Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Status of Claims
The following is a Final Office Action in response to Applicant’s amendment received 02/25/2026.
In accordance with Applicant’s amendment, claims 1, 11, and 19 are amended. Claims 1-20 are currently pending.
Response to Amendment
Applicant’s amendment necessitated the new ground(s) of rejection set forth in this Office Action.
Response to Arguments
Response to §101 arguments: With the exception of the arguments addressed below, Applicant’s arguments (Remarks at pgs. 8-14) concerning the §101 rejection of claims 1-20 have been considered, but are primarily raised in support of the amendments and are therefore believed to be addressed in the updated §101 rejection set forth below.
In response to applicant’s argument that under Step 2A that “the amended claims do not recite any mathematical relations, formulas, or calculations” (Remarks at pg. 8), this argument lacks merit because neither the previous §101 rejection nor the updated §101 rejection below identify limitations as setting forth limitations falling within the “Mathematical Concepts” abstract idea grouping. Accordingly, this argument is moot. In response to applicant’s suggestion that the claims do not recite an abstract idea falling under the “certain methods of organizing human activity” and “mental processes” abstract idea groupings (Remarks at pgs. 8-9), applicant’s attention is directed to the Step 2A Prong One analysis of the §101 rejection set forth in the previous and current office action, which provides step-by-step analysis explaining why each step, unless directed to an additional element, is understood as setting forth activity falling under the “certain methods of organizing human activity” and/or “mental processes” abstract idea groupings. Applicant has not specifically addressed, discussed, or effectively rebutted these findings provided in the Step 2A1 analysis of the §101 rejection. Notably, applicant’s argument fails to discuss or specifically point out any supposed errors in the findings set forth in the Step 2A Prong One analysis that provides reasons why each of the specifically addressed limitations is interpreted as setting forth or describing activity falling under one or more of the abstract idea groupings.
Applicant refers to numerous Federal Circuit cases to support the notion that claims directed towards technological solutions to technological problems are not abstract under the two-step Alice test, and in particular by suggesting that “the claims are similarly directed towards a technological solution to a technological problem,” citing for example, the automated implementation of the claimed approach and simultaneous queries on multiple computing resources (Remarks at pg. 13). However, these are conclusory statements because the statements fail to identify the specific alleged technical improvement or provide reasons why/how the additional elements amount to an inventive concept to the claims such as, for example:
i. Improvements to the functioning of a computer, e.g., a modification of conventional Internet hyperlink protocol to dynamically produce a dual-source hybrid webpage, as discussed in DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258-59, 113 USPQ2d 1097, 1106-07 (Fed. Cir. 2014) (see MPEP § 2106.05(a));
ii. Improvements to any other technology or technical field, e.g., a modification of conventional rubber-molding processes to utilize a thermocouple inside the mold to constantly monitor the temperature and thus reduce under- and over-curing problems common in the art, as discussed in Diamond v. Diehr, 450 U.S. 175, 191-92, 209 USPQ 1, 10 (1981) (see MPEP § 2106.05(a));
iii. Applying the judicial exception with, or by use of, a particular machine, e.g., a Fourdrinier machine (which is understood in the art to have a specific structure comprising a headbox, a paper-making wire, and a series of rolls) that is arranged in a particular way to optimize the speed of the machine while maintaining quality of the formed paper web, as discussed in Eibel Process Co. v. Minn. & Ont. Paper Co., 261 U.S. 45, 64-65 (1923) (see MPEP § 2106.05(b));
iv. Effecting a transformation or reduction of a particular article to a different state or thing, e.g., a process that transforms raw, uncured synthetic rubber into precision-molded synthetic rubber products, as discussed in Diehr, 450 U.S. at 184, 209 USPQ at 21 (see MPEP § 2106.05(c));
v. Adding a specific limitation other than what is well-understood, routine, conventional activity in the field, or adding unconventional steps that confine the claim to a particular useful application, e.g., a non-conventional and non-generic arrangement of various computer components for filtering Internet content, as discussed in BASCOM Global Internet v. AT&T Mobility LLC, 827 F.3d 1341, 1350-51, 119 USPQ2d 1236, 1243 (Fed. Cir. 2016) (see MPEP § 2106.05(d)); or
vi. Other meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment, e.g., an immunization step that integrates an abstract idea of data comparison into a specific process of immunizing that lowers the risk that immunized patients will later develop chronic immune-mediated diseases, as discussed in Classen Immunotherapies Inc. v. Biogen IDEC, 659 F.3d 1057, 1066-68, 100 USPQ2d 1492, 1499-1502 (Fed. Cir. 2011) (see MPEP § 2106.05(e)).
Notably, simultaneous queries and automation of claim steps either fall within the scope of the abstract idea itself or merely invoke generic computing elements to apply the abstract idea. The Examiner emphasizes that no improvement has been shown to the computer, computing resources, or to any technology or technical field, but instead the claim steps rely on these computing elements to simply apply the abstract idea. Even assuming arguendo that an improvement is achieved by using a computer to perform the claims steps, including the simultaneous queries, this entails at most using generic computers as tools to perform the abstract idea such that any alleged improvement would come from the capabilities of a general-purpose computer(s) rather than the sequence of steps/activities recited in the method itself, which does not materially alter the patent eligibility of the claim. See Bancorp Servs., L.L.C. v. Sun Life Assurance Co. of Can. (U.S.), 687 F.3d 1266, 1278 (Fed. Cir. 2012) (“[T]he fact that the required calculations could be performed more efficiently via a computer does not materially alter the patent eligibility of the claimed subject matter.”) (cited in the Federal Circuit's FairWarning decision).
Lastly, Applicant’s citation to a litany of CAFC decisions (e.g., Finjan, McRO, Visual Memory, Enfish, DDR) and corresponding suggestion that each has a “legal rule” that somehow renders applicant’s claims eligible (Remarks at pg. 14) lacks substance because no corresponding legal rule, fact pattern, claimed subject matter, or eligibility rationale has been articulated by Applicant as controlling or relevant to the claims or fact pattern under consideration in this instance, much less a persuasive line of reasoning showing how any of these decisions necessarily compel a finding that Applicant’s claims should be deemed eligible for similar reasons as provided in the cited decisions. Each of these cited cases has nevertheless been considered, however the claimed subject matter and fact patterns under consideration in these decisions share virtually no similarities with Applicant’s claims, and therefore Applicant’s reliance on these decisions is not persuasive.
For the reasons above, Applicant’s arguments concerning the §101 rejection are not persuasive.
Response to §103 arguments: With the exception of the argument addressed below, Applicant’s arguments (Remarks at pgs. 14-15) concerning the §103 rejection of claims 1-20 are primarily raised in support of the amendments to independent claim 1 (and similarly applicable to independent claims 11/19) and are therefore believed to be addressed in the new ground of rejection that relies on new citations to the previously cited art along with a new reference to address amended independent claims 1/11/19.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-patentable subject matter. The claims are directed to an abstract idea without significantly more.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The judicial exception is not integrated into a practical application. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The eligibility analysis in support of these findings is provided below, in accordance with the subject matter eligibility guidance set forth in MPEP 2106.
With respect to Step 1 of the eligibility inquiry (as explained in MPEP 2106.03), it is first noted that the claimed method (claims 1-10), non-transitory computer-readable storage media (claims 11-18), and system (claims 19-20) are each directed to a potentially eligible category of subject matter (i.e., process, machine, and article of manufacture). Accordingly, claims 1-20 satisfy Step 1 of the eligibility inquiry.
With respect to Step 2A Prong One of the eligibility inquiry (as explained in MPEP 2106.04), it is next noted that the claims recite an abstract idea that falls under the “Certain methods of organizing human activity” abstract idea grouping by reciting limitations that set forth activities for managing personal behavior, relationships, or interactions (user audit orchestration) by following rules or instructions, and steps that, but for the generic computer implementation, may be implemented as “Mental Processes” (e.g., observation, evaluation, judgment, or opinion). The limitations reciting the abstract idea as set forth in independent claim 1 are identified in bold text below, whereas the additional elements are presented in plain text and are separately evaluated under Step 2A Prong Two and Step 2B:
receiving an audit request including at least an application identifier associated with a software application (This step describes activity for managing personal behavior, relationships, or interactions (user audit orchestration) by following rules or instruction for a user to initiate an audit, and furthermore this step, but for the generic computer implementation, could be implemented as mental activity such as by observation, evaluation, judgment, or opinion and/or with the aid of pen and paper. In addition, the “receiving” step may be considered insignificant extra-solution activity, which is not enough to amount to a practical application (MPEP 2106.05(g)), and such extra-solution activity has also been recognized as well-understood, routine, and conventional, and thus insufficient to add significantly more to the abstract idea. See MPEP 2106.05(d) - Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network));
identifying a plurality of computing resources associated with the application identifier (This step describes activity for managing personal behavior, relationships, or interactions (user audit orchestration) by following rules or instruction for identifying resources pursuant to orchestrating the audit, and furthermore this step, but for the generic computer implementation, could be implemented as mental activity such as by observation, evaluation, judgment, or opinion and/or with the aid of pen and paper, e.g., a human user identifying computers running an application that are subject to an audit);
retrieving resource-specific instructions for accessing at least one of the plurality of computing resources, wherein the resource-specific instructions include executable scripting or programming language describing a query format associated with the at least one of the plurality of computing resources (This is an additional element addressed below under Step 2A2 and Step 2B);
executing, via one or more application programming interfaces (APIs) and through one or more network connections, multiple simultaneous queries of the plurality of computing resources based at least on the instructions (This step describes activity for managing personal behavior, relationships, or interactions (user audit orchestration) by following rules or instruction for performing queries (searches) of the computing resources (e.g., searching through lists of devices) pursuant to orchestrating the audit, and furthermore this step, but for the generic computer implementation using an API and network connection, could be implemented as mental activity such as by observation, evaluation, judgment, or opinion and/or with the aid of pen and paper, e.g., a human user identifying computers running an application that are subject to an audit);
aggregating results of the multiple simultaneous queries (This step describes activity for managing personal behavior, relationships, or interactions (user audit orchestration) by following rules or instruction for aggregating query results (e.g., combining a results list) pursuant to orchestrating the audit, and furthermore this step, but for the generic computer implementation, could be implemented as mental activity such as by observation, evaluation, judgment, or opinion and/or with the aid of pen and paper, e.g., a human user compiling a list of audit results following the queries, e.g., a result list indicating compliance or non-compliance of the computing resources associated with the application); and
generating one or more audit reports based on the aggregated query results of the multiple simultaneous queries (This step describes activity for managing personal behavior, relationships, or interactions (user audit orchestration) by following rules or instruction for generating a report based on query results (e.g., a summary listing the compliant/non-compliant items produced by the query) pursuant to orchestrating the audit, and furthermore this step, but for the generic computer implementation, could be implemented as mental activity such as by observation, evaluation, judgment, or opinion and/or with the aid of pen and paper, e.g., a human user compiling a list of audit results following the queries, e.g., a reporting that lists compliance or non-compliance of the computing resources associated with the application).
Independent claims 11 and 19 recite similar limitations as those set forth in claim 1 as discussed above, and have therefore been determined to recite the same abstract idea as claim 1.
With respect to Step 2A Prong Two of the eligibility inquiry (as explained in MPEP 2106.04(d)), the judicial exception is not integrated into a practical application. Independent claims 1, 11, and 19 recite the additional elements of computer-implemented, and non-transitory computer-readable media storing instructions, one or more memories storing instructions, computing resources, and one or more processors for executing the instructions; retrieving resource-specific instructions for accessing at least one of the plurality of computing resources, wherein the resource-specific instructions include executable scripting or programming language describing a query format associated with the at least one of the plurality of computing resources; and one or more application programming interfaces (APIs) and through one or more network connections. The additional elements have been evaluated, but fail to integrate the abstract idea into a practical application. The computing elements (computer-implemented, non-transitory computer-readable media storing instructions, one or more memories storing instructions, one or more processors for executing the instructions, computing resources) amount to using generic computing elements or instructions (software) to perform the abstract idea, similar to adding the words “apply it” (or an equivalent), which merely serves to link the use of the judicial exception to a particular technological environment (generic computing environment). See MPEP 2106.05(f) and 2106.05(h). Even if the receiving and/or generating one or more audit reports steps are considered as additional elements, the receiving and generating at most amount to insignificant extra-solution activity accomplished via receiving/transmitting data, which is not enough to amount to a practical application. See MPEP 2106.05(g). Similarly, the step for “retrieving resource-specific instructions for accessing at least one of the plurality of computing resources, wherein the resource-specific instructions include executable scripting or programming language describing a query format associated with the at least one of the plurality of computing resources” has been considered, and it is noted that this step merely involves retrieving instructions and does not actually execute any scripting or programming language to access the computing resources, i.e., the retrieved instructions are not used in any meaningful way but instead amount to gathering of data/information, which amounts to insignificant extra-solution activity accomplished via receiving/transmitting data, which is not enough to amount to a practical application. See MPEP 2106.05(g).
Next, the “one or more application programming interfaces (APIs) and through one or more network connections” is recited at a high level of generality and does not provide an improvement to the functioning of a computer or to any other technology or technical field, and fails to yield a technical improvement or otherwise integrate the abstract idea into a practical application.
Accordingly, because the Step 2A Prong One and Prong Two analysis resulted in the conclusion that the claims are directed to an abstract idea, additional analysis under Step 2B of the eligibility inquiry must be conducted in order to determine whether any claim element or combination of elements amount to significantly more than the judicial exception.
With respect to Step 2B of the eligibility inquiry (as explained in MPEP 2106.05), it has been determined that the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Independent claims 1, 11, and 19 recite the additional elements of computer-implemented, and non-transitory computer-readable media storing instructions, one or more memories storing instructions, one or more processors for executing the instructions; computing resources; retrieving resource-specific instructions for accessing at least one of the plurality of computing resources, wherein the resource-specific instructions include executable scripting or programming language describing a query format associated with the at least one of the plurality of computing resources; and one or more application programming interfaces (APIs) and through one or more network connections, but fail to add significantly more to the claims. The computing elements (computer-implemented, and non-transitory computer-readable media storing instructions, one or more memories storing instructions, computing resources, and one or more processors for executing the instructions) amount to using generic computing elements or instructions/software to perform the abstract idea, which merely serves to tie the abstract idea to a particular technological environment (generic computing environment), similar to adding the words “apply it” (or an equivalent). Notably, applicant’s Specification that the invention may be implemented with virtually any computing device under the sun, including generic computing devices (Spec. at par. [0015], noting for example that “computing device 100 includes a desktop computer, a laptop computer, a smart phone, a personal digital assistant (PDA), tablet computer, or any other type of computing device configured to receive input, process data, and optionally display images, and is suitable for practicing one or more embodiments”). Accordingly, the generic computer implementation merely serves to link the use of the judicial exception to a particular technological environment and therefore does not amount to significantly more than the abstract idea itself. See, e.g., Alice Corp., 134 S. Ct. 2347, 110 USPQ2d 1976; Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015).
Even if the receiving and/or generating one or more audit reports steps are considered as additional elements, the receiving and generating at most amount to insignificant extra-solution activity accomplished via receiving/transmitting data. Similarly, the step for “retrieving resource-specific instructions for accessing at least one of the plurality of computing resources, wherein the resource-specific instructions include executable scripting or programming language describing a query format associated with the at least one of the plurality of computing resources” has been considered, however this step merely involves retrieving instructions and does not actually execute any scripting or programming language to access the computing resources. Accordingly, these additional elements amount to insignificant extra-solution activities that can be accomplished via receiving/transmitting data, which is well-understood, routine, and conventional activity and thus insufficient to add significantly more to the claims. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).
With respect to the “one or more application programming interfaces (APIs) and through one or more network connections,” it is noted that APIs are well-understood, routine, and conventional in the art. See, e.g., Hendrick et al., US 2013/0346234 at paragraph 16, noting that “ intake of the user activity data 104 and catalog data 106 into the recommendations system 100 occurs through the Web service application program interface (API) 118, the details of which will be known to those skilled in the art.” See also, Walsham, US 2014/0040248 at paragraph 31, noting that “New input series may be created and existing input series updated automatically via an application programming interface (hereinafter, API), APIs are known known in the art as a means for allowing content to be shared by different applications.” Therefore, this element is not sufficient to integrate the abstract idea into a practical application or to add significantly more to the claims.
In addition, when taken as an ordered combination, the ordered combination adds nothing that is not already present as when the elements are taken individually. There is no indication that the combination of elements integrate the abstract idea into a practical application. Their collective functions merely provide generic computer implementation. Therefore, when viewed as a whole, these additional claim elements do not provide meaningful limitations to transform the abstract idea into a practical application of the abstract idea or that, as an ordered combination, amount to significantly more than the abstract idea itself.
Dependent claims 2-10, 12-18, and 20 recite the same abstract idea(s) as recited in the independent claims, and have been determined to recite further details/steps falling under the “Certain methods of organizing human activity” and/or “Mental Processes” abstract idea groupings discussed above along with the same or substantially same generic computing elements recited in the independent claims, which merely serve the purpose of tying the invention to a particular technological environment and which, as discussed above, is insufficient to integrate the abstract idea into a practical application or add significantly more to the claims. See MPEP 2106.05(g) and Alice Corp., 134 S. Ct. 2347, 110 USPQ2d 1976. The ordered combination of elements in the dependent claims (including the limitations inherited from the parent claim(s)) add nothing that is not already present as when the elements are taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely provide generic computer implementation. Accordingly, the subject matter encompassed by the dependent claims fails to amount to a practical application or significantly more than the abstract idea itself.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 and 4-20 are rejected under 35 U.S.C. §103 as unpatentable over Kandekar (US 2014/0006378) in view of Fawcett et al. (US Patent No. 10,484,429, hereinafter “Fawcett”) in view of Samatov et al. (US 2021/0397735, hereinafter “Samatov”).
Claims 1/11/19: As per claim 1, Kandekar teaches a computer-implemented method for performing user audit orchestration (pars. 2, 11, and 21: auditing systems and methods; auditing a plant model system; computer/server based auditing system), the computer-implemented method comprising:
receiving an audit request … (pars. 30-31: e.g., on initiation of an audit the Plant Model System 110 may query the databases of one or more offsite information systems (120, 130, 140) to retrieve relevant information to the Plant Model Database; user may select a project title and a set of project elements from a list displayed by the user interface to initiate an audit);
identifying a plurality of computing resources … (pars. 29-30: Plant Model System 110 can be in bidirectional communication with one or more offsite information systems, shown as 120, 130, and 140. Such an offsite information system may include, for example, a server, a personal computer, a notebook computer or any suitable computational device; initiation of an audit the Plant Model System 110 may query the databases of one or more offsite information systems (120, 130, 140) to retrieve relevant information to the Plant Model Database);
retrieving resource-specific instructions for accessing at least one of the plurality of computing resources, wherein the resource-specific instructions include … language describing a query format associated with the at least one of the plurality of computing resources (pars. 30-34, 41, and Fig. 1: describing presentation of user interface with selectable query elements and fields for querying offsite information systems [i.e., plurality of computing resources], wherein the displayed elements, fields, etc. describe the format for entering queries, i.e., for accessing the offsite information systems to query the systems or to employ an editor to refine a query result set - e.g., As detailed below, on initiation of an audit the Plant Model System 110 may query the databases of one or more offsite information systems (120, 130, 140) to retrieve relevant information to the Plant Model Database; queries may be processed in a parallel fashion; queries within a group are processed in parallel; user may select a project title and a set of project elements [i.e., query format] from a list displayed by the user interface to initiate an audit; process begins when a user enters a non-optimized query 200 utilizing a user interface (not shown). Such a query may be entered manually, or alternatively may be entered via selection of a set of query elements presented by the user interface [i.e., query format]; user interface may provide the user with a combined approach for entering queries, displaying a set of selectable query elements and providing fields that the user may manually fill in using a keyboard or similar device [i.e., query format]. For example, a user may select a project title and a set of project elements from a list displayed by the user interface to initiate an audit; user utilizes a user interface (not shown) to indicate a selected result subset 340, leaving a non-selected result set 350. Following this, the user can utilize an editor interface (not shown) configured to allow the user to further refine the selected result subset 340 to produce a user optimized result subset);
executing, via one or more application programming interfaces (APIs) and through one or more network connections, multiple simultaneous queries of the plurality of computing resources based at least on the instructions (pars. 30-34, 41, and Fig. 1: As detailed below, on initiation of an audit the Plant Model System 110 may query the databases of one or more offsite information systems (120, 130, 140) [based on the presented selectable query options, i.e., the instructions] to retrieve relevant information to the Plant Model Database; queries may be processed in a parallel fashion; queries within a group are processed in parallel; See also, par. 21: the various servers, systems, databases, or interfaces exchange data using standardized protocols or algorithms, possibly based on HTTP, HTTPS, AES, public-private key exchanges, web service APIs, known financial transaction protocols, or other electronic information exchanging methods. Data exchanges preferably are conducted over a packet-switched network, the Internet, LAN, WAN, VPN, or other type of packet switched network);
aggregating results of the multiple simultaneous queries (par. 41: audit report may incorporate results from multiple queries. Such queries may be processed in a serial fashion and the results aggregated; such queries may be processed in a parallel fashion); and
generating one or more audit reports based on the aggregated query results of the multiple simultaneous queries (pars. 30, 41-42, and Fig. 4: Plant Model Database may then utilize a report generator (not shown) in order to produce an Audit Report; FIG. 4 shows an exemplary report).
Kandekar does not explicitly teach:
including at least an application identifier associated with a software application;
computing resources associated with the application identifier;
scripting or programming language.
Fawcett teaches:
including at least an application identifier associated with a software application (col. 12 lines 57-65: compliance verification engine 320 may identify a software application stored at the application database 340 using an application identifier);
computing resources associated with the application identifier (col. 16 lines 59-60: components associated with an application identifier may be determined).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kandekar with Fawcett because the references are analogous since they are each directed to computer based audit and compliance features, which is within Applicant’s field of endeavor of user audit orchestration, and because modifying Kandekar to incorporate Fawcett’s application identifier and identification of associated computing resources, as claimed, would serve the motivation to coordinate an audit involving a complex set of components (Kandekar at par. 4), such as the distributed system of computing resources/databases linked to a Kandekar’s Plant Model System (as depicted in Fig. 1 of Kandekar); and further obvious because the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Kandekar and Fawcett do not explicitly teach:
scripting or programming language.
Samatov teaches scripting or programming language (pars. 26-27, 36-37, 72, 74, 77, and 106-107: e.g., running a compliance audit script on accessed applications; compliance engine 120 can monitor/ query the user's credentials to determine the appropriate level of access; compliance engine 120 can perform tests on a target website by sending test packets, sending queries; compliance engine 120 can run compliance audit scripts on accessed applications or resources).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kandekar/Fawcett with Samatov because the references are analogous since they are each directed to computer based audit and compliance features, which is within Applicant’s field of endeavor of user audit orchestration, and because modifying Kandekar/Fawcett to include Samatov’s scripting language, as claimed, would serve the motivation to quickly and efficiently perform an audit (Kandekar at par. 10) as compared to manual (unscripted) audit implementation; and further obvious because the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Claims 11 and 19 are directed to one or more non-transitory computer-readable media and system comprising one or more memories storing instructions and one or more processors for performing substantially similar limitations as those recited in claim 1 and addressed above. Kandekar, in view of Fawcett/Samatov, teaches a one or more non-transitory computer-readable media and system comprising one or more memories storing instructions and one or more processors for performing the limitations discussed above (Kandekar at par. 21: computing devices comprise a processor configured to execute software instructions stored on a tangible, non-transitory computer readable storage medium; See also, Fawcett at col. 18 lines 1-54; See also, Samatov at pars. 13 and 35), and claims 11/19 are therefore rejected using the same references and for substantially the same reasons as set forth above.
Claims 2/12: Kandekar further teaches wherein the audit request further includes one or more audit types and a user identifier (par. 31: In some embodiments, the user interface may provide the user with a combined approach for entering queries, displaying a set of selectable query elements and providing fields that the user may manually fill in using a keyboard or similar device. For example, a user may select a project title and a set of project elements from a list displayed by the user interface to initiate an audit; See also, par. 42 and Figs. 5-6: wherein Figs. 5-6 display exemplary audit reports, which include the user identifier associated with creation, i.e., request, of the audit).
Claims 4/13: Kandekar further teaches wherein executing the multiple simultaneous queries is based on one or more permissions or authorizations associated with the user identifier (pars. 27, 30, 39, 41, and Fig. 1: queries may be processed in a parallel fashion; queries within a group are processed in parallel; Audits may also serve to address security-related issues, for example verifying that user membership in groups with restricted access or permissions is correct and current as individuals move into and out of a project; may be used to generate a list of individuals having incorrect permissions or for whom permissions have been changed).
Claims 5/14/20: Kandekar teaches wherein the aggregated query results include a listing of one or more users associated with … [an item] (pars. 39-41: audit report may incorporate results from multiple queries. Such queries may be processed in a serial fashion and the results aggregated; audit report may be produced…generate a list of individuals), but does not teach users associated with the software application.
However, Fawcett further teaches users associated with the software application (col. 6 lines 63-64: user identifiers that access or modify the application within a certain timeframe).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the combination of Kandekar/Fawcett/Samatov such that the aggregated results including a listing of users associated with a software application, as taught by Fawcett, in order to evaluate compliance risk as it relates to permission of users to access a software application (Fawcett at col. 3 lines 31-36), which would also serve Kandekar’s pursuit of generating a report of exceptions for objects having incorrect permission (Kandekar at par. 12); and further obvious because the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Claims 6/15: Kandekar teaches wherein the multiple simultaneous queries are based at least on one or more audit … (pars. 30, 41, and Fig. 1: As detailed below, on initiation of an audit the Plant Model System 110 may query the databases of one or more offsite information systems (120, 130, 140) to retrieve relevant information to the Plant Model Database; queries may be processed in a parallel fashion; queries within a group are processed in parallel), but does not teach that the queries are based at least on one or more audit scripts.
Samatov teaches multiple queries are based at least on one or more audit scripts (pars. 26-27, 36-37, 72, 74, 77, and 106-107: e.g., running a compliance audit script on accessed applications; compliance engine 120 can monitor/query the user's credentials to determine the appropriate level of access; compliance engine 120 can perform tests on a target website by sending test packets, sending queries; compliance engine 120 can run compliance audit scripts on accessed applications or resources).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further include, in the combination of Kandekar/Fawcett/Samatov, Samatov’s feature for performing queries based on one or more audit scripts, as claimed, in order to serve the motivation to quickly and efficiently perform an audit (Kandekar at par. 10) as compared to manual (unscripted) audit implementation; and further obvious because the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Claim 7: Each of Kandekar and Fawcett further teaches wherein the plurality of computing resources one or more of local computing resources, remote computing resources, or cloud computing resources (pars. 29-30 and 40: Plant Model System 110 can be in bidirectional communication with one or more offsite information systems, shown as 120, 130, and 140. Such an offsite information system may include, for example, a server, a personal computer, a notebook computer or any suitable computational device; initiation of an audit the Plant Model System 110 may query the databases of one or more offsite information systems (120, 130, 140); local and offsite computers; See also, Fawcett at col. 12 lines 7-9: verify compliance and/or determine risk scores for locally or remotely accessible software).
Claims 8/16: Kandekar further teaches wherein aggregating the results of the multiple simultaneous queries is based on a job identifier associated with the audit request (pars. 27, 31, and 41: user may select a project title and a set of project elements from a list displayed by the user interface to initiate an audit; results from multiple queries. Such queries may be processed in a serial fashion and the results aggregated; queries may be processed in a parallel fashion; audits may include, for example, testing of other functionalities or tools of the database that are related functions that affect the project as a whole. An audit may be used to identify error conditions, such as identifying project components that do not meet project guidelines and/or files that contain broken or nonfunctional links; Audits may also serve to address security-related issues, for example verifying that user membership in groups with restricted access or permissions is correct and current as individuals move into and out of a project).
Claims 9/17: Kandekar further teaches wherein the multiple simultaneous queries are based on a command document that includes one or more of a query format or an interface requirement associated with a computing resource (pars. 30-31, 34, 41, and Fig. 1: As detailed below, on initiation of an audit the Plant Model System 110 may query the databases of one or more offsite information systems (120, 130, 140) to retrieve relevant information to the Plant Model Database; queries may be processed in a parallel fashion; queries within a group are processed in parallel; For example, a user may select a project title and a set of project elements [i.e., query format] from a list displayed by the user interface [i.e., command document] to initiate an audit; auditing a plant model is shown in FIG. 2. The process begins when a user enters a non-optimized query 200 utilizing a user interface (not shown). Such a query may be entered manually, or alternatively may be entered via selection of a set of query elements presented by the user interface [i.e., query format]. In some embodiments, the user interface may provide the user with a combined approach for entering queries, displaying a set of selectable query elements and providing fields that the user may manually fill in using a keyboard or similar device [i.e., query format]. For example, a user may select a project title and a set of project elements from a list displayed by the user interface to initiate an audit; user utilizes a user interface (not shown) to indicate a selected result subset 340, leaving a non-selected result set 350. Following this, the user can utilize an editor interface (not shown) configured to allow the user to further refine the selected result subset 340 to produce a user optimized result subset).
Claims 10/18: Kandekar further teaches wherein each of the one or more audit reports includes a user identifier, an application identifier, and a job identifier (par. 42: audit report displays audit information for a specified project, and includes information related to recently produced and edited documents, project features that lack associated parts, item properties, status updates for project components, reports of duplicate item names, a list of items that are utilized in multiple work packages, and a list of items that appear in multiple fabrication isometrics. Such an audit report may include information related to multiple features of the plant modeling system; See also, and Figs. 4-6: displaying audit reports with identifiers indicating a user [e.g., Created By], an application [e.g., Object Name] and a job [e.g., Approval Status Checking]).
Claim 3 is rejected under 35 U.S.C. §103 as unpatentable over Kandekar (US 2014/0006378) in view of Fawcett et al. (US Patent No. 10,484,429, hereinafter “Fawcett”) in view of Samatov et al. (US 2021/0397735, hereinafter “Samatov”), as applied to claim 2 above, and further in view of Hernandez et al. (US 2016/0373289, hereinafter “Hernandez”).
Claim 3: Kandekar, in view of Fawcett/Samatov, teaches the limitations of claim 2 as set forth above, but does not teach the limitation of claim 3.
Hernandez teaches wherein the one or more audit types include Sarbanes-Oxley (SOX), Payment Card Industry (PCI), or Health Insurance Portability and Accountability (HIPAA) (pars. 30, 32, 35, and 37: The method described herein may discover at least one standard that an auditor must employ in order to assess the contracted internal controls of a service organization like a hosted data center; verify compliance; include, but are not limited to, ITAR (International Traffic & Arms Regulations); HIPAA (Health Insurance Portability and Accountability Act); HITECH (Health Information Technology for Economic and Clinical Health Act); CJIS (Criminal Justice Information System Database); GLBA (Gramm-Leach-Bliley Act); FERPA (Family Educational Rights and Privacy Act); SOX (Sarbanes-Oxley); PCI).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kandekar/Fawcett/Samatov with Hernandez because the references are analogous since they are each directed to computer based audit and compliance features, which is within Applicant’s field of endeavor of user audit orchestration, and because modifying Kandekar/Fawcett/Samatov to include audit types such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), or Health Insurance Portability and Accountability (HIPAA), as claimed, would provide the benefit to companies of ensuring that their information security policies and IT systems comply with the guidelines (Hernandez at par. 21); and further obvious because the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Lee et al. (US 2007/0136814): discloses a critical function monitoring and compliance auditing system, including user initiation of the execution of the Audit process that ultimately produces a point-in-time or snap-shot comparative analysis and aggregating and reporting compliance levels at any level of granularity from a single client computer to a regional, state, or national view (par. 10).
Sahib et al. (US 2021/0232700): discloses resource-specific instructions presented via executable scripting or programming language (par. 31: retrieving policy 142A from repository 140, which stores policies 142A-D. A repository is a store of policies, and can take various forms (e.g., a document management system, a filesystem, a database, a file server, a webservice, etc.); Policies 142A-D can be stored in different ways. In some implementations, policies 142A-D are stored as documents (i.e., electronic records in a structured format). The documents might be in a human-readable format (e.g., text, JavaScript Object Notation (JSON), eXtensible Markup Language (XML), etc.) and/or a machine-readable format (e.g., in a binary format), which might also be human-readable (e.g., JSON, XML, etc.). In other implementations, policies 142A-D are stored as executable code or procedures. For example, an implementation might store policies 142A-D as a set of structured query language (SQL) queries, or as portions of executable code (e.g., functors, function pointers, scripts, etc.) whose execution performs one or more queries on database(s)).
Drubner (US 2020/0167387): discloses features for streamlined auditing, including user initiated audit requests (par. 24) and a report generator for outputting the streamlined audit results (par. 46).
J. Ramanathan, R. J. Cohen, E. Plassmann and K. Ramamoorthy, "Role of an auditing and reporting service in compliance management," in IBM Systems Journal, vol. 46, no. 2, pp. 305-318, 2007: discloses techniques in the art for recording and processing audit logs to enable enterprises to test, measure, and understand how well they are complying with regulations, including an overview of file-based audit logs that enable database queries to generate trend reports, and an overview of products for distributed platforms implemented via an audit service to manage the life cycle of audit logs.
A. Bichhawat, M. Fredrikson and J. Yang, "Automating Audit with Policy Inference," 2021 IEEE 34th Computer Security Foundations Symposium (CSF), Dubrovnik, Croatia, 2021, pp. 1-16: discloses an approach to automating compliance audits, including an evaluation through a case study involving HIPAA regulations, including an inference algorithm to reduce effort of an auditor and a violation detector for reporting unauthorized transactions (e.g., HIPAA violations).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from the Examiner should be directed to Timothy A. Padot whose telephone number is 571.270.1252. The Examiner can normally be reached on Monday-Friday, 8:30 - 5:30. If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Brian Epstein can be reached at 571.270.5389. The fax phone number for the organization where this application or proceeding is assigned is 571- 273-8300.
Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/TIMOTHY PADOT/
Primary Examiner, Art Unit 3625
05/08/2026
Prosecution Insights