Prosecution Insights
Last updated: July 17, 2026
Application No. 19/067,330

CYBER RISK ANALYSIS AND REMEDIATION USING NETWORK MONITORED SENSORS AND METHODS OF USE

Non-Final OA §102§103
Filed
Feb 28, 2025
Priority
Mar 31, 2015 — provisional 62/141,114 +3 more
Examiner
PARSONS, THEODORE C
Art Unit
Tech Center
Assignee
Guidewire Software Inc.
OA Round
1 (Non-Final)
78%
Grant Probability
Favorable
1-2
OA Rounds
1y 8m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allowance Rate
361 granted / 462 resolved
+18.1% vs TC avg
Strong +22% interview lift
Without
With
+22.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
12 currently pending
Career history
479
Total Applications
across all art units

Statute-Specific Performance

§101
0.9%
-39.1% vs TC avg
§103
45.4%
+5.4% vs TC avg
§102
47.4%
+7.4% vs TC avg
§112
4.1%
-35.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 462 resolved cases

Office Action

§102 §103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in reply to papers filed on 2025-06-16. Claims 1-20 are pending. Claims 1, 17, 20 is/are independent. Allowable Subject Matter Claim(s) 13 would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and to overcome the rejection(s) for double patenting set forth in this Office action. Information Disclosure Statement PTO-1449 The Information Disclosure Statement(s) submitted by applicant on 2025-06-16 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR § 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR § 3.73(b). Claim(s) 1-20 is/are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over the claim(s) of U.S. Patent 10404748. The table below sets forth exemplary claim(s). 19067330 (Instant Application) U.S. Patent 10404748 (App 15/082890) 1. A system, comprising: a processor configured to: automatically detect occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determine one or more breach parameters that apply for the one or more events that occurred; and cause a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof; and a memory coupled to the processor and configured to provide the processor with instructions. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 1. A system, comprising: one or more computing systems that are subject to a cyber risk policy, the cyber risk policy comprising breach parameters defining one or more events that are indicative of a cyber security breach, the breach parameters being associated with a remediation provision in a policy for the computing systems and a network; one or more data collecting devices deployed within the network that collect entity information and monitor network traffic of the network that is related to security information; a processor configured to: utilize the entity information and the network traffic to calculate a composite score from a motivation score and a sophistication score, wherein the motivation score is indicative of a desire level of a malicious actor to cause a cyber security risk for the entity and the sophistication score is indicative of a cyber security sophistication of the entity; automatically detect occurrence of one or more of the events that are indicative of a cyber security breach based on the network traffic; automatically determine the breach parameters that apply for the one or more events that occurred; generate a remediation of cyber security parameters for the network based on the applicable breach parameters determined and the associated remediation provision, wherein the remediation of cyber security parameters at least includes modifying a password requirement associated with the one or more computer systems; and perform the remediation based on the breach parameters, wherein the remediation causes network changes that selectively reduce the motivation score for the entity or selectively increase the sophistication score of the entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system according to claim 1, wherein the network traffic comprises data collected regarding employees using one or more computing systems or a network associated with the system. Patented claim 2 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 2. The system according to claim 1, wherein the network traffic comprises data collected regarding employees using the one or more computing systems or the network. 3. The system according to claim 1, wherein the network traffic comprises data collected regarding websites visited by employees using a network associated with the system and one or more computing systems. Patented claim 3 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 3. The system according to claim 1, wherein the network traffic comprises data collected regarding websites visited by employees using the network and the one or more computing systems. 4. The system according to claim 1, wherein the processor is configured to evaluate the network traffic on one or more network layers. Patented claim 4 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 4. The system according to claim 1, wherein the processor is configured to evaluate the network traffic on one or more network layers. 5. The system according to claim 4, wherein the network traffic is evaluated for one or more of the following: dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and/or domain name system (DNS) information included in the network traffic. Patented claim 5 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 5. The system according to claim 4, wherein the network traffic is evaluated for any of dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and domain name system (DNS) information included in the network traffic. 6. The system according to claim 5, wherein the processor is further configured to: create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database. Patented claim 6 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 6. The system according to claim 5, wherein the processor is further configured to: create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database. 7. The system according to claim 1, further comprising a first set of sensors that operate on a data link layer of a network associated with the system. Patented claim 7 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 7. The system according to claim 1, wherein the processor comprises a first set of sensors that operate on a data link layer of the network. 8. The system according to claim 7, further comprising a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic. Patented claim 8 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 8. The system according to claim 7, wherein the processor further comprises a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic. 9. The system according to claim 8, wherein the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information. Patented claim 9 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 9. The system according to claim 8, wherein the second set of sensors transmits the ARP protocol information to the first set of sensors for storage in a database along with DNS information. 10. The system according to claim 1, wherein the remediation comprises recommendations for improvement for the entity based on a nature of the one or more events that occurred. Patented claim 10 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 10. The system according to claim 1, wherein the remediation comprises recommendations for improvement for the breached entity based on a nature of the one or more events that occurred. 11. The system according to claim 1, wherein the processor is further configured to: perform at least one of the following: query the entity or a network associated with the system for information; scrape available online sources; retrieve corporate filings; or query news sources and public record databases. Patented claim 11 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 11. The system according to claim 1, wherein the processor is further configured to query the entity or the network for information, scrape available online sources; retrieve corporate filings, and query news sources and public record databases. 12. The system of claim 1, wherein the remediation causes one or more network changes that increase a sophistication score of the entity, and wherein the sophistication score is indicative of a cyber security sophistication of the entity. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 13. The system according to claim 1, wherein the processor is further configured to: evaluate a plurality of networks to generate a plurality of risk scores and a plurality of motivation scores, the plurality of networks including a network associated with the system; and plot the plurality of risk scores and the plurality of motivation scores graphically as a peer group. Patented claim 12 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 12. The system according to claim 1, wherein the processor is further configured to: evaluate a plurality of networks to generate a plurality of risk scores and a plurality of motivation scores, the plurality of networks comprising the network; and plot the plurality of risk scores and the plurality of motivation scores graphically as a peer group. 14. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for one or more of the following: visibility, value, hacker sentiment, employee sentiment, company sentiment, and/or customer sentiment. Patented claim 13 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 13. The system according to claim 1, wherein the entity information and the network traffic are evaluated for any of visibility, value, hacker sentiment, employee sentiment, company sentiment, customer sentiment, and combinations thereof. 15. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for one or more of the following: traffic, usage, in-links, page views, duration, traffic volume, links, page rank, market value, stock trade volume, and/or exporting/importing information. Patented claim 14 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 14. The system according to claim 1, wherein the entity information and the network traffic are evaluated for any of traffic, usage, in-links, page views, duration, traffic volume, links, page rank, market value, stock trade volume, exporting/importing information, and combinations thereof. 16. The system according to claim 1, wherein the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 17. A method, comprising: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; and causing a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof. Patented claim 15 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 15. A method, comprising: establishing breach parameters for one or more computer systems and a network, the breach parameters defining one or more events that are indicative of a cyber security breach, the breach parameters being associated with a remediation provision in a cyber security policy of the one or more computer systems and a network; collecting entity information and monitoring network traffic of the network that is related to security information; utilizing the entity information and the network traffic to calculate a composite score from a motivation score and a sophistication score, wherein the motivation score is indicative of a desire level of a malicious actor to cause a cyber security risk for the entity and the sophistication score is indicative of a cyber security sophistication of the entity; automatically detecting occurrence of one or more of the events that are indicative of a cyber security breach based on the network traffic; automatically determining the breach parameters that apply for the one or more events that occurred; generating a remediation of cyber security parameters for a network based on the applicable breach parameters determined and the associated remediation provision, wherein the remediation at least includes modifying a password requirement associated with the one or more computer systems; and performing the remediation based on the breach parameters, wherein the remediation causes network changes that selectively reduce the motivation score for the entity or selectively increase the sophistication score of the entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity. 18. The method according to claim 17, further comprising providing recommendations for improvement for the entity based on a nature of the one or more events that occurred. Patented claim 16 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 16. The method according to claim 15, further comprising providing recommendations for improvement for the breached entity based on the nature of the one or more events that occurred. 19. The method according to claim 18, wherein the remediation causes one or more network changes that increase a sophistication score of the entity, and the method further comprises tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments. Patented claim 17 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 17. The method according to claim 16, further comprising tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments. 20. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising instructions for: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; and causing a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof. Patented claim 19 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 19. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising instructions for: establishing breach parameters for one or more computer systems and a network, the breach parameters defining one or more events that are indicative of a cyber security breach, the breach parameters being associated with a remediation provision in a cyber security policy of the one or more computer systems and a network; collecting entity information and monitoring network traffic of the network that is related to security information; utilizing the entity information and the network traffic to calculate a composite score from a motivation score and a sophistication score, wherein the motivation score is indicative of a desire level of a malicious actor to cause a cyber security risk for the entity and the sophistication score is indicative of a cyber security sophistication of the entity; automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on the network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred, wherein the one or more breach parameters define the one or more events that are indicative of the cyber security breach, wherein the one or more breach parameters are associated with a remediation provision in a policy for one or more computing systems; generating a remediation of cyber security parameters for the network based on the applicable breach parameters determined and the associated remediation provision, wherein the remediation of the cyber security parameters at least includes modifying a password requirement associated with the one or more computing systems; and performing the remediation based on the breach parameters, wherein the remediation causes network changes that selectively reduce the motivation score for the entity or selectively increase the sophistication score of the entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity. Claim(s) 1-20 is/are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over the claim(s) of U.S. Patent 11265350 . The table below sets forth exemplary claim(s). 19067330 (Instant Application) U.S. Patent 11265350 (App 16/513186) 1. A system, comprising: a processor configured to: automatically detect occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determine one or more breach parameters that apply for the one or more events that occurred; and cause a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof; and a memory coupled to the processor and configured to provide the processor with instructions. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 1. A system, comprising: a processor configured to: automatically detect occurrence of one or more of events that are indicative of a cyber security breach based on network traffic; automatically determine one or more breach parameters that apply for the one or more events that occurred; generate a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision, wherein the remediation of cyber security parameters at least includes modifying a password requirement associated with one or more computer systems; and cause the remediation to be performed, wherein the remediation causes one or more network changes that increase a sophistication score of an entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity, wherein the remediation includes a monetary payout that is adjusted based on an event threshold associated with the one or more events, and wherein the monetary payout corresponds with the one or more of events failing to satisfying the event threshold, or the one or more of events satisfying or exceeding the event threshold; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system according to claim 1, wherein the network traffic comprises data collected regarding employees using one or more computing systems or a network associated with the system. Patented claim 2 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 2. The system according to claim 1, wherein the network traffic comprises data collected regarding employees using the one or more computing systems or a network associated with the system. 3. The system according to claim 1, wherein the network traffic comprises data collected regarding websites visited by employees using a network associated with the system and one or more computing systems. Patented claim 3 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 3. The system according to claim 1, wherein the network traffic comprises data collected regarding websites visited by employees using a network associated with the system and the one or more computing systems. 4. The system according to claim 1, wherein the processor is configured to evaluate the network traffic on one or more network layers. Patented claim 4 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 4. The system according to claim 1, wherein the processor is configured to evaluate the network traffic on one or more network layers. 5. The system according to claim 4, wherein the network traffic is evaluated for one or more of the following: dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and/or domain name system (DNS) information included in the network traffic. Patented claim 5 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 5. The system according to claim 4, wherein the network traffic is evaluated for any of dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and domain name system (DNS) information included in the network traffic. 6. The system according to claim 5, wherein the processor is further configured to: create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database. Patented claim 6 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 6. The system according to claim 5, wherein the processor is further configured to: create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database. 7. The system according to claim 1, further comprising a first set of sensors that operate on a data link layer of a network associated with the system. Patented claim 7 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 7. The system according to claim 1, further comprising a first set of sensors that operate on a data link layer of a network associated with the system. 8. The system according to claim 7, further comprising a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic. Patented claim 8 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 8. The system according to claim 7, further comprising a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic. 9. The system according to claim 8, wherein the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information. Patented claim 9 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 9. The system according to claim 8, wherein the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information. 10. The system according to claim 1, wherein the remediation comprises recommendations for improvement for the entity based on a nature of the one or more events that occurred. Patented claim 10 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 10. The system according to claim 1, wherein the remediation comprises recommendations for improvement for the entity based on a nature of the one or more events that occurred. 11. The system according to claim 1, wherein the processor is further configured to: perform at least one of the following: query the entity or a network associated with the system for information; scrape available online sources; retrieve corporate filings; or query news sources and public record databases. Patented claim 11 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 11. The system according to claim 1, wherein the processor is further configured to perform at least one of query the entity or a network associated with the system for information, scrape available online sources; retrieve corporate filings, or query news sources and public record databases. 12. The system of claim 1, wherein the remediation causes one or more network changes that increase a sophistication score of the entity, and wherein the sophistication score is indicative of a cyber security sophistication of the entity. Patented claim 12 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 12. The system of claim 1, wherein the sophistication score is indicative of a cyber security sophistication of the entity. 13. The system according to claim 1, wherein the processor is further configured to: evaluate a plurality of networks to generate a plurality of risk scores and a plurality of motivation scores, the plurality of networks including a network associated with the system; and plot the plurality of risk scores and the plurality of motivation scores graphically as a peer group. Patented claim 13 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 13. The system according to claim 1, wherein the processor is further configured to: evaluate a plurality of networks to generate a plurality of risk scores and a plurality of motivation scores, the plurality of networks including a network associated with the system; and plot the plurality of risk scores and the plurality of motivation scores graphically as a peer group. 14. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for one or more of the following: visibility, value, hacker sentiment, employee sentiment, company sentiment, and/or customer sentiment. Patented claim 14 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 14. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for any of visibility, value, hacker sentiment, employee sentiment, company sentiment, customer sentiment, and combinations thereof. 15. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for one or more of the following: traffic, usage, in-links, page views, duration, traffic volume, links, page rank, market value, stock trade volume, and/or exporting/importing information. Patented claim 15 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 15. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for any of traffic, usage, in-links, page views, duration, traffic volume, links, page rank, market value, stock trade volume, exporting/importing information, and combinations thereof. 16. The system according to claim 1, wherein the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 17. A method, comprising: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; and causing a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof. Patented claim 17 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 17. A method, comprising: automatically detecting occurrence of one or more of events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; generating a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision, wherein the remediation at least includes modifying a password requirement associated with one or more computer systems; and causing the remediation to be performed, wherein the remediation causes one or more network changes that increase a sophistication score of an entity, wherein at least one of the network changes includes increasing a password complexity associated with the one or more computer systems and prompting a user associated with the entity to create an associated password that complies with the password complexity, wherein the remediation includes a monetary payout that is adjusted based on an event threshold associated with the one or more events, and wherein the monetary payout corresponds with the one or more of events failing to satisfying the event threshold, or the one or more of events satisfying or exceeding the event threshold. 18. The method according to claim 17, further comprising providing recommendations for improvement for the entity based on a nature of the one or more events that occurred. Patented claim 18 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 18. The method according to claim 17, further comprising providing recommendations for improvement for the entity based on a nature of the one or more events that occurred. 19. The method according to claim 18, wherein the remediation causes one or more network changes that increase a sophistication score of the entity, and the method further comprises tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments. Patented claim 19 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 19. The method according to claim 18, further comprising tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments. 20. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising instructions for: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; and causing a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof. Patented claim 21 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 21. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising instructions for: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; generating a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision, wherein the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems; and causing the remediation to be performed, wherein the remediation causes one or more network changes that increase a sophistication score of an entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity, wherein the remediation includes a monetary payout that is adjusted based on an event threshold associated with the one or more events, and wherein the monetary payout corresponds with the one or more of events failing to satisfying the event threshold, or the one or more of events satisfying or exceeding the event threshold. Claim(s) 1-20 is/are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over the claim(s) of U.S. Patent 12273388 . The table below sets forth exemplary claim(s). 19067330 (Instant Application) U.S. Patent 12273388 (App 17/586538 ) 1. A system, comprising: a processor configured to: automatically detect occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determine one or more breach parameters that apply for the one or more events that occurred; and cause a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof; and a memory coupled to the processor and configured to provide the processor with instructions. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 1. A system, comprising: a processor configured to: automatically detect occurrence of one or more of events that are indicative of a cyber security breach based on network traffic; automatically determine one or more breach parameters that apply for the one or more events that occurred; generate a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision, wherein the remediation of cyber security parameters at least includes modifying a password requirement associated with one or more computer systems; cause the remediation to be performed, wherein the remediation causes one or more network changes that increase a sophistication score of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof; evaluate a plurality of networks to generate a plurality of sophistication scores and a plurality of motivation scores, the plurality of networks including a network associated with the system, wherein one motivation score of the plurality of motivation scores relates to a desire level of a malicious actor to cause a cyber security risk for the entity; and plot the plurality of sophistication scores and the plurality of motivation scores graphically as a peer group; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system according to claim 1, wherein the network traffic comprises data collected regarding employees using one or more computing systems or a network associated with the system. Patented claim 2 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 2. The system according to claim 1, wherein the network traffic comprises data collected regarding employees using the one or more computing systems or a network associated with the system. 3. The system according to claim 1, wherein the network traffic comprises data collected regarding websites visited by employees using a network associated with the system and one or more computing systems. Patented claim 3 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 3. The system according to claim 1, wherein the network traffic comprises data collected regarding websites visited by employees using a network associated with the system and the one or more computing systems. 4. The system according to claim 1, wherein the processor is configured to evaluate the network traffic on one or more network layers. Patented claim 4 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 4. The system according to claim 1, wherein the processor is configured to evaluate the network traffic on one or more network layers. 5. The system according to claim 4, wherein the network traffic is evaluated for one or more of the following: dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and/or domain name system (DNS) information included in the network traffic. Patented claim 5 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 5. The system according to claim 4, wherein the network traffic is evaluated for any of dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and domain name system (DNS) information included in the network traffic. 6. The system according to claim 5, wherein the processor is further configured to: create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database. Patented claim 6 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 6. The system according to claim 5, wherein the processor is further configured to: create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database. 7. The system according to claim 1, further comprising a first set of sensors that operate on a data link layer of a network associated with the system. Patented claim 7 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 7. The system according to claim 1, further comprising a first set of sensors that operate on a data link layer of a network associated with the system. 8. The system according to claim 7, further comprising a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic. Patented claim 8 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 8. The system according to claim 7, further comprising a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic. 9. The system according to claim 8, wherein the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information. Patented claim 9 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 9. The system according to claim 8, wherein the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information. 10. The system according to claim 1, wherein the remediation comprises recommendations for improvement for the entity based on a nature of the one or more events that occurred. Patented claim 10 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 10. The system according to claim 1, wherein the remediation comprises recommendations for improvement for the entity based on a nature of the one or more events that occurred. 11. The system according to claim 1, wherein the processor is further configured to: perform at least one of the following: query the entity or a network associated with the system for information; scrape available online sources; retrieve corporate filings; or query news sources and public record databases. Patented claim 11 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 11. The system according to claim 1, wherein the processor is further configured to perform at least one of query the entity or a network associated with the system for information; scrape available online sources; retrieve corporate filings; or query news sources and public record databases. 12. The system of claim 1, wherein the remediation causes one or more network changes that increase a sophistication score of the entity, and wherein the sophistication score is indicative of a cyber security sophistication of the entity. Patented claim 12 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 12. The system of claim 1, wherein the sophistication score is indicative of a cyber security sophistication of the entity. 13. The system according to claim 1, wherein the processor is further configured to: evaluate a plurality of networks to generate a plurality of risk scores and a plurality of motivation scores, the plurality of networks including a network associated with the system; and plot the plurality of risk scores and the plurality of motivation scores graphically as a peer group. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 14. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for one or more of the following: visibility, value, hacker sentiment, employee sentiment, company sentiment, and/or customer sentiment. Patented claim 13 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 13. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for any of visibility, value, hacker sentiment, employee sentiment, company sentiment, customer sentiment, and combinations thereof. 15. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for one or more of the following: traffic, usage, in-links, page views, duration, traffic volume, links, page rank, market value, stock trade volume, and/or exporting/importing information. Patented claim 14 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 14. The system according to claim 1, wherein information associated with the entity and the network traffic are evaluated for any of traffic, usage, in-links, page views, duration, traffic volume, links, page rank, market value, stock trade volume, exporting/importing information, and combinations thereof. 16. The system according to claim 1, wherein the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems. Patented claim 1 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 17. A method, comprising: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; and causing a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof. Patented claim 15 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 15. A method, comprising: automatically detecting occurrence of one or more of events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; generating a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision, wherein the remediation at least includes modifying a password requirement associated with one or more computer systems; causing the remediation to be performed, wherein the remediation causes one or more network changes that increase a sophistication score of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof; evaluating a plurality of networks to generate a plurality of sophistication scores and a plurality of motivation scores, the plurality of networks including a network associated with the system, wherein one motivation score of the plurality of motivation scores relates to a desire level of a malicious actor to cause a cyber security risk for the entity; and plotting the plurality of sophistication scores and the plurality of motivation scores graphically as a peer group. 18. The method according to claim 17, further comprising providing recommendations for improvement for the entity based on a nature of the one or more events that occurred. Patented claim 16 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 16. The method according to claim 15, further comprising providing recommendations for improvement for the entity based on a nature of the one or more events that occurred. 19. The method according to claim 18, wherein the remediation causes one or more network changes that increase a sophistication score of the entity, and the method further comprises tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments. Patented claim 17 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 17. The method according to claim 16, further comprising tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments. 20. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising instructions for: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; and causing a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof. Patented claim 18 (reproduced herein for convenience) discloses all of the limitations of the instant claim. 18. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising instructions for: automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred; generating a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision, wherein the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems; causing the remediation to be performed, wherein the remediation causes one or more network changes that increase a sophistication score of an entity, wherein the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof; evaluating a plurality of networks to generate a plurality of sophistication scores and a plurality of motivation scores, the plurality of networks including a network associated with the system, wherein one motivation score of the plurality of motivation scores relates to a desire level of a malicious actor to cause a cyber security risk for the entity; and plotting the plurality of sophistication scores and the plurality of motivation scores graphically as a peer group. Summary of Claim Rejections under 35 U.S.C. § 102 and § 103 The following table summarizes the rejections set forth in detail below of the claims over the prior art. Claim No. Oliphant '142 Oliphant '142 in view of Official Notice Oliphant '142 in view of Wolman '720 Oliphant '142 in view of Boss '559 Oliphant '142 in view of King-Wilson '953 1 [Wingdings font/0xFC] 2 [Wingdings font/0xFC] 3 [Wingdings font/0xFC] 4 [Wingdings font/0xFC] 5 [Wingdings font/0xFC] 6 [Wingdings font/0xFC] 7 [Wingdings font/0xFC] 8 [Wingdings font/0xFC] 9 [Wingdings font/0xFC] 10 [Wingdings font/0xFC] 11 [Wingdings font/0xFC] 12 [Wingdings font/0xFC] 13 14 [Wingdings font/0xFC] 15 [Wingdings font/0xFC] 16 [Wingdings font/0xFC] 17 [Wingdings font/0xFC] 18 [Wingdings font/0xFC] 19 [Wingdings font/0xFC] 20 [Wingdings font/0xFC] Claim Rejections - 35 U.S.C. § 102 The following is a quotation of the appropriate paragraphs of AIA 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim(s) 1, 2, 10, 11, 15, 17, 18, 20 is/are rejected under 35 U.S.C. § 102 as being anticipated by U.S. Publication 20150271142 to Oliphant et al. (hereinafter "Oliphant '142") . Oliphant '142 is prior art to the claims under 35 U.S.C. § 102(a)(1) and 35 U.S.C. § 102(a)(2). Per claim 1 (independent): Oliphant '142 discloses a system comprising a processor configured to perform operations (processor(s), memory, computer readable media, storage, executable instructions [Oliphant '142 ¶ 0021-0026]) Oliphant '142 discloses automatically detect occurrence of one or more events that are indicative of a cyber security breach based on network traffic (detects whether incoming request 211 or outgoing request 231 might represent a potential breach [Oliphant '142 ¶ 0030-0032, Fig. 2-3]) Oliphant '142 discloses automatically determine one or more breach parameters that apply for the one or more events that occurred (determines, e.g. request destination, payload, vulnerability identifier, etc. [Oliphant '142 ¶ 0030]) Oliphant '142 discloses cause a remediation of cyber security parameters for a network based on the one or more determined breach parameters and an associated remediation provision in a cyber security policy of an entity (enforcement module automatically remediates [Oliphant '142 ¶ 0147-0150]; selects remediation technique(s) from database based on vulnerability data and destination machine, such as policy updates [Oliphant '142 ¶ 0033-0035, 0039]; remediations include resetting user password and/or user privileges and changing password policies [Oliphant '142 ¶ 0176, 0179]) Oliphant '142 discloses the remediation comprises a change to a hosting infrastructure, network or website topology, vulnerability scanning, content distribution networks, shared hosting, cloud services, patching, updating, default passwords, and any combinations thereof (remediations include, e.g., resetting passwords [Oliphant '142 ¶ 0176] and instructing router or firewall to drop or redirect traffic [Oliphant '142 ¶ 0032, 0046]; allows connections when device compliance status is above threshold and denies connections when below threshold [Oliphant '142 ¶ 0044, 0047]; maintains real-time device compliance status [Oliphant '142 ¶ 0035, 0037]) Oliphant '142 discloses a memory coupled to the processor and configured to provide the processor with instructions (processor(s), memory, computer readable media, storage, executable instructions [Oliphant '142 ¶ 0021-0026]) Per claim 2 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 discloses the network traffic comprises data collected regarding employees using one or more computing systems or a network associated with the system (detects whether incoming request 211 or outgoing request 231 might represent a potential breach [Oliphant '142 ¶ 0030-0032, Fig. 2-3]) Per claim 10 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 discloses the remediation comprises recommendations for improvement for the entity based on a nature of the one or more events that occurred (selects remediation technique(s) from database based on vulnerability data and destination machine, such as policy updates [Oliphant '142 ¶ 0033-0035, 0039]) Per claim 11 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 discloses perform at least one of the following: query the entity or a network associated with the system for information; scrape available online sources; retrieve corporate filings; or query news sources and public record databases (queries security database for information about network [Oliphant '142 ¶ 0030, 0032]) Per claim 15 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 discloses information associated with the entity and the network traffic are evaluated for one or more of the following: traffic, usage, in-links, page views, duration, traffic volume, links, page rank, market value, stock trade volume, and/or exporting/importing information (network traffic is evaluated as traffic [Oliphant '142 ¶ 0030-0035, 0039]) Per claim 17 (independent): The remaining limitations of the claim(s) correspond(s) to features of claim(s) 1 and the claim(s) is/are rejected for the reasons detailed with respect to those claims. Per claim 18 (dependent on claim 17): Oliphant '142 discloses the elements detailed in the rejection of claim 17 above, incorporated herein by reference The remaining limitations of the claim(s) correspond(s) to features of claim(s) 10 and the claim(s) is/are rejected for the reasons detailed with respect to those claims. Per claim 20 (independent): The remaining limitations of the claim(s) correspond(s) to features of claim(s) 1 and the claim(s) is/are rejected for the reasons detailed with respect to those claims. Claim Rejections - 35 U.S.C. § 103 The following is a quotation of AIA 35 U.S.C. 103 that forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. § 103(a) are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 3 is/are rejected under 35 U.S.C. § 103 as being unpatentable over Oliphant '142 in view of Official Notice. Per claim 3 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 does not disclose the network traffic comprises data collected regarding websites visited by employees using a network associated with the system and one or more computing systems Further: Examiner takes Official Notice that it was well-known and conventional in the art to collect traffic data associated with websites visited by employees, which websites are sometimes malicious. It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified the monitoring of outgoing requests [Oliphant '142 ¶ 0030-0032, Fig. 2-3] of Oliphant '142 with the monitoring of employee accesses to websites to arrive at an apparatus, method, and product including: the network traffic comprises data collected regarding websites visited by employees using a network associated with the system and one or more computing systems A person having ordinary skill in the art would have been motivated to combine them at least because such monitoring would have helped to protect the network from malware served up by malicious websites. Claim(s) 4-9 is/are rejected under 35 U.S.C. § 103 as being unpatentable over Oliphant '142 in view of U.S. Publication 20070298720 to Wolman et al. (hereinafter "Wolman '720"). Wolman '720 is prior art to the claims under 35 U.S.C. § 102(a)(1) and 35 U.S.C. § 102(a)(2). Per claim 4 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 does not disclose the processor is configured to evaluate the network traffic on one or more network layers Further: Wolman '720 discloses the processor is configured to evaluate the network traffic on one or more network layers (monitors MAC addresses and IP addresses to identify suspect devices [Wolman '720 ¶ 0059-0060]) It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the network traffic monitoring of Wolman '720 to arrive at an apparatus, method, and product including: the processor is configured to evaluate the network traffic on one or more network layers A person having ordinary skill in the art would have been motivated to combine them at least because the network traffic monitoring techniques of Wolman '720 provide helpful mechanisms for identifying the potential breaches [Oliphant '142 ¶ 0030-0032, Fig. 2-3] sought by Oliphant '142. A person having ordinary skill in the art would have been further motivated to combine them at least because Wolman '720 teaches [Wolman '720 ¶ 0059-0060] network traffic monitoring techniques for identifying potential breaches [Oliphant '142 ¶ 0030-0032, Fig. 2-3] such as that of Oliphant '142 to arrive at the claimed invention; because doing so constitutes use of a known technique (network traffic monitoring techniques for identifying potential breaches [Wolman '720 ¶ 0059-0060]) to improve similar devices and/or methods (automatic vulnerability remediation system [Oliphant '142 ¶ 0030-0032, Fig. 2-3]) in the same way; because doing so constitutes applying a known technique (network traffic monitoring techniques for identifying potential breaches [Wolman '720 ¶ 0059-0060]) to known devices and/or methods (automatic vulnerability remediation system [Oliphant '142 ¶ 0030-0032, Fig. 2-3]) ready for improvement to yield predictable results; and because the modification amounts to combining prior art elements according to known methods to yield predictable results. Here, (1) the prior art included each element (as detailed above); (2) one of ordinary skill in the art could have combined the elements as claimed by known methods, and in this combination, each element merely performs the same function as it does separately (network traffic monitoring techniques for identifying potential breaches [Wolman '720 ¶ 0059-0060] for automatic vulnerability remediation system [Oliphant '142 ¶ 0030-0032, Fig. 2-3]); (3) one of ordinary skill in the art would have recognized that the results of the combination were predictable; and (4) other considerations do not overcome this conclusion. Per claim 5 (dependent on claim 4): Oliphant '142 in view of Wolman '720 discloses the elements detailed in the rejection of claim 4 above, incorporated herein by reference Oliphant '142 does not disclose the network traffic is evaluated for one or more of the following: dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and/or domain name system (DNS) information included in the network traffic Further: Wolman '720 discloses the network traffic is evaluated for one or more of the following: dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and/or domain name system (DNS) information included in the network traffic (identifies suspect devices by DHCP fingerprint [Wolman '720 ¶ 0060-0063, Abstract]) For the reasons detailed above with respect to claim 4, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the network traffic monitoring of Wolman '720 to arrive at an apparatus, method, and product including: the network traffic is evaluated for one or more of the following: dynamic host protocol (DHCP) information, classless inter-domain routing (CIDR) blocks, and/or domain name system (DNS) information included in the network traffic Per claim 6 (dependent on claim 5): Oliphant '142 in view of Wolman '720 discloses the elements detailed in the rejection of claim 5 above, incorporated herein by reference Oliphant '142 does not disclose create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database Further: Wolman '720 discloses create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database (identifies suspect devices by DHCP fingerprint [Wolman '720 ¶ 0060-0063, Abstract]) For the reasons detailed above with respect to claim 4, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the network traffic monitoring of Wolman '720 to arrive at an apparatus, method, and product including: create a fingerprint of the network traffic from the DHCP information; and store the fingerprint in a database Per claim 7 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 does not disclose a first set of sensors that operate on a data link layer of a network associated with the system Further: Wolman '720 discloses a first set of sensors that operate on a data link layer of a network associated with the system (monitors MAC addresses to identify suspect devices [Wolman '720 ¶ 0048-0056, 0059-0060]) For the reasons detailed above with respect to claim 4, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the network traffic monitoring of Wolman '720 to arrive at an apparatus, method, and product including: a first set of sensors that operate on a data link layer of a network associated with the system Per claim 8 (dependent on claim 7): Oliphant '142 in view of Wolman '720 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference Oliphant '142 does not disclose a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic Further: Wolman '720 discloses a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic (monitors ARP traffic to identify suspect devices [Wolman '720 ¶ 0048-0056]) For the reasons detailed above with respect to claim 4, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the network traffic monitoring of Wolman '720 to arrive at an apparatus, method, and product including: a second set of sensors that operate on an Internet Protocol Address layer of the network to evaluate address resolution (ARP) protocol information from the network traffic Per claim 9 (dependent on claim 8): Oliphant '142 in view of Wolman '720 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference Oliphant '142 does not disclose the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information Further: Wolman '720 discloses the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information (monitors ARP traffic to identify suspect devices [Wolman '720 ¶ 0048-0056]) For the reasons detailed above with respect to claim 4, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the network traffic monitoring of Wolman '720 to arrive at an apparatus, method, and product including: the second set of sensors are configured to transmit the ARP protocol information to the first set of sensors for storage in a database along with DNS information Claim(s) 12, 16, 19 is/are rejected under 35 U.S.C. § 103 as being unpatentable over Oliphant '142 in view of U.S. Publication 20150324559 to Boss et al. (hereinafter " Boss '559"). Boss '559 is prior art to the claims under 35 U.S.C. § 102(a)(1) and 35 U.S.C. § 102(a)(2). Per claim 12 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 does not disclose the remediation causes one or more network changes that increase a sophistication score of the entity, and wherein the sophistication score is indicative of a cyber security sophistication of the entity Further: Boss '559 discloses the remediation causes one or more network changes that increase a sophistication score of the entity, and wherein the sophistication score is indicative of a cyber security sophistication of the entity (dynamically changes password complexity policy and determines sophistication score [Boss '559 ¶ 0022, 0033-0034, 0040]) It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the scores computed by Boss '559 to arrive at an apparatus, method, and product including: the remediation causes one or more network changes that increase a sophistication score of the entity, and wherein the sophistication score is indicative of a cyber security sophistication of the entity A person having ordinary skill in the art would have been motivated to combine them at least because characterizing the compliance status of Oliphant '142 as a score as computed by Boss '559 would provide a ready shorthand for comparing degrees of compliance and comparing a level of compliance to a threshold value. A person having ordinary skill in the art would have been further motivated to combine them at least because Boss '559 teaches [Boss '559 ¶ 0022, 0033-0034, 0040] modifying a compliance status [Oliphant '142 ¶ 0044, 0047, 0035, 0037] such as that of Oliphant '142 to arrive at the claimed invention; because doing so constitutes use of a known technique (computed compliance score [Boss '559 ¶ 0022, 0033-0034, 0040]) to improve similar devices and/or methods (compliance status [Oliphant '142 ¶ 0044, 0047, 0035, 0037]) in the same way; because doing so constitutes applying a known technique (computed compliance score [Boss '559 ¶ 0022, 0033-0034, 0040]) to known devices and/or methods (compliance status [Oliphant '142 ¶ 0044, 0047, 0035, 0037]) ready for improvement to yield predictable results; and because the modification amounts to combining prior art elements according to known methods to yield predictable results. Here, (1) the prior art included each element (as detailed above); (2) one of ordinary skill in the art could have combined the elements as claimed by known methods, and in this combination, each element merely performs the same function as it does separately (compliance status [Oliphant '142 ¶ 0044, 0047, 0035, 0037] is represented by a computed compliance score [Boss '559 ¶ 0022, 0033-0034, 0040]); (3) one of ordinary skill in the art would have recognized that the results of the combination were predictable; and (4) other considerations do not overcome this conclusion. Per claim 16 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 does not disclose the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems Further: Boss '559 discloses the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems (dynamically changes password complexity policy [Boss '559 ¶ 0022, 0033-0034, 0040]) For the reasons detailed above with respect to claim 12, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the scores computed by Boss '559 to arrive at an apparatus, method, and product including: the remediation of the cyber security parameters at least includes modifying a password requirement associated with one or more computing systems Per claim 19 (dependent on claim 18): Oliphant '142 discloses the elements detailed in the rejection of claim 18 above, incorporated herein by reference Oliphant '142 does not disclose the remediation causes one or more network changes that increase a sophistication score of the entity, and the method further comprises tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments Further: Boss '559 discloses the remediation causes one or more network changes that increase a sophistication score of the entity, and the method further comprises tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments (dynamically changes password complexity policy based on user sophistication score and recomputes sophistication score [Boss '559 ¶ 0022, 0033-0034, 0040]) For the reasons detailed above with respect to claim 12, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the scores computed by Boss '559 to arrive at an apparatus, method, and product including: the remediation causes one or more network changes that increase a sophistication score of the entity, and the method further comprises tying at least one of sophistication scores and changes in sophistication scores to remediation adjustments Claim(s) 14 is/are rejected under 35 U.S.C. § 103 as being unpatentable over Oliphant '142 in view of U.S. Publication 20160197953 to King-Wilson (hereinafter " King-Wilson '953"). King-Wilson '953 is prior art to the claims under 35 U.S.C. § 102(a)(2). Per claim 14 (dependent on claim 1): Oliphant '142 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference Oliphant '142 does not disclose information associated with the entity and the network traffic are evaluated for one or more of the following: visibility, value [lost to attacks], hacker sentiment, employee sentiment, company sentiment, and/or customer sentiment However, Oliphant '142 discloses information associated with the entity and the network traffic are evaluated for one or more of the following: visibility, value [lost to downtime], hacker sentiment, employee sentiment, company sentiment, and/or customer sentiment (considers value/criticality of downtime to vulnerable systems [Oliphant '142 ¶ 0041]) Further: King-Wilson '953 discloses information associated with the entity and the network traffic are evaluated for one or more of the following: visibility, value, hacker sentiment, employee sentiment, company sentiment, and/or customer sentiment (evaluates value/severity of interruption/loss to the entity [King-Wilson '953 ¶ 0062, 0190, 0204]) It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Oliphant '142 with the value/severity evaluation of King-Wilson '953 to arrive at an apparatus, method, and product including: information associated with the entity and the network traffic are evaluated for one or more of the following: visibility, value, hacker sentiment, employee sentiment, company sentiment, and/or customer sentiment A person having ordinary skill in the art would have been motivated to combine them at least because the value/severity evaluation of King-Wilson '953 would help prioritize the potential breaches identified by Oliphant '142. A person having ordinary skill in the art would have been further motivated to combine them at least because King-Wilson '953 teaches [King-Wilson '953 ¶ 0062, 0190, 0204] modifying a automatic vulnerability remediation system [Oliphant '142 ¶ 0030-0032, Fig. 2-3] such as that of Oliphant '142 to arrive at the claimed invention; because doing so constitutes use of a known technique (value/severity evaluation [King-Wilson '953 ¶ 0062, 0190, 0204]) to improve similar devices and/or methods (automatic vulnerability remediation system [Oliphant '142 ¶ 0030-0032, Fig. 2-3]) in the same way; because doing so constitutes applying a known technique (value/severity evaluation [King-Wilson '953 ¶ 0062, 0190, 0204]) to known devices and/or methods (automatic vulnerability remediation system [Oliphant '142 ¶ 0030-0032, Fig. 2-3]) ready for improvement to yield predictable results; and because the modification amounts to combining prior art elements according to known methods to yield predictable results. Here, (1) the prior art included each element (as detailed above); (2) one of ordinary skill in the art could have combined the elements as claimed by known methods, and in this combination, each element merely performs the same function as it does separately (automatic vulnerability remediation system [Oliphant '142 ¶ 0030-0032, Fig. 2-3] evaluates threats using value/severity evaluation [King-Wilson '953 ¶ 0062, 0190, 0204]); (3) one of ordinary skill in the art would have recognized that the results of the combination were predictable; and (4) other considerations do not overcome this conclusion. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to THEODORE C PARSONS whose telephone number is (571)270-1475. The examiner can normally be reached on MTWRF 7:30-4:30. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/apply/forms. /THEODORE C PARSONS/Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Feb 28, 2025
Application Filed
Jun 10, 2026
Non-Final Rejection mailed — §102, §103
Jul 01, 2026
Applicant Interview (Telephonic)
Jul 01, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12665775
METHODS, PROTOCOLS, AND APPARATUSES OF QUANTUM PHYSICAL UNCLONABLE FUNCTIONS
2y 5m to grant Granted Jun 23, 2026
Patent 12634135
Systems and Methods for Blockchain-Based Content Co-Creation
3y 7m to grant Granted May 19, 2026
Patent 12634291
Schema Based Access Management for Improved Information Security
2y 10m to grant Granted May 19, 2026
Patent 12627635
SYSTEM AND METHOD FOR AUTOMATIC DOCUMENT PROTECTION USING INFORMATION RIGHTS MANAGEMENT
4y 1m to grant Granted May 12, 2026
Patent 12625948
Using Machine Learning to Detect QRLjacking to Prevent Multichannel Phishing on Applications or IOT Devices
2y 10m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
78%
Grant Probability
99%
With Interview (+22.0%)
3y 1m (~1y 8m remaining)
Median Time to Grant
Low
PTA Risk
Based on 462 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month