Prosecution Insights
Last updated: July 17, 2026
Application No. 18/960,497

CYBERSECURITY RISK DETECTION FOR A SERVICE

Non-Final OA §101§103
Filed
Nov 26, 2024
Examiner
FISHER, PAUL R
Art Unit
2498
Tech Center
2400 — Computer Networks
Assignee
CrowdStrike Inc.
OA Round
1 (Non-Final)
23%
Grant Probability
At Risk
1-2
OA Rounds
3y 1m
Est. Remaining
47%
With Interview

Examiner Intelligence

Grants only 23% of cases
23%
Career Allowance Rate
114 granted / 490 resolved
-34.7% vs TC avg
Strong +24% interview lift
Without
With
+24.1%
Interview Lift
resolved cases with interview
Typical timeline
4y 9m
Avg Prosecution
9 currently pending
Career history
506
Total Applications
across all art units

Statute-Specific Performance

§101
12.5%
-27.5% vs TC avg
§103
79.4%
+39.4% vs TC avg
§102
5.2%
-34.8% vs TC avg
§112
2.3%
-37.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 490 resolved cases

Office Action

§101 §103
DETAILED ACTION This communication is a first Office Action Non-Final rejection on the merits. Claims 1-20, are currently pending and have been considered below. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites the actions related to determining cybersecurity risk score, which is a method of organizing human activity. Under Step 1, claims 1-9 recite a method or process, claims 10-17, recite a system and claims 18-20 recite a medium. As such each of the claims falls within one of the statutory categories. Under Step 2(a) – Certain methods of organizing human activity includes - fundamental economic principles or practices (including hedging, insurance, mitigating risk); commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations); managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions) (see MPEP § 2106.04(a)(2), subsection II). Additionally the Examiner notes MPEP § 2106.04(a) states “the sub-groupings encompass both activity of a single person (for example, a person following a set of instructions or a person signing a contract online) and activity that involves multiple people (such as a commercial interaction), and thus, certain activity between a person and a computer (for example a method of anonymous loan shopping that a person conducts using a mobile phone) may fall within the "certain methods of organizing human activity" grouping. It is noted that the number of people involved in the activity is not dispositive as to whether a claim limitation falls within this grouping. Instead, the determination should be based on whether the activity itself falls within one of the sub-groupings.” Which establishes that certain activity between a person and a computer can fall within “certain methods of organizing human activity”. In the instant case the limitations require collecting contextual data, determining a cybersecurity risk score, prioritizing the service based on the risk score and performing a remediation of the threat. The collection of the contextual data is merely data gathering as shown in MPEP 2106.05(g). The additional elements merely describe the environment in which the data is gathered, as there are no specifics as to how the data is collected. The determining and prioritizing steps merely recite the functions and fail to establish how the determinations are performed or how the scores are prioritized. As shown in MPEP 2106.05(f), this fails to render the abstract idea into a practical application as it merely recites a function without specifics as to how the functions are achieved. The final step of performing the remediation can be broadly interpreted as merely providing instructions as shown in the applicant’s originally filed specification paragraphs [0024] and [0026]. From this the steps recite an abstract idea and fail to recite additional elements that render the abstract idea into a practical application. Step 2(a)(II) considers the additional elements of the independent claims with respect to transforming the abstract idea into a practical application. As noted the above the determining and prioritizing are generic and as such cannot be considered to be a practical application. The other steps of the independent claims amount to merely collecting data, and providing remediation instructions to a user, which again does not amount to be a practical application. As state above the judicial exception is not integrated into a practical application. In particular, the claim recites additional elements – a processor, a memory, instructions, non-transitory computer readable medium and a computing apparatus. The hardware in claimed limitations is recited at a high-level of generality (i.e., as a generic component performing a generic functions) such that it amounts no more than mere instructions to apply the exception using a generic components. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor and memory to collecting, determining, prioritizing and performing amounts to no more than mere instructions to apply the exception using a generic component. Mere instructions to apply an exception using a generic components cannot provide an inventive concept. The claim is not patent eligible. Step 2(b) considers the additional elements of the independent claims with respect to being significantly more than the identified abstract idea. As noted above there are no additional elements which indicate that the claims amount to significantly more than the abstract idea. Dependent claims 2, 11 and 19 recite “wherein the runtime entity comprises at least one of a database, another service, a microservice, an internet-facing connection, or an application programming interface (API)”, which describes the entity but fails to establish how the limitations are performed, as such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Claim 3 recites “wherein the database comprises personally identifiable information (PII)”, which describes the type of data stored but not how the functions are performed. As such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Claims 4, 12 and 20 recite “further comprising: computing an attack surface score based on one or more communication pathways to one or more runtime entities, wherein the one or more runtime entities comprise at least one of a database, another service, a microservice, an internet-facing connection, or an application programming interface (API); and utilizing the attack surface score in the determining of the cybersecurity risk score,” which describe the environment of use and the names provided to the entities but fails to establish how the functions are performed. As such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Claims 5 and 13, recite “further comprising: computing a threat score based on one or more vulnerabilities associated with the service, wherein the one or more vulnerabilities comprise at least one of a CVE (Common Vulnerabilities and Exposures), an unsecured communication, a misconfigured hardware, a misconfigured virtual machine (VM), or a network misconfiguration; and utilizing the threat score in the determining of the cybersecurity risk score”, which describes the data which is used in determining the score but not how the data is used to determine the score. As such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Claims 6 and 14, recite “further comprising: computing an impact score corresponding to a potential impact of the service being comprised based on a number of communication pathways to a number of runtime entities; and utilizing the impact score in the determining of the cybersecurity risk score,” which describes the data which is used in determining the score but not how the data is used to determine the score. As such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Claims 7 and 15, recite “wherein the cybersecurity risk score is based on whether the service has access to at least one of an internet-facing connection or personally identifiable information (PII)” which describes the type of data stored but not how the functions are performed. As such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Claims 8 and 16, recite “further comprising: increasing the cybersecurity risk score when the service has access to both the internet-facing connection and the PII”, which describes the type of data stored but not how the functions are performed. As such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Claim 9 and 17, recite “wherein the remediation comprises inhibiting the service to have access to the internet-facing connection” which describes the function but fails to establish how the function is performed. As such this continues to be merely applying the abstract idea, see MPEP 2106.05(f). Therefore, these limitations do not render the claims into a practical application. Thus when considered individually or as a combination these elements do not amount to a practical application. As such claims 1-20 recite an abstract idea and without any specifics to how the functions are performed the claims are not found to render the abstract idea into a practical application. Therefore the claims have been rejected under 35 U.S.C. 101. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 2, 4-7, 9-15 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Weizman et al. (US 2024/0386099 A1) hereafter Weizman, in view of Skufca et al. (US 2003/0065826 A1) hereafter Skufca. As per claim 1, Weizman discloses a method (Weizman Abstract discloses a method for providing security risk management)comprising: collecting contextual execution data of a service executing in a runtime environment (Weizman paragraph [0033]; discloses that the system collects data and from this identifies operations and determines if those operations are attacks. Paragraph [0072]; discloses based on the issues the system identifies the contextual information. Paragraph [0087]; discloses that the system includes a runtime environment where the services are executing), determining, by a processing device, a cybersecurity risk score of the service based on the contextual execution data (Weizman, paragraph [0032]; discloses that the contextual data is used to determine a risk score); prioritizing the service based on the cybersecurity risk score (Weizman, paragraphs [0040]-[0041]; disclose that the security issues are prioritized based on the risk scores); and performing a remediation of a cybersecurity threat to the service based on the prioritizing (Weizman, paragraph [0052]; discloses that the system performs remediation of the threat based on the prioritization). While Weizman discloses collecting contextual data, it is not explicit wherein the contextual execution data indicates a communication between the service and a runtime entity. Skufca, which like Weizman talks about collecting context data, teaches it is known wherein the contextual execution data indicates a communication between the service and a runtime entity (Skufca paragraph [0064]; teaches collecting context data through runtime logs which are communications between services and runtime entities. This context data permits remote administration of the service. Since Weizman already provides remote remediation or administration based on context data it would have been obvious to collect this data through communication between the services and runtime entities as shown in Skufca). Weizman discloses a method for collecting contextual data to determine an prioritize risk scores. The prioritized risk scores are used to perform remediations. Weizman however fails to explicitly disclose wherein the contextual execution data indicates a communication between the service and a runtime entity. Skufca teaches it is known to collect contextual data which indicates a communication between the service and a runtime entity. It would have been obvious to one of ordinary skill in the art to include in the method of prioritizing risk scores of Weizman with the ability to for the contextual data to indicate a communication between the service and a runtime entity as taught by Skufca since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Therefore, from this teaching of Skufca, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of prioritizing risk scores of Weizman with the ability to for the contextual data to indicate a communication between the service and a runtime entity as taught by Skufca, for the purposes of permitting remote administration as shown in Skufca. Since Weizman already provides remote remediation or administration based on context data it would have been obvious to collect this data through communication between the services and runtime entities as shown in Skufca. As per claim 2, the combination of Weizman and Skufca teaches the above enclosed method of claim 1, Weizman further discloses wherein the runtime entity comprises at least one of a database, another service, a microservice, an internet-facing connection, or an application programming interface (API) (Weizman paragraph [0048]; discloses that the entities include servers, databases, storage as well as other services. Paragraph [0087]; discloses that the services are part of the runtime environment. Paragraph [0026]; the service as part of the cloud includes storage which is internet-facing or exposed to the internet). As per claim 4, the combination of Weizman and Skufca teaches the above enclosed method of claim 1, Weizman further discloses further comprising: computing an attack surface score based on one or more communication pathways to one or more runtime entities, wherein the one or more runtimes entities comprise at least one of a database, another service, a microservice, an internet-facing connection, or an application programming interface (API) (Weizman paragraph [0034]; discloses that the attack path is analyzed to determine how a particular asset or entity was attacked. Paragraphs [0067]-[0068]; discloses that the attack path information is used to score each path. Paragraph [0048]; discloses that the entities include servers, databases, storage as well as other services. Paragraph [0087]; discloses that the services are part of the runtime environment. Paragraph [0026]; the service as part of the cloud includes storage which is internet-facing or exposed to the internet); and utilizing the attack surface score in the determining of the cybersecurity risk score (Weizman paragraphs [0067]-[0068]; discloses that the attack path information is used to score each path and the risk score for each contextual issue). As per claim 5, the combination of Weizman and Skufca teaches the above enclosed method of claim 1, Weizman further discloses further comprising: computing a threat score based on one or more vulnerabilities associated with the service, wherein the one or more vulnerabilities comprise at least one of a CVE (Common Vulnerabilities and Exposures), an unsecured communication, a misconfigured hardware, a misconfigured virtual machine (VM), or a network misconfiguration (Weizman paragraph [0035]; discloses that the security issue is a misconfiguration in the computing environment. This is part of the contextual security matrix and as shown in paragraph [0039] is used to generate the risk score); and utilizing the threat score in the determining of the cybersecurity risk score (Weizman paragraph [0039]; discloses the threat information is used as part of the risk score). As per claim 6, the combination of Weizman and Skufca teaches the above enclosed method of claim 1, Weizman further discloses further comprising: computing an impact score corresponding to a potential impact of the service being compromised based on a number of communication pathways to a number of runtime entities (Weizman paragraph [0044]; discloses that the longer the path or the number of edges is used to determine the risk score); and utilizing the impact score in the determining of the cybersecurity risk score (Weizman paragraph [0044]; discloses that the longer the path or the number of edges is used to determine the risk score). As per claim 7, the combination of Weizman and Skufca teaches the above enclosed method of claim 1, Weizman further discloses wherein the cybersecurity risk score is based on whether the service has access to at least one of an internet-facing connection or personally identifiable information (PII) (Weizman paragraph [0026]; discloses the service as part of the cloud includes storage which is internet-facing or exposed to the internet). As per claim 9, the combination of Weizman and Skufca teaches the above enclosed method of claim 1, Weizman further discloses wherein the remediation comprises inhibiting the service to have access to the internet-facing connection (Weizman paragraph [0026]; discloses that the remediation includes restricting internet access to the resource). As per claim 10, Weizman discloses a system (Weizman Abstract discloses a system for providing security risk management) comprising: a memory (Weizman paragraph [0092]; discloses the system includes a memory); and a processing device, operatively coupled to the memory (Weizman paragraph [0092]; discloses the system includes a processor coupled to the memory), to: collect contextual execution data of a service executing in a runtime environment (Weizman paragraph [0033]; discloses that the system collects data and from this identifies operations and determines if those operations are attacks. Paragraph [0072]; discloses based on the issues the system identifies the contextual information. Paragraph [0087]; discloses that the system includes a runtime environment where the services are executing), determine a cybersecurity risk score of the service based on the contextual execution data (Weizman, paragraph [0032]; discloses that the contextual data is used to determine a risk score); prioritize the service based on the cybersecurity risk score (Weizman, paragraphs [0040]-[0041]; disclose that the security issues are prioritized based on the risk scores); and perform a remediation of a cybersecurity threat to the service based on the prioritizing (Weizman, paragraph [0052]; discloses that the system performs remediation of the threat based on the prioritization). While Weizman discloses collecting contextual data, it is not explicit wherein the contextual execution data indicates a communication between the service and a runtime entity within the runtime environment. Skufca, which like Weizman talks about collecting context data, teaches it is known wherein the contextual execution data indicates a communication between the service and a runtime entity (Skufca paragraph [0064]; teaches collecting context data through runtime logs which are communications between services and runtime entities. This context data permits remote administration of the service. Since Weizman already provides remote remediation or administration based on context data it would have been obvious to collect this data through communication between the services and runtime entities as shown in Skufca). Weizman discloses a method for collecting contextual data to determine an prioritize risk scores. The prioritized risk scores are used to perform remediations. Weizman however fails to explicitly disclose wherein the contextual execution data indicates a communication between the service and a runtime entity. Skufca teaches it is known to collect contextual data which indicates a communication between the service and a runtime entity. It would have been obvious to one of ordinary skill in the art to include in the method of prioritizing risk scores of Weizman with the ability to for the contextual data to indicate a communication between the service and a runtime entity as taught by Skufca since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Therefore, from this teaching of Skufca, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of prioritizing risk scores of Weizman with the ability to for the contextual data to indicate a communication between the service and a runtime entity as taught by Skufca, for the purposes of permitting remote administration as shown in Skufca. Since Weizman already provides remote remediation or administration based on context data it would have been obvious to collect this data through communication between the services and runtime entities as shown in Skufca. As per claim 11, the combination of Weizman and Skufca teaches the above enclosed system of claim 10, Weizman further discloses wherein the runtime entity comprises at least one of a database comprising personally identifiable information (PII), another service, a microservice, an internet-facing connection, or an application programming interface (API) (Weizman paragraph [0048]; discloses that the entities include servers, databases, storage as well as other services. Paragraph [0087]; discloses that the services are part of the runtime environment. Paragraph [0026]; the service as part of the cloud includes storage which is internet-facing or exposed to the internet). As per claim 12, the combination of Weizman and Skufca teaches the above enclosed system of claim 10, Weizman further discloses wherein the processing device is further to: compute an attack surface score based on one or more communication pathways to one or more runtime entities, wherein the one or more runtime entities comprise at least one of a database, another service, a microservice, an internet-facing connection, or an application programming interface (API) (Weizman paragraph [0034]; discloses that the attack path is analyzed to determine how a particular asset or entity was attacked. Paragraphs [0067]-[0068]; discloses that the attack path information is used to score each path. Paragraph [0048]; discloses that the entities include servers, databases, storage as well as other services. Paragraph [0087]; discloses that the services are part of the runtime environment. Paragraph [0026]; the service as part of the cloud includes storage which is internet-facing or exposed to the internet); and utilize the attack surface score in the determining of the cybersecurity risk score (Weizman paragraphs [0067]-[0068]; discloses that the attack path information is used to score each path and the risk score for each contextual issue). As per claim 13, the combination of Weizman and Skufca teaches the above enclosed system of claim 10, Weizman further discloses wherein the processing device is further to: compute a threat score based on one or more vulnerabilities associated with the service, wherein the one or more vulnerabilities comprise at least one of a CVE (Common Vulnerabilities and Exposures), an unsecured communication, a misconfigured hardware, a misconfigured virtual machine (VM), or a network misconfiguration (Weizman paragraph [0035]; discloses that the security issue is a misconfiguration in the computing environment. This is part of the contextual security matrix and as shown in paragraph [0039] is used to generate the risk score); and utilize the threat score in the determining of the cybersecurity risk score (Weizman paragraph [0039]; discloses the threat information is used as part of the risk score). As per claim 14, the combination of Weizman and Skufca teaches the above enclosed system of claim 10, Weizman further discloses wherein the processing device is further to: compute an impact score corresponding to a potential impact of the service being comprised based on a number of communication pathways to a number of runtime entities (Weizman paragraph [0044]; discloses that the longer the path or the number of edges is used to determine the risk score); and utilize the impact score in the determining of the cybersecurity risk score (Weizman paragraph [0044]; discloses that the longer the path or the number of edges is used to determine the risk score). As per claim 15, the combination of Weizman and Skufca teaches the above enclosed system of claim 10, Weizman further discloses wherein the cybersecurity risk score is based on whether the service has access to at least one of an internet-facing connection or personally identifiable information (PII) (Weizman paragraph [0026]; discloses the service as part of the cloud includes storage which is internet-facing or exposed to the internet). As per claim 18, Weizman discloses a non-transitory computer readable medium (Weizman Abstract discloses a media for providing security risk management), storing instructions that, when executed by a processing device, cause the processing device (Weizman paragraph [0092]; discloses the system includes a processor coupled to the memory. Paragraph [0093]; discloses a computer readable media which stores the instructions as shown in paragraph [0094]) to: collect contextual execution data of a service executing in a runtime environment (Weizman paragraph [0033]; discloses that the system collects data and from this identifies operations and determines if those operations are attacks. Paragraph [0072]; discloses based on the issues the system identifies the contextual information. Paragraph [0087]; discloses that the system includes a runtime environment where the services are executing), determine, by the processing device, a cybersecurity risk score of the service based on the contextual execution data (Weizman, paragraph [0032]; discloses that the contextual data is used to determine a risk score); prioritize the service based on the cybersecurity risk score (Weizman, paragraphs [0040]-[0041]; disclose that the security issues are prioritized based on the risk scores); and perform a remediation of a cybersecurity threat to the service based on the prioritizing (Weizman, paragraph [0052]; discloses that the system performs remediation of the threat based on the prioritization). While Weizman discloses collecting contextual data, it is not explicit wherein the contextual execution data indicates a communication between the service and a runtime entity within the runtime environment. Skufca, which like Weizman talks about collecting context data, teaches it is known wherein the contextual execution data indicates a communication between the service and a runtime entity (Skufca paragraph [0064]; teaches collecting context data through runtime logs which are communications between services and runtime entities. This context data permits remote administration of the service. Since Weizman already provides remote remediation or administration based on context data it would have been obvious to collect this data through communication between the services and runtime entities as shown in Skufca). Weizman discloses a method for collecting contextual data to determine an prioritize risk scores. The prioritized risk scores are used to perform remediations. Weizman however fails to explicitly disclose wherein the contextual execution data indicates a communication between the service and a runtime entity. Skufca teaches it is known to collect contextual data which indicates a communication between the service and a runtime entity. It would have been obvious to one of ordinary skill in the art to include in the method of prioritizing risk scores of Weizman with the ability to for the contextual data to indicate a communication between the service and a runtime entity as taught by Skufca since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Therefore, from this teaching of Skufca, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of prioritizing risk scores of Weizman with the ability to for the contextual data to indicate a communication between the service and a runtime entity as taught by Skufca, for the purposes of permitting remote administration as shown in Skufca. Since Weizman already provides remote remediation or administration based on context data it would have been obvious to collect this data through communication between the services and runtime entities as shown in Skufca. As per claim 19, the combination of Weizman and Skufca teaches the above enclosed non-transitory computer readable medium of claim 18, Weizman further discloses wherein the runtime entity comprises at least one of a database comprising personally identifiable information (PII), another service, a microservice, an internet-facing connection, or an application programming interface (API) (Weizman paragraph [0048]; discloses that the entities include servers, databases, storage as well as other services. Paragraph [0087]; discloses that the services are part of the runtime environment. Paragraph [0026]; the service as part of the cloud includes storage which is internet-facing or exposed to the internet). As per claim 20, the combination of Weizman and Skufca teaches the above enclosed non-transitory computer readable medium of claim 18, Weizman further discloses wherein the processing device is further to: compute an attack surface score based on one or more communication pathways to one or more runtime entities, wherein the one or more runtime entities comprise at least one of a database, another service, a microservice, an internet-facing connection, or an application programming interface (API) (Weizman paragraph [0034]; discloses that the attack path is analyzed to determine how a particular asset or entity was attacked. Paragraphs [0067]-[0068]; discloses that the attack path information is used to score each path. Paragraph [0048]; discloses that the entities include servers, databases, storage as well as other services. Paragraph [0087]; discloses that the services are part of the runtime environment. Paragraph [0026]; the service as part of the cloud includes storage which is internet-facing or exposed to the internet); and utilize the attack surface score in the determining of the cybersecurity risk score (Weizman paragraphs [0067]-[0068]; discloses that the attack path information is used to score each path and the risk score for each contextual issue). Claim(s) 3, 8, 16 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Weizman et al. (US 2024/0386099 A1) hereafter Weizman, in view of Skufca et al. (US 2003/0065826 A1) hereafter Skufca, further in view of Shua (US 2022/0345483 A1) hereafter Shua. As per claim 3, the combination of Weizman and Skufca teaches the above enclosed method of claim 2, Weizman further discloses wherein the database comprises sensitive data (Weizman paragraph [0027]; discloses that the database contains sensitive data). While Weizman discloses sensitive data it is not explicit that the sensitive data is personally identifiable information (PII). Shua, which like Weizman talks about determining risk, teaches it is known for context data to include personally identifiable information (PII) (Shua paragraph [0102]; teaches that sensitive information includes personally identifiable information (PII). Paragraph [0358]; teaches scanning for PII is known to adhere to privacy regulations. Paragraph [0067]; teaches scanning to determining if an asset is vulnerable similar to Weizman and establishing if an asset is Internet-facing. Since the combination already stores sensitive information it would have been obvious this includes personally identifiable information (PII) as shown in Shua). Weizman discloses a method for collecting contextual data to determine an prioritize risk scores. The prioritized risk scores are used to perform remediations. Skufca teaches it is known to collect contextual data which indicates a communication between the service and a runtime entity. The combination however fails to explicitly disclose the sensitive information includes personally identifiable information (PII). Shua teaches it is known for sensitive information to include personally identifiable information (PII). It would have been obvious to one of ordinary skill in the art to include in the method of prioritizing risk scores of Weizman and Skufca with the ability to collect personally identifiable information as taught by Shua since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Therefore, from this teaching of Shua, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of prioritizing risk scores of Weizman and Skufca with the ability to collect personally identifiable information as taught by Shua, for the purposes of protecting privacy. Since the combination already stores sensitive information it would have been obvious this includes personally identifiable information (PII) as shown in Shua. As per claim 8, the combination of Weizman and Skufca teaches the above enclosed method of claim 7, Weizman further discloses further comprising: increasing the cybersecurity risk score when the service has access to both the internet-facing connection and sensitive information (Weizman paragraph [0026]; discloses the service as part of the cloud includes storage which is internet-facing or exposed to the internet. Paragraph [0027]; discloses that the database contains sensitive data. Paragraph [0032]; discloses that the risk score is increased when it has multiple security issues. Specifically each issue is summed. As shown in Weizman the contextual information can include both internet facing and contains sensitive information, which would be higher than one or the other alone). While Weizman discloses sensitive data it is not explicit that the sensitive data is personally identifiable information (PII). Shua, which like Weizman talks about determining risk, teaches it is known for context data to include personally identifiable information (PII) (Shua paragraph [0102]; teaches that sensitive information includes personally identifiable information (PII). Paragraph [0358]; teaches scanning for PII is known to adhere to privacy regulations. Paragraph [0067]; teaches scanning to determining if an asset is vulnerable similar to Weizman and establishing if an asset is Internet-facing. Since the combination already stores sensitive information it would have been obvious this includes personally identifiable information (PII) as shown in Shua). Weizman discloses a method for collecting contextual data to determine an prioritize risk scores. The prioritized risk scores are used to perform remediations. Skufca teaches it is known to collect contextual data which indicates a communication between the service and a runtime entity. The combination however fails to explicitly disclose the sensitive information includes personally identifiable information (PII). Shua teaches it is known for sensitive information to include personally identifiable information (PII). It would have been obvious to one of ordinary skill in the art to include in the method of prioritizing risk scores of Weizman and Skufca with the ability to collect personally identifiable information as taught by Shua since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Therefore, from this teaching of Shua, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of prioritizing risk scores of Weizman and Skufca with the ability to collect personally identifiable information as taught by Shua, for the purposes of protecting privacy. Since the combination already stores sensitive information it would have been obvious this includes personally identifiable information (PII) as shown in Shua. As per claim 16, the combination of Weizman and Skufca teaches the above enclosed system of claim 15, Weizman further discloses wherein the processing device is further to: increase the cybersecurity risk score when the service has access to both the internet-facing connection and sensitive information (Weizman paragraph [0026]; discloses the service as part of the cloud includes storage which is internet-facing or exposed to the internet. Paragraph [0027]; discloses that the database contains sensitive data. Paragraph [0032]; discloses that the risk score is increased when it has multiple security issues. Specifically each issue is summed. As shown in Weizman the contextual information can include both internet facing and contains sensitive information, which would be higher than one or the other alone). While Weizman discloses sensitive data it is not explicit that the sensitive data is personally identifiable information (PII). Shua, which like Weizman talks about determining risk, teaches it is known for context data to include personally identifiable information (PII) (Shua paragraph [0102]; teaches that sensitive information includes personally identifiable information (PII). Paragraph [0358]; teaches scanning for PII is known to adhere to privacy regulations. Paragraph [0067]; teaches scanning to determining if an asset is vulnerable similar to Weizman and establishing if an asset is Internet-facing. Since the combination already stores sensitive information it would have been obvious this includes personally identifiable information (PII) as shown in Shua). Weizman discloses a method for collecting contextual data to determine an prioritize risk scores. The prioritized risk scores are used to perform remediations. Skufca teaches it is known to collect contextual data which indicates a communication between the service and a runtime entity. The combination however fails to explicitly disclose the sensitive information includes personally identifiable information (PII). Shua teaches it is known for sensitive information to include personally identifiable information (PII). It would have been obvious to one of ordinary skill in the art to include in the method of prioritizing risk scores of Weizman and Skufca with the ability to collect personally identifiable information as taught by Shua since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Therefore, from this teaching of Shua, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of prioritizing risk scores of Weizman and Skufca with the ability to collect personally identifiable information as taught by Shua, for the purposes of protecting privacy. Since the combination already stores sensitive information it would have been obvious this includes personally identifiable information (PII) as shown in Shua. As per claim 17, the combination of Weizman, Skufca and Shua teaches the above enclosed system of claim 16, Weizman further discloses wherein to perform the remediation, the processing device is to inhibit the service to have access to the internet-facing connection (Weizman paragraph [0026]; discloses that the remediation includes restricting internet access to the resource). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Jones et al. (US 2015/0288712 A1) – discusses threat analysis. Singh (US 2024/0386113 A1) – discusses detecting and preventing code vulnerability. Beacher et al. (US 2004/0117528 A1) – discusses the real-time prioritization and managing of items. Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAUL R FISHER whose telephone number is (571)270-5097. The examiner can normally be reached Monday - Friday 9 am to 5:30 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at (571)272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. PAUL R. FISHER Primary Examiner Art Unit 2498 /PAUL R FISHER/ Primary Examiner, Art Unit 2498 5/30/2026
Read full office action

Prosecution Timeline

Nov 26, 2024
Application Filed
Jun 03, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12671698
DETECTING AND ALERTING ON DOMAIN FRONTING WITHIN A NETWORK
3y 5m to grant Granted Jun 30, 2026
Patent 12657486
COMPUTER-READABLE RECORDING MEDIUM STORING EVALUATION PROGRAM, EVALUATION METHOD, AND INFORMATION PROCESSING DEVICE
4y 1m to grant Granted Jun 16, 2026
Patent 12619718
DETECTION AND PREVENTION OF LOGIN ATTACKS
2y 1m to grant Granted May 05, 2026
Patent 12598182
PEER-TO-PEER SECURE MODE AUTHENTICATION
3y 1m to grant Granted Apr 07, 2026
Patent 12587393
SYSTEM FOR DIAGNOSIS OF A VEHICLE AND METHOD THEREOF
2y 11m to grant Granted Mar 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
23%
Grant Probability
47%
With Interview (+24.1%)
4y 9m (~3y 1m remaining)
Median Time to Grant
Low
PTA Risk
Based on 490 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month