Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This action is in response to the application filed on 6/13/2025
Priority
Acknowledgment is made of applicant's claim for prior priority dates including:
This application is a CON of 18/627,933 04/05/2024 PAT 12333612
18/627,933 is a CIP of 18/203,630 05/30/2023
18/203,630 has PRO 63/457,671 04/06/2023
18/203,630 has PRO 63/347,389 05/31/2022
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
All claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim(s) of U.S. Patent No. 18-203-630. Although the claims at issue are not identical, they are not patentably distinct from each other because both sets of claims are directed to systems and methods for systems and methods for determining a state of cybersecurity based on safeguards.
The differences between the claimed invention and the reference claims are limited to this application relates to “cybersecurity data” and parent application 18-203-630 relates to “entity data”. This difference would have been an obvious modification to a person of ordinary skill in the art because it represents a predictable variation to achieve intended purpose or function, and thus does not render the claims patentably distinct.
Regarding claim 1, the limitations of this claim are disclosed by, or correspond to, the limitations of claim 1 of U.S. Patent No. 18-203-630.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
All claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claims are directed to a system, method, or product, which are/is one of the statutory categories of invention. (Step 1: YES).
The Examiner has identified independent method Claim 13 (herein called the Primary Independent Claim) as the claim that represents the claimed invention for analysis and is similar to independent system Claim 1 and product Claim 19 (herein called Additional Independent Claims). The Primary Independent Claim recites the limitations of: A method, comprising: receiving or identifying, by one or more processing circuits, cybersecurity data using a network connection or interface established with one or more computing systems of at least one entity; determining or identifying, by the one or more processing circuits, a state of cybersecurity of the at least one entity in response to receiving the cybersecurity data, wherein the state of cybersecurity corresponds with a cybersecurity resilience; and generating or updating, by the one or more processing circuits, a parameter corresponding with a cybersecurity evaluation, modeling tool, or third-party product based at least in part on the state of cybersecurity.
These limitations, under their broadest reasonable interpretation, cover performance of the limitation as “Certain Methods of Organizing Human Activity”. The limitation of at least “determining or identifying, by the one or more processing circuits, a state of cybersecurity of the at least one entity in response to receiving the cybersecurity data, generating or updating, by the one or more processing circuits, a parameter corresponding with a cybersecurity evaluation, modeling tool, or third-party product based at least in part on the state of cybersecurity.” recites a fundamental economic practice. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic practice, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
The limitation of at least “one or more processing circuits comprising memory and at least one processor” in the Primary Independent Claim is just applying generic computer components to the recited abstract limitations. The recitation of generic computer components in a claim does not necessarily preclude that claim from reciting an abstract idea. The Additional Independent Claims are also abstract for similar reasons. (Step 2A-Prong 1: YES. The claims recite an abstract idea)
This judicial exception is not integrated into a practical application. The examiner did not find any additional elements that would cause further analysis. The computer hardware/software is/are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, all the independent claims are directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer hardware and software per se amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. See MPEP 2106.05(f) where applying a computer as a tool is not indicative of significantly more as well as MPEP 2106.05(d). Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. Thus, all independent claims are not patent eligible. (Step 2B: NO. The claims do not provide significantly more)
Dependent claims further define the abstract idea that is present in their respective independent claims, and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, the dependent claims are directed to an abstract idea. Thus, all the claims are not patent-eligible.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Smith et al., U.S. Patent Pub 2019/0132350, discloses a risk framework tool for a distributed ledger-based computing system (i.e., blockchain) that can present a common risk framework to a user that can then allow for the user to determine what risks are important for it to manage.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kirsten Apple whose telephone number is (571)272-5588. The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Anderson can be reached on (571) 270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KIRSTEN S APPLE/Primary Examiner, Art Unit 3693