts to mere data gathering, which is a form of insignificant extra-solution activity. See MPEP 2106.05(g). Insignificant extra-solution activity and mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. For example, the originally filed disclosure and claims do not recite a specific improvement to computer technology (a new or novel GUI being defined or implemented). Accordingly, independent claim 1 is directed to an abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional computer elements of an apparatus comprising a processor and a memory, and a generic user interface data structure amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible. Therefore, independent claim(s) 10 and 19 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter for the same reasons identified above for independent claim 1. Thus, the claims 1-20 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter as the claims do not contain any element or combination of elements that is sufficient enough to ensure that the patent in practice amounts to significantly more than a patent upon the ineligible concept itself. Dependent claims 2, 11, and 20 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe what the cyber profile and posture calculation comprise. Dependent claims 3 and 12 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe initiating a cyber-defense program based on an assessment and generating a user interface which amounts to further data gathering, which is a form of insignificant extra-solution activity, further additional observations, evaluations, judgments, and opinions that can be practically performed in the human mind, and further mere instructions to apply an exception using a generic computer component. Dependent claims 4 and 13 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe what the user interface displays which amounts to further data gathering, which is a form of insignificant extra-solution activity. Dependent claims 5 and 14 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe initiating a temporary cyber-defense program based on an assessment and generating a user interface which amounts to further data gathering, which is a form of insignificant extra-solution activity, further additional observations, evaluations, judgments, and opinions that can be practically performed in the human mind, and further mere instructions to apply an exception using a generic computer component. Dependent claims 6 and 15 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe that the user interface for the temporary cyber-attack defense program is displayed which amounts to further data gathering, which is a form of insignificant extra-solution activity, further additional observations, evaluations, judgments, and opinions that can be practically performed in the human mind, and further mere instructions to apply an exception using a generic computer component. Dependent claims 7 and 16 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe that the generic graphical user interface received a user input comprising a modification which amounts to further data gathering, which is a form of insignificant extra-solution activity, and further mere instructions to apply an exception using a generic computer component. Dependent claims 8 and 17 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe that the cyber coverage calculation is performed using a machine learning model which is a form of insignificant extra-solution activity, further additional observations, evaluations, judgments, and opinions that can be practically performed in the human mind, and further mere instructions to apply an exception using a generic computer component. Dependent claims 9 and 18 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe that the data is classified and the posture comprises using a generic machine learning model which is a form of insignificant extra-solution activity, further additional observations, evaluations, judgments, and opinions that can be practically performed in the human mind, and further mere instructions to apply an exception using a generic computer component. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Cross et. al. (US Publication No. US 2023/0351026 A1) hereinafter Cross. Regarding Claims 1, 10, 19: Claim 1. Cross discloses an apparatus for providing cyber security defense in digital environments, the apparatus comprising: at least one processor; a memory communicatively coupled to the at least one processor, the memory containing instructions configuring the at least one processor to (Cross [0037-0039]; [0285], [0289-0290]): analyze a cyber profile and a security posture (Cross [0091-0095]), wherein analyzing the cyber profile and the security posture comprises identifying at least one area of vulnerability for a digital environment (Cross [0091-0095]); calculate a security assessment for a cybersecurity program based on analyzing the cyber profile and security posture utilizing a machine learning model (Cross [0111-0118] machine learning models enumerated, [0151] security architecture 500 may utilize a machine learning algorithm (e.g., a neural network, convolutional neural network, recurrent neural network, linear regression model, sparse vector machine, or any other algorithm known to a person of ordinary skill in the art); receive a request based on the cybersecurity program (Cross [0089-0090]; [0209] service requests); determine a request decision based on the cybersecurity program and the request (Cross [0159] decision support systems enumerated; [0191-0196] service level agreement compliance; [0209] service requests); calculate a cyber coverage amount as a function of the request decision (Cross [0159] decision support systems enumerated; [0191-0196] service level agreement compliance); and generate a user interface data structure including the security assessment and the request; and provide the user interface data structure for displaying the security assessment and the cyber coverage amount (Cross [0159] decision support systems enumerated; [0191-0196] service level agreement compliance and user interface of SLA may be displayed). Claims 10 and 19 contain substantially the same content and are therefore rejected under the same rationales. Cross further discloses a method (Cross [0045], claim 1); Cross further discloses a non-transitory computer readable medium (CRM) comprising one or more instructions stored thereon and executable by one or more processors to (Cross [0185-0186], [0284]). Regarding Claims 2, 11, and 20: Claim 2. Cross further discloses the apparatus of claim 1 (Cross [0037-0039]; [0285], [0289-0290]), wherein analyzing the cyber profile and the security posture further comprises calculating a risk score for the digital environment (Cross [0092] overall cybersecurity level, [0093-0095], [0067] cybersecurity risk scores). Claims 11 and 20 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 3 and 12: Claim 3. Cross further discloses the apparatus of claim 1 (Cross [0037-0039]; [0285], [0289-0290]), wherein the memory further comprises instructions configuring the at least one processor to: initiate a cyber-attack defense program issuance based on the security assessment (Cross [0091], [0190]; [0256-0261]); and generate the user interface data structure that further includes the cyber-attack defense program issuance (Cross [0060] graphical user interface disclosed; [0087] display dashboards using graphical user interfaces; [0124]; [0261-0263] dashboard showing “one or more entities including cybersecurity risk scores (e.g., intelligence, perimeter, technology, and/or security controls), multi-dimensional scores, remediation items, remediation actions/executables, assessments, security reports, data analytics, graphs, charts, historical data, historical trends, vulnerabilities, summaries, help information”). Claim 12 contains substantially the same content and is therefore rejected under the same rationales. Regarding Claims 4 and 13: Claim 4. Cross further discloses the apparatus of claim 3 (Cross [0037-0039]; [0285], [0289-0290]), wherein the memory further comprises instructions configuring the at least one processor to: provide the user interface data structure for displaying the security assessment and the cyber-attack defense program issuance (Cross [0060] graphical user interface disclosed; [0087] display dashboards using graphical user interfaces; [0124]; [0261-0263] dashboard showing “one or more entities including cybersecurity risk scores (e.g., intelligence, perimeter, technology, and/or security controls), multi-dimensional scores, remediation items, remediation actions/executables, assessments, security reports, data analytics, graphs, charts, historical data, historical trends, vulnerabilities, summaries, help information”). Claim 13 contains substantially the same content and is therefore rejected under the same rationales. Regarding Claims 5 and 14: Claim 5. Cross further discloses the apparatus of claim 1 (Cross [0037-0039]; [0285], [0289-0290]), wherein the memory further comprises instructions configuring the at least one processor to: generate a temporary cyber-attack defense program based on the security assessment (Cross [0091], [0190]; [0256-0261]); and generate the user interface data structure, wherein the user interface data structure further comprises the temporary cyber-attack defense program (Cross [0060] graphical user interface disclosed; [0087] display dashboards using graphical user interfaces; [0119] temporary communication shutoff disclosed; [0124]; [0210] SLA enumerates for an example whether the entity should provide a temporary workaround; [0261-0263] dashboard showing “one or more entities including cybersecurity risk scores (e.g., intelligence, perimeter, technology, and/or security controls), multi-dimensional scores, remediation items, remediation actions/executables, assessments, security reports, data analytics, graphs, charts, historical data, historical trends, vulnerabilities, summaries, help information”). Claim 14 contains substantially the same content and is therefore rejected under the same rationales. Regarding Claims 6 and 15: Claim 6. Cross further discloses the apparatus of claim 5 (Cross [0037-0039]; [0285], [0289-0290]), the memory further comprises instructions configuring the at least one processor to: provide the user interface data structure for displaying the security assessment and the temporary cyber-attack defense program (Cross [0060] graphical user interface disclosed; [0087] display dashboards using graphical user interfaces; [0119] temporary communication shutoff disclosed; [0124]; [0210] SLA enumerates for an example whether the entity should provide a temporary workaround; [0261-0263] dashboard showing “one or more entities including cybersecurity risk scores (e.g., intelligence, perimeter, technology, and/or security controls), multi-dimensional scores, remediation items, remediation actions/executables, assessments, security reports, data analytics, graphs, charts, historical data, historical trends, vulnerabilities, summaries, help information”). Claim 15 contains substantially the same content and is therefore rejected under the same rationales. Regarding Claims 7 and 16: Claim 7. Cross further discloses the apparatus of claim 1 (Cross [0037-0039]; [0285], [0289-0290]), wherein the user interface data structure is provided in a graphical user interface (GUI), the GUI further configured to receive a user input comprising a modification to the cybersecurity program (Cross [0060] graphical user interface disclosed; [0087] display dashboards using graphical user interfaces; [0124]; [0261-0263] dashboard showing “one or more entities including cybersecurity risk scores (e.g., intelligence, perimeter, technology, and/or security controls), multi-dimensional scores, remediation items, remediation actions/executables, assessments, security reports, data analytics, graphs, charts, historical data, historical trends, vulnerabilities, summaries, help information”; [0170] user modifications to the program interface disclosed; [0177] “a user can modify the graphical trends panel 810 utilizing the various input options (e.g., cybersecurity risk score history, cybersecurity risk score date range, cybersecurity risk score dimension) such that the graphical representations can update in response to input by the user. In some arrangements, the graphic trends can display trends in remediation items, trends in vulnerabilities, trends in data fusion operation process. In various arrangements, the graphic trends panel 810 can be modified by clicking and dragging, dropping, inserting, or removal operations to one or more areas of the graphic trends panel 810”). Claim 16 contains substantially the same content and is therefore rejected under the same rationales. Cross further discloses a user input that comprises a management action (Cross [0177] “a user can modify the graphical trends panel 810 utilizing the various input options (e.g., cybersecurity risk score history, cybersecurity risk score date range, cybersecurity risk score dimension) such that the graphical representations can update in response to input by the user. In some arrangements, the graphic trends can display trends in remediation items, trends in vulnerabilities, trends in data fusion operation process. In various arrangements, the graphic trends panel 810 can be modified by clicking and dragging, dropping, inserting, or removal operations to one or more areas of the graphic trends panel 810”). Regarding Claims 8 and 17: Claim 8. Cross further discloses the apparatus of claim 1 (Cross [0037-0039]; [0285], [0289-0290]), wherein calculating the cyber coverage amount comprises utilizing the machine learning model (Cross [0111-0118] machine learning models enumerated, [0151-0153] security architecture 500 may utilize a machine learning algorithm (e.g., a neural network, convolutional neural network, recurrent neural network, linear regression model, sparse vector machine, or any other algorithm known to a person of ordinary skill in the art)). Claim 17 contains substantially the same content and is therefore rejected under the same rationales. Regarding Claims 9 and 18: Claim 9. Cross further discloses the apparatus of claim 1 (Cross [0037-0039]; [0285], [0289-0290]), wherein classifying data from the cyber profile and the security posture comprises utilizing the machine learning model (Cross [0111-0118] machine learning models enumerated, [0151-0155] security architecture 500 may utilize a machine learning algorithm (e.g., a neural network, convolutional neural network, recurrent neural network, linear regression model, sparse vector machine, or any other algorithm known to a person of ordinary skill in the art)). Claim 18 contains substantially the same content and is therefore rejected under the same rationales. Conclusion The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.A.L./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/ Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Oct 11, 2024
Application Filed
Jul 07, 2026
Non-Final Rejection mailed — §101, §102, §112 (current)

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
8%
Grant Probability
20%
With Interview (+12.5%)
3y 1m (~1y 4m remaining)
Median Time to Grant
Low
PTA Risk
Based on 26 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month