Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Status of the Application
The following is a non-Final Office Action. 
Applicant Request for Continuation Examination on December 2, 2020.  
Amended Claims 11, 13-17. Added 21-23

Claims 1-23 are now pending in this application and 1-10 are withdrawn from consideration and 11-23 have been rejected below. 


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on December 2, 2020 has been entered. 

Response to Amendment
Applicant's amendments to Claims 11, 13-17 are sufficient to overcome the 35 USC 112(b) rejections set forth in the previous action. The 35 USC 112(b) rejections are hereby withdrawn.

Applicant's amendments to Claims 11, 13-17 are not sufficient to overcome the 35 USC 101 rejections set forth in the previous action.

Applicant's amendments to Claims 11, 13-17 are not sufficient to overcome the prior art rejections set forth in the previous action.
Response to Arguments - 35 USC § 101
Applicant’s arguments with respect to the rejections have been fully considered, but they are not persuasive. Therefore, the rejections are maintained. 

Applicant submits, “…The above limitations of the Claims are directed to a user interface in the form of one or more graphical representation in an electronic calendar that identify a schedule of the baseline simulated phishing campaign, the electronic based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign and to identify a status of execution of a corresponding campaign in the one or more graphical representations. Therefore, the Claims do not recite a mental process and thus are not directed to a judicial exception. ...” The Examiner respectfully disagrees.

Examiner notes, while the amendments reciting new additional elements, i.e. user interface, the abstract elements identified and analyzed under Step 2A Prong 1 are directed to mental processes and organizing human activities.

Applicant submits, “…the Claims integrate any would-be purported abstract idea into a practical application by reciting elements reflecting an improvement in the functioning of a computing device.... the Claims recite additional elements that integrate any recited judicial exception into a practical application...” The Examiner respectfully disagrees.

Analyzing under Step 2A, Prong 2:
This judicial exception is not integrated into a practical application under the second prong of Step 2A. 
In particular, the claims recite the additional elements beyond the recited abstract idea identified under Step 2A, Prong 1, such as:

Claim 11: system, system comprising a device comprising one or more processors, coupled to memory, a display, on the one or more processors and, electronic, server
 user interface
Claim 21: selectable to display  

and pursuant to the broadest reasonable interpretation, as an ordered combination, each of the additional elements are computing elements recited at high level of generality implementing the abstract idea, and thus, are no more than applying the abstract idea with generic computer components. Further, these additional elements generally link the abstract idea to a technical environment, namely the environment of a computer. 

Additionally, with respect to the,  ...to receive attributes…configured to compare the attributes ...to be executed to communicate...automatically generate..., elements, these elements do not add a meaningful limitations to integrate the abstract idea into a practical application because they are insignificant extra-solution activity, pre and post solution activity - i.e. data gathering – to receive attributes…configured to compare the attributes…, data output-to be executed to communicate...automatically generate....
 

The limitations and elements are directed to abstract idea as described below with respect to the first prong of Step 2A, i.e. mental process (i.e. human gathering and comparing data to schedule security awareness training of human), organizing human activities (i.e. humans managing and scheduling security awareness training of human), generally linked to a technical environment, i.e. computer, user interface, performing extra-solution activities, i.e. data gathering and data output, as analyzed under Step 2A Prong 2. Even novel and newly discovered judicial exceptions are still exceptions, despite their novelty. July 2015 Update, p. 3; see SAP America Inc. v. Investpic, LLC, No. 2017-2081, slip op. at 2 (Fed Cir. May 15, 2018). 

Simply reciting specific limitations that narrow the abstract idea does not make an abstract idea non-abstract. 79 Fed. Reg. 74631; buySAFE Inc. v. Google, Inc., 765 F.3d 1350, 1355 (2014); see SAP America at p. 12. As discussed in SAP America, no matter how much of an advance the claims recite, 





Response to Arguments – Prior Art
Applicant’s arguments with respect to the rejections have been fully considered, but they are not persuasive. 

Applicant submits, “...The combination of Sadeh-Koniecpol and Hawthorn does not teach or suggest at least the above elements of Claim 11...” The Examiner respectfully disagrees.

Under the broadest reasonable interpretation of the Claims, Sadeh-Koniecpol teaches:
a server configured to: ([0078])
execute the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone, (in at least [0117] FIG. 9 depicts an embodiment of a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user 3003 (identified as “George Smith”). In this example, user Smith was recently assigned a collection of training modules referred to as the “New Hire Assignment” 3005...The example screen shown in FIG. 10 allows an administrator user to select, view and filter statistics of user activity data according to different criteria. These criteria can include filtering by individual users or groups of users, by training assignment (such as the “new hire assignment” shown in FIG. 9), which can include a collection of training interventions, by specific training intervention, by training campaign, namely a collection of one or more training interventions assigned to a selected group of users. The system or the administrator may use this information 3009 to identify users at risk for different threat scenarios.)
execute the electronic based training to those users identified as phish-prone from the baseline simulated phishing campaign; (in at least [0117] identifying users with scores below a given threshold for a given threat scenario below. The administrator may then select (or the system may recommend to the administrator to select) training interventions
execute the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign and based at least on results of the baseline simulated phishing campaign and the electronic based training, and (in at least [0040] The data may further be used in combination with historical user training data 16 which may be stored in one or more data storage devices and may include data related to the training one or more users have taken in the past. Historical user training data 16 may include information including when and how well one or more users performed in prior training or assessments. [0064] Historical user training data 16 may inform the selection of relevant training for a user by capturing the training history of that user. Historical user training data 16 may include information such as: the training modules to which that user has already been exposed, how often and when that user was exposed to training modules, how well the user responded when taking the training modules [0117] FIG. 9 depicts an embodiment of a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user 3003 (identified as “George Smith”). In this example, user Smith was recently assigned a collection of training modules referred to as the “New Hire Assignment” 3005. The historical training data in this particular case shows that the user was assigned four training modules (safe social networks, email security, anti-phishing, and passwords) 3007 and has provided responses to the questions or other prompts included in the assigned training modules. The interface displays a summary of the type of historical training data collected by the platform, including in this case training relating to the threat scenarios of social network usage, email security, anti-phishing and password security 3009. This sensed data can in turn be used in combination with training needs models that rely on a user's likelihood of being at risk for a threat scenario.  )
wherein the server is configured to automatically determine a schedule of each of the baseline simulated phishing campaigns, the electronic based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, and (in at least [0080] Those policy manager modes include scheduled modes, routine modes, real-time modes, mixed-initiative modes and combinations thereof. In an embodiment of context aware training in which a scheduled mode is utilized, the policy manager 19 regularly assesses the overall training needs of a plurality of individual users and reprioritizes training content to be pushed or delivered to each individual user. [0082] Regular assessment of user training needs may involve running in batch mode, where all users are being reviewed in one batch or where different groups of users are processed in different batches, possibly according to different schedules. Regular assessment of user training needs may also include pushing short security quizzes and creating mock situations aimed at better evaluating the needs of an individual user or a group of users. In a real-time mode, the policy manager 19 may operate in an event-driven manner enabling it to more rapidly detect changes in user behavior or activities and other relevant contextual attributes, and to more quickly push training interventions that reflect the risks to which the user is exposed at a desired time)
automatically generate in ... according to the schedule, one or more graphical representations of each of the baseline simulated phishing campaigns, the electronic based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, wherein the server is further configured to identify a status of execution of a corresponding campaign in the one or more graphical representations. (in at least [0084]  Delivering training interventions may also be performed by updating a schedule indicating when training interventions should be delivered or otherwise exposed to the user, or updating a schedule that will be exposed to the user, possibly with a combination of required and recommended training content for engagement by the user...system may generate a command to send an SMS phishing message to a user at a specific time, and the system may then cause an automated SMS message to be transmitted to the user's mobile device at a determined time. [0117] FIG. 9 depicts an embodiment of a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user 3003 (identified as “George Smith”). In this example, user Smith was recently assigned a collection of training modules referred to as the “New Hire Assignment” 3005. The historical training data in this particular case shows that the user was assigned four training modules (safe social networks, email security, anti-phishing, and passwords) 3007 and has provided responses to the questions or other prompts included in the assigned training modules. The interface displays a summary of the type of historical training data collected by the platform, including in this case training relating to the threat scenarios of social network usage, email security, anti-phishing and password security 3009...The example screen shown in FIG. 10 allows an administrator user to select, view and filter statistics of user activity data according to different criteria. These criteria can include filtering by individual users or groups of users, by training assignment (such as the “new hire assignment” shown in FIG. 9), which can include a collection of training interventions, by specific training intervention, by training campaign, namely a collection of one or more training interventions assigned to a selected group of users. The system or the administrator may use this information 3009 to identify users at risk for different threat scenarios...The administrator may then select (or the system may recommend to the administrator to select) training interventions using additional administrator features such as those described below. Under some conditions, the console and the policy manager can also be configured to automatically trigger such selection and some conditions may simply have embedded training rules in them. This can be used to provide just-in-time training when a particular situation is detected (e.g. a user falling for a fake malicious SMS attack (FIG. 14), a user connecting to a fake rogue Wi-Fi access point being warned on the spot to not connect to, and to verify the identify of, public Wi-Fi access points), yet allow the administrator and the policy manager to further review the sensed information and assign additional training interventions to further consolidate training (e.g. later assigning that same employee a more in-depth training module covering the risks associated with laptop use outside the office). [0119] FIG. 15 illustrates an embodiment of a scheduling screen 3601 of a user interface that may enable such selection. [0125] Screen 3601 also illustrates how scheduling constraints can also be suggested to administrator, with the administrator having the option to modify them. This can include scheduling parameters such as start times and end times of a mock attack campaign. The system may then launch a process that leads to the customization and deployment of the mock malicious USB devices according to those scheduling constraints. )

While implied, Sadeh-Koniecpol in view of Hawthorn do no expressly disclose the following features, which however, are taught by Moses:
automatically generate in an electronic calendar according to the schedule, ... (in at least [0061] FIG. 7 is a system diagram showing automated scheduling of required workforce personnel training and certification modules according to an embodiment of the invention 700....training requirements and the current profiles, which includes training completion information, of new arrivals on a ship is received or retrieved from other systems on the ship 710 over a VPN encrypted network 711, 712. This information is first persistently stored in the encrypted profile data store 155 of military mobility server 720, and is then used by the programming of the server core module 151 and the analytics module 157 to determine the training requirements of each personnel. For a specific training module there will be a number of personnel who have completed that training 732 a, 732 b, 732 c which is reflected within their profiles 732 a, 732 b, 732 c while others will still need to either take the module or complete it 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h which again is reflected in their profile 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h. This information is used by the system to schedule personnel for training using the scheduling module 158, which also accounts for all entries already on the service person's other calendars...initiate the process to supply each personnel with the materials needed for their training schedule 742 a, 742 b which may involve issuing access grant requests to commanding officers for those documents. The training calendar of each personnel is eventually securely updated wirelessly 751, 752 through interaction between the military mobility server's 720 scheduling module 158 and the military mobile client's 760 calendar module 113. Training materials may be stored locally on the mobile device's 760 encrypted data store 114 or may be streamed from the server 720 on demand depending on security and other factors. Callout 761 shows an example training calendar entry specifying the training module, the materials needed to complete the module and the timeframe allowed for completion. The system may monitor a service person's progress through those materials. Callout 762 shows a co-scheduled training calendar appointment for a certification examination indicating the exact location and the person conducting the exam )

At the time the invention was filed, it would have been obvious for one of ordinary skill in the art to have modified the teachings of Sadeh-Koniecpol in view of Hawthorn by, …The military mobile client receives data from the military mobility server; displays calendar based schedules, provides a viewing platform for work crucial graphical materials; and wirelessly transmits status and report data to the military mobility server....a specific training module there will be a number of personnel who have completed that training 732 a, 732 b, 732 c which is reflected within their profiles 732 a, 732 b, 732 c while others will still need to either take the module or complete it 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h which again is reflected in their profile 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h. This information is used by the system to schedule personnel for training using the scheduling module 158, which also accounts for all entries already on the service person's other calendars...initiate the process to supply each personnel with the materials needed for their training schedule 742 a, 742 b which may involve issuing access grant requests to commanding officers for those documents. The training calendar of each personnel is eventually securely updated wirelessly 751, 752 through interaction between the military mobility server's 720 scheduling module 158 and the military mobile client's 760 calendar module 113. Training materials may be stored locally on the mobile device's 760 encrypted data store 114 or may be streamed from the server 720 on demand depending on security and other factors. Callout 761 shows an example training calendar entry specifying the training module, the materials needed to complete the module and the timeframe allowed for completion..., as taught by Moses, with a reasonable expectation of success if arriving at the …Keeping up-to-date on newly mandated training and the training needs and progress of new arrivals...integrated into a powerful platform with a rich data analytics layer. The platform brings consumer level joy of use to a Gen X/Y workforce...easy access to important documents such as equipment operating and maintenance manuals, training manuals, and tactical manuals for which the user has access rights 910...integrated technologies and workflow practices currently successfully used in the private sector for workforce optimization and operational efficiency... designed to make the enablers easier, faster, more transparent, and significantly more efficient...an efficient method to encapsulate rapidly expanding information attaching to defined subjects...using an efficient interactive alert chat screen that allows the recipient to complete a task without opening additional apps... to efficiently and meaningfully store information such that it can be intelligently combined with similar data to suggest conclusions or tie data together...to get through engineering and damage control training more efficiently....providing possible better use of the aggregate information...may better understand its workforce...will be more accurate and commanders will be able to make better decisions based on improved information..., as recited in Moses. 








Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 11-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 

Claim 11 recite,
“A ... for configuring and executing simulated phishing campaigns, the ... and comprising 
a query module configured to receive attributes of an implementation of a security awareness program for an entity via a questionnaire presented via ...; 
a tool executable ... configured to compare the attributes for the entity to attributes of other entities, responsive to receiving the attributes, and 
determine, based at least on the comparison, a configuration for each of a baseline simulated phishing campaign to be executed to communicate ... simulated phishing communications to users of the entity, ... based training for users of the entity for security awareness and one or more simulated phishing campaigns to be executed to communicate ... simulated phishing communications to the users of the entity subsequent to the baseline simulated phishing campaign; and 
a ... configured to: 
execute the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone, 
execute the ... based training to those users identified as phish-prone from the baseline simulated phishing campaign; 
execute the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign and based at least on results of the baseline simulated phishing campaign and the ... based training, and 
wherein the ... is configured to automatically determine a schedule of each of the baseline simulated phishing campaigns, the ... based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, and 
automatically generate in an ... calendar according to the schedule, one or more graphical representations of each of the baseline simulated phishing campaigns, the ... based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, wherein the ... is further configured to identify a status of execution of a corresponding campaign in the one or more graphical representations. “ 

Analyzing under Step 2A, Prong 1:
The limitations regarding, …a query module configured to receive attributes of an implementation of a security awareness program for an entity via a questionnaire presented via ...; a tool executable ... configured to compare the attributes for the entity to attributes of other entities, responsive to receiving the attributes, and determine, based at least on the comparison, a configuration for each of a baseline simulated phishing campaign to be executed to communicate ... simulated phishing communications to users of the entity, ... based training for users of the entity for security awareness and one or more simulated phishing campaigns to be executed to communicate ... simulated phishing communications to the users of the entity subsequent to the baseline simulated phishing campaign; execute the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone, execute the ... based training to those users identified as phish-prone from the baseline simulated phishing campaign; execute the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign and based at least on results of the baseline simulated phishing campaign and the ... based training, and wherein the ... is configured to automatically determine a schedule of each of the baseline simulated phishing campaigns, the ... based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, and automatically generate in an ... calendar according to the schedule, one or more graphical representations of each of the baseline simulated phishing campaigns, the ... based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, wherein the ... is further configured to identify a status of execution of a corresponding campaign in the one or more graphical representations..., under the broadest reasonable interpretation, may be interpreted to include a human using a pen and paper to, …a query module configured to receive attributes of an implementation of a security awareness program for an entity via a questionnaire presented via ...; execute the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone, execute the ... based training to those users identified as phish-prone from the baseline simulated phishing campaign; execute the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign and based at least on results of the baseline simulated phishing campaign and the ... based training, ...automatically generate in an ... calendar according to the schedule, one or more graphical representations of each of the baseline simulated phishing campaigns, the ... based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, wherein the ... is further configured to identify a status of execution of a corresponding campaign in the one or more graphical representations..., and a human using a human mind, ...a tool executable ... configured to compare the attributes for the entity to attributes of other entities, responsive to receiving the attributes, and determine, based at least on the comparison, a configuration for each of a baseline simulated phishing campaign to be executed to communicate ... simulated phishing communications to users of the entity, ... based training for users of the entity for security awareness and one or more simulated phishing campaigns to be executed to communicate ... simulated phishing communications to the users of the entity subsequent to the baseline simulated phishing campaign…wherein the ... is configured to automatically determine a schedule of each of the baseline simulated phishing campaigns, the ... based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign...; therefore, the claims are directed to a mental process. 


Further, because a security awareness program for an entity via a questionnaire...compare the attributes for the entity to attributes of other entities, responsive to receiving the attributes...determine, based at least on the comparison, a configuration for each of a baseline simulated phishing campaign to be executed...communicate ... simulated phishing communications to the users of the entity subsequent to the baseline simulated phishing campaign; execute the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone...execute the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign and based at least on results of the baseline simulated phishing campaign and the ... based training, and wherein the ... is configured to automatically determine a schedule of each of the baseline simulated phishing campaigns, the ... based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, and automatically generate in an ... calendar according to the schedule..., under the broadest reasonable interpretation, may be scheduling and managing relationship and behavior of human users in an entity organization in a simulated phishing campaign to raise security awareness, i.e. managing personal behavior or relationships or interactions between people (social activities, teaching, and following rules or instructions). And security awareness, under the broadest reasonable interpretation, is fundamental economic principles or practices (mitigating risk) and commercial or legal interactions (advertising, marketing or sales activities or behaviors). Thus, the claims are directed to certain methods of organizing human activity. 

Accordingly, the claims are directed to a mental process and certain methods of organizing human activities, and thus, the claims are directed to an abstract idea under the first prong of Step 2A.

Analyzing under Step 2A, Prong 2:
This judicial exception is not integrated into a practical application under the second prong of Step 2A. 


Claim 11: system, system comprising a device comprising one or more processors, coupled to memory, a display, on the one or more processors and, electronic, server
Claim 12: user interface
Claim 21: selectable to display  

and pursuant to the broadest reasonable interpretation, as an ordered combination, each of the additional elements are computing elements recited at high level of generality implementing the abstract idea, and thus, are no more than applying the abstract idea with generic computer components. Further, these additional elements generally link the abstract idea to a technical environment, namely the environment of a computer. 

Additionally, with respect to the,  ...to receive attributes…configured to compare the attributes ...to be executed to communicate...automatically generate..., elements, these elements do not add a meaningful limitations to integrate the abstract idea into a practical application because they are insignificant extra-solution activity, pre and post solution activity - i.e. data gathering – to receive attributes…configured to compare the attributes…, data output-to be executed to communicate...automatically generate....

Analyzing under Step 2B:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception under Step 2B. 
As noted above, the aforementioned additional elements beyond the recited abstract idea are not sufficient to amount to significantly more than the recited abstract idea because, as an order combination, the additional elements are no more than mere instructions to implement the idea using generic computer components (i.e. apply it). 
computing device 100 may include or connect to multiple display devices 124a-124n, which each may be of the same or different type and/or form. As such, any of the I/O devices 130a-130n and/or the I/O controller 123 may include any type and/or form of suitable hardware, software, or combination of hardware and software to support, enable or provide for the connection and use of multiple display devices 124a-124n by the computing device 100 [0092] the communications device 102 (i.e., client device) includes a combination of devices, e.g. a smartphone combined with a digital audio player or portable media player… a smartphone, e.g. the IPHONE family of smartphones manufactured by Apple, Inc.; a Samsung GALAXY family of smartphones manufactured by Samsung, Inc; or a Motorola DROID family of smartphones. In yet another embodiment, the communications device 102 is a laptop or desktop computer equipped with a web browser and a microphone and speaker system, e.g. a telephony headset [0153]-[0158] The client need not own the device for it to be considered a client device 102. The client 102 may be any computing device, such as a desktop computer, a laptop, a mobile device, or any other computing device. In some embodiments, the client 102 may be a server or set of servers accessed by the client…any other code that may facilitate communications between the client 102 and any of the server 106, a third-party server, or any other server…a memory such as any embodiments of main memory 122 described herein or any type and form of storage, such as a database or file system. [0144] may be combined into one or more modules, applications, programs, services, tasks, scripts, libraries, applications, or executable code [0199] Those having skill in the relevant art can effect changes to form and details of the described methods and systems without departing from the broadest scope of the described methods and systems. Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). 
 
Furthermore, as an ordered combination, these elements amount to generic computer components receiving or transmitting data over a network, performing repetitive calculations, electronic record keeping, and storing and retrieving information in memory, which, as held by the courts, are well-understood, routine, and conventional. See MPEP 2106.05(d).

Moreover, the remaining elements of Dependent Claims do not transform the recited abstract idea into a patent eligible invention because these remaining elements merely recite further abstract limitations that provide nothing more than simply a narrowing of the abstract idea recited in the independent claims. 

Looking at these limitations as an ordered combination adds nothing additional that is sufficient to amount to significantly more than the recited abstract idea because they simply provide instructions to use a generic arrangement of generic computer components to “apply” the recited abstract idea, perform insignificant extra-solution activity, and generally link the abstract idea to a technical environment. Thus, the elements of the claims, considered both individually and as an ordered combination, are not sufficient to ensure that the claim as a whole amounts to significantly more than the abstract idea itself. Since there are no limitations in these claims that transform the exception into a patent eligible application such that these claims amount to significantly more than the exception itself, Claims 11-23 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.





Claim Objection

Claim 12 is objected to due to the minor informality of having improper claim status indicator. Claim 12 was previously amended, however the claim status indicator indicate (Original)

Claim Rejections – 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 11-23 is/are rejected under 35 U.S.C. 103 as being unpatentable by US Patent Publication to US20140199663A1 to Sadeh-Koniecpol et al., (hereinafter referred to as “Sadeh-Koniecpol”) in view of US Patent Publication to US20170244746A1 to Hawthorn et al. (hereinafter referred to as “Hawthorn”) in view of US Patent Publication to US20180096309A1 to Moses et al., (hereinafter referred to as “Moses”) 


As per Claim 11, Sadeh-Koniecpol teaches: (Currently Amended) A system for configuring and executing simulated phishing campaigns, the system comprising a device comprising one or more processors, coupled to memory and comprising ([0067]) 
a query module configured to receive attributes of an implementation of a security awareness program for an entity via a ... presented via a display; (in at least [0008][0033] discloses sense user behavior and activity, such as a user response to mock attacks, to determine user susceptibility to different types of cybersecurity threats and selectively identify training interventions that will be presented to individual users. [0076] discloses The user action process includes detecting an interaction event at 110. When detecting an interaction event at 110 in this embodiment, a sensor detects the interaction event or the system may receive data that is collected by a sensor. The data may correspond to user activities or behaviors or, more generally, other contextual attributes relevant to the training available. Such contextual attributes may include any relevant sensory data as well as information obtained from other relevant sources of information, such as browser history, credit card records, surveillance cameras, electronic doors, employment records, information collected about a person with which the user has interacted, and social networking information. [0117] four training modules (safe social networks, email security, anti-phishing, and passwords) 3007 and has provided responses to the questions or other prompts included in the assigned training modules...the measurement is a percentage of correct answers provided by the user while taking the training provided by a collection of the interactive training modules. [0121] FIG. 13 illustrates an example of a portion of an interface 3403 via which an administrator can enter, upload, or otherwise provide custom content such as the message to be used in a mock SMS attack, involving multiple users…The custom content may include variables that are instantiated by querying relevant sources of information (e.g. first names of targeted users). For example, through this interface the administrator may enter, select, modify and/or verify the user's name, a link (such as a link to a URL or click-to-call functionality), or message text. This interface also may be used to allow the administrator to preview or modify the mock attack or customize mock attack templates.  )
a tool executable on the one or more processors and configured to compare the attributes for the entity to attributes of other entities, responsive to receiving the attributes, and (in at least  [0063] User behavior data 15 can be captured and recorded in one or more locations and may include relevant statistics, such as frequency associated with different types of events or situations, trends, and comparisons against relevant baselines. Such user behavior data 15 may help create a unique profile for each individual user that captures this user's activities and behaviors at a particular point in time or over different periods of time. [0118] The system or administrator may also use this information to identify patterns such as correlations in the vulnerability of users to different types of threat scenarios. By comparing these statistics with baseline populations (e.g., employees at other companies, employees in other departments, same group of employees but at other times), the system can calibrate the need to train individual users or groups of users.)
determine, based at least on the comparison, a configuration for each of a baseline simulated phishing campaign to be executed to communicate electronic simulated phishing communications to users of the entity, electronic based training for users of the entity for security awareness and one or more simulated phishing campaigns to be executed to communicate electronic simulated phishing communications to the users of the entity subsequent to the baseline simulated phishing campaign; and (in at least [0118] By comparing these statistics with baseline populations (e.g., employees at other companies, employees in other departments, same group of employees but at other times), the system can calibrate the need to train individual users or groups of users. This information may be incorporated in the system's training needs logic, where it can be used to support both automated and semi-automated processes. Statistics can be organized and presented according to taxonomies of training needs and training interventions (e.g. “mock phishing emails with fraudulent phone numbers”, “mock phishing emails with prize offers”, etc.). [0119] FIG. 11 illustrates a screen 3201 of a possible embodiment of an administrator interface in which the system may assign training modules to a user or group of users. For example, for the “new hire assignment” discussed above, the administrator may use the interface to select or review various training interventions 3203 to assign to the user as part of that assignment. Some training interventions may be assigned automatically by the systems policy manager module, others may be selected by a human system administrator via the user interface, or the training interventions may be selected by a combination of the two (such as by displaying the system-selected interventions and giving the administrator the opportunity to modify or accept them). Selection and customization of training intervention may be based on any suitable rules or criteria, including rules or criteria that rely on data obtained from user profiles or other data available such as training history or behavior data (including information about the very mock attack the user just fell for).)
a server configured to: ([0078])
execute the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone, (in at least [0117] FIG. 9 depicts an embodiment of a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user 3003 (identified as “George Smith”). In this example, user Smith was recently assigned a collection of training modules referred to as the “New Hire Assignment” 3005...The example screen shown in FIG. 10 allows an administrator user to select, view and filter statistics of user activity data according to different criteria. These criteria can include filtering by individual users or groups of users, by training assignment (such as the “new hire assignment” shown in FIG. 9), which can include a collection of training interventions, by specific training intervention, by training campaign, namely a collection of one or more training interventions assigned to a selected group of users. The system or the administrator may use this information 3009 to identify users at risk for different threat scenarios.)
execute the electronic based training to those users identified as phish-prone from the baseline simulated phishing campaign; (in at least [0117] identifying users with scores below a given threshold for a given threat scenario below. The administrator may then select (or the system may recommend to the administrator to select) training interventions )
execute the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign and based at least on results of the baseline simulated phishing campaign and the electronic based training, and (in at least [0040] The data may further be used in combination with historical user training data 16 which may be stored in one or more data storage devices and may include data related to the training one or more users have taken in the past. Historical user training data 16 may include information including when and how well one or more users performed in prior training or assessments. [0064] Historical user training data 16 may inform the selection of relevant training for a user by capturing the training history of that user. Historical user training data 16 may include information such as: the training modules to which that user has already been exposed, how often and when that user was exposed to training modules, how well the user responded when taking the training modules [0117] FIG. 9 depicts an embodiment of a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user 3003 (identified as “George Smith”). In this example, user Smith was recently assigned a collection of training modules referred to as the “New Hire Assignment” 3005. The historical training data in this particular case shows that the user was assigned four training modules (safe social networks, email security, anti-phishing, and passwords) 3007 and has provided responses to the questions or other prompts included in the assigned training modules. The interface displays a summary of the type of historical training data collected by the platform, including in this case training relating to the threat scenarios of social network usage, email security, anti-phishing and password security 3009. This sensed data can in turn be used in combination with training needs models that rely on a user's likelihood of being at risk for a threat scenario.  )
wherein the server is configured to automatically determine a schedule of each of the baseline simulated phishing campaigns, the electronic based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, and (in at least [0080] Those policy manager modes include scheduled modes, routine modes, real-time modes, mixed-initiative modes and combinations thereof. In an embodiment of context aware training in which a scheduled mode is utilized, the policy manager 19 regularly assesses the overall training needs of a plurality of individual users and reprioritizes training content to be pushed or delivered to each individual user. [0082] Regular assessment of user training needs may involve running in batch mode, where all users are being reviewed in one batch or where different groups of users are processed in different batches, possibly according to different schedules. Regular assessment of user training needs may also include pushing short security quizzes and creating mock situations aimed at better evaluating the needs of an individual user or a group of users. In a real-time mode, the policy manager 19 may operate in an event-driven manner enabling it to more rapidly detect changes in user behavior or activities and other relevant contextual attributes, and to more quickly push training interventions that reflect the risks to which the user is exposed at a desired time)
automatically generate in ... according to the schedule, one or more graphical representations of each of the baseline simulated phishing campaigns, the electronic based training and the one or more simulated phishing campaigns subsequent to the baseline simulated phishing campaign, wherein the server is further configured to identify a status of execution of a corresponding campaign in the one or more graphical representations. (in at least [0084]  Delivering training interventions may also be performed by updating a schedule indicating when training interventions should be delivered or otherwise exposed to the user, or updating a schedule that will be exposed to the user, possibly with a combination of required and recommended training content for engagement by the user...system may generate a command to send an SMS phishing message to a user at a specific time, and the system may then cause an automated SMS message to be transmitted to the user's mobile device at a determined time. [0117] FIG. 9 depicts an embodiment of a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user 3003 (identified as “George Smith”). In this example, user Smith was recently assigned a collection of training modules referred to as the “New Hire Assignment” 3005. The historical training data in this particular case shows that the user was assigned four training modules (safe social networks, email security, anti-phishing, and passwords) 3007 and has provided responses to the questions or other prompts included in the assigned training modules. The interface displays a summary of the type of historical training data collected by the platform, including in this case training relating to the threat scenarios of social network usage, email security, anti-phishing and password security 3009...The example screen shown in FIG. 10 allows an administrator user to select, view and filter statistics of user activity data according to different criteria. These criteria can include filtering by individual users or groups of users, by training assignment (such as the “new hire assignment” shown in FIG. 9), which can include a collection of training interventions, by specific training intervention, by training campaign, namely a collection of one or more training interventions assigned to a selected group of users. The system or the administrator may use this information 3009 to identify users at risk for different threat scenarios...The administrator may then select (or the system may recommend to the administrator to select) training interventions using additional administrator features such as those described below. Under some conditions, the console and the policy manager can also be configured to automatically trigger such selection and some conditions may simply have embedded training rules in them. This can be used to provide just-in-time training when a particular situation is detected (e.g. a user falling for a fake malicious SMS attack (FIG. 14), a user connecting to a fake rogue Wi-Fi access point being warned on the spot to not connect to, and to verify the identify of, public Wi-Fi access points), yet allow the administrator and the policy manager to further review the sensed information and assign additional training interventions to further consolidate training (e.g. later assigning that same employee a more in-depth training module covering the risks associated with laptop use outside the office). [0119] FIG. 15 illustrates an embodiment of a scheduling screen 3601 of a user interface that may enable such selection. [0125] Screen 3601 also illustrates how scheduling constraints can also be suggested to administrator, with the administrator having the option to modify them. This can include scheduling parameters such as start times and end times of a mock attack campaign. The system may then launch a process that leads to the customization and deployment of the mock malicious USB devices according to those scheduling constraints. )

While implied, Sadeh-Koniecpol do no expressly disclose the following features, which however, are taught by Hawthorn:
a query module configured to receive attributes of an implementation of a security awareness program for an entity via a questionnaire presented via a display; (in at least [0051] The security system 102 may include hardware and/or software components to build a campaign, transmit campaign data to a user system 104, 106, receive behavioral and/or technical data associated with a campaign from a user system 104, and/or calculate a risk score for each end user, group of end users, and/or organization associated with an end user (e.g., company). Security system 102 may include a risk assessment manager 110 that transmits computing network-based security items and/or training items to end users at user systems 104, 106 to assess security risks posed by the end users to a computing network.[0052] Examples of security items 112 and/or training items 124 may include messages comprising security threats such as phishing messages (e.g., phishing emails, text/SMS/MMS messages, voice messages, instant messages, social network messages, and/or the like), password generation and/or update requests, questionnaires comprising different security-related scenarios such as handling computing devices outside of a work environment, social media interaction, mobile security interaction, social engineering topics, web safety, data protection, email security, computer security, and/or physical security, password generation [0064] Characteristics of training item 124 may be configured to require a user of user device 104, 106 to determine answers and/or responses to a training item 124. [0114] a number of employees that interacted with a security item 112 and/or training item 124 in a way indicative of no or little security risk (e.g., generated a password with a given degree of security, answered a given number of questions in a questionnaire correctly, etc.), a number of employees that interacted with a security item 112 and/or training item 124 in a way indicative of a security risk (e.g., activating malware, spyware, a virus, downloading a file, answering questions incorrectly, etc.), a number of employees that reported a security item 112 and/or training item 124 to an administrator [0184] the agent 142 may collect technical information 138 associated with the user's system and/or user properties 136 (e.g., existing usernames, passwords, security questions, answers, and/or the like) and transmit this information to the risk assessment manager 110.)

At the time the invention was filed, it would have been obvious for one of ordinary skill in the art to have modified the teachings of Sadeh-Koniecpol by, …assess security risks of users in computing networks…an interaction item is sent to an end user electronic device. When the end user interacts with the interaction item, the system collects feedback data that includes information about the user's interaction with the interaction item, as well as technical information about the electronic device. The feedback is compared to a plurality of security risk scoring metrics. Based on this comparison, a security risk score for the user with respect to a computing network... the risk scoring metrics may include a set of metrics each assigning a weight to a user action defined for a computing network-based security item, a set of metrics each assigning a weight to a different user action defined for a training item, and/or a third set of metrics each assigning weight to a different technical attribute of the technical data. An example system and method may include hardware and/or software components to calculate a security risk score for a user based on a comparison of input data to security risk scoring metrics. An example system and method may include hardware and/or software components to transmit and/or display a calculated security risk score… recipient at user system 104, 106 performs in a previous campaign such that the user is proficient/trained in a particular security item 112 and/or training item 124, security items 112 and/or training items 124 for a subsequent campaign may selected based on the sophistication level of the previous campaign and/or a current risk score of a user of user system 104, 106 …a delivery rule may include a rule that identifies an initial set of security items 112 and/or training items 124 to be sent to recipients at user systems 104, 106 and a subsequent set of security items 112 and/or training items 124 that are to be sent to the recipients at user systems 104, 106 based on the recipients' performance with respect to the initial set of security items 112 and/or training items 124 and/or a risk score…all of the risk scores of the individuals within a group may be added and/or the averaged to obtain the group's overall risk score 1702. A user of security system 102 may be able to select one or more of these groups to see a performance and/or technical information with respect to a given campaign, multiple campaigns, and/or all campaigns based on the group's employees.…use multiple dimensions to assess and/or quantify the security risk of an entity (e.g., employees, departments, and a company as a whole)…, as taught by Hawthorn, with a reasonable expectation of success if arriving at the claimed invention. One of ordinary skill in the art would have been motivated to make this modification to the teachings of Sadeh-Koniecpol with the motivation of, … Security risks such as these may pose a significant risk to an employer, especially when an end user employee fails to recognize a security risk…Current security risk assessment systems and methods are not preventative and forward-thinking…. This multi-dimensional risk assessment system may allow an organization to better detect and understand the security risks presented by its employees and/or various groups within the organization…make better risk management decisions based on a level of risk each user exposes the organization to… a combination of one or more training interventions that will best mitigate the various risks to which a given user is susceptible at a particular point in time…guides the user of user system 104, 106 in reducing computing network-based security risks…guidance provided within the security item 112 and/or training item 124 on how to reduce computing network-based security risks…A trust indicator may increase the sophistication level of a security item 112 and/or training item 124… increases the likelihood (probability) that the user will perceive the message as being legitimate and/or trustworthy…increases the likelihood that the recipient will interact with the security item 112 and/or training item 124…p.rovide a proper interaction, response, and/or description to the user. Providing proper interactions, responses, and/or descriptions, which may include an audio/video file, may teach a user how to engage in secure behavior.…presentation of the training item 124 to a user to educate the user on proper interactions…., as recited in Hawthorn. 

While implied, Sadeh-Koniecpol in view of Hawthorn do no expressly disclose the following features, which however, are taught by Moses:
automatically generate in an electronic calendar according to the schedule, ... (in at least [0061] FIG. 7 is a system diagram showing automated scheduling of required workforce personnel training and certification modules according to an embodiment of the invention 700....training requirements and the current profiles, which includes training completion information, of new arrivals on a ship is received or retrieved from other systems on the ship 710 over a VPN encrypted network 711, 712. This information is first persistently stored in the encrypted profile data store 155 of military mobility server 720, and is then used by the programming of the server core module 151 and the analytics module 157 to determine the training requirements of each personnel. For a specific training module there will be a number of personnel who have completed that training 732 a, 732 b, 732 c which is reflected within their profiles 732 a, 732 b, 732 c while others will still need to either take the module or complete it 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h which again is reflected in their profile 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h. This information is used by the system to schedule personnel for training using the scheduling module 158, which also accounts for all entries already on the service person's other calendars...initiate the process to supply each personnel with the materials needed for their training schedule 742 a, 742 b which may involve issuing access grant requests to commanding officers for those documents. The training calendar of each personnel is eventually securely updated wirelessly 751, 752 through interaction between the military mobility server's 720 scheduling module 158 and the military mobile client's 760 calendar module 113. Training materials may be stored locally on the mobile device's 760 encrypted data store 114 or may be streamed from the server 720 on demand depending on security and other factors. Callout 761 shows an example training calendar entry specifying the training module, the materials needed to complete the module and the timeframe allowed for completion. The system may monitor a service person's progress through those materials. Callout 762 shows a co-scheduled training calendar appointment for a certification examination indicating the exact location and the person conducting the exam )

At the time the invention was filed, it would have been obvious for one of ordinary skill in the art to have modified the teachings of Sadeh-Koniecpol in view of Hawthorn by, …  The military mobile client receives data from the military mobility server; displays calendar based schedules, provides a viewing platform for work crucial graphical materials; and wirelessly transmits status and report data to the military mobility server....a specific training module there will be a number of personnel who have completed that training 732 a, 732 b, 732 c which is reflected within their profiles 732 a, 732 b, 732 c while others will still need to either take the module or complete it 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h which again is reflected in their profile 731 a, 731 b, 731 c, 731 d, 731 e, 731 e, 731 f, 731 g, 731 h. This information is used by the system to schedule personnel for training using the scheduling module 158, which also accounts for all entries already on the service person's other calendars...initiate the process to supply each personnel with the materials needed for their training schedule 742 a, 742 b which may involve issuing access grant requests to commanding officers for those documents. The training calendar of each personnel is eventually securely updated wirelessly 751, 752 through interaction between the military mobility server's 720 scheduling module 158 and the military mobile client's 760 calendar module 113. Training materials may be stored locally on the mobile device's 760 encrypted data store 114 or may be streamed from the server 720 on demand depending on security and other factors. Callout 761 shows an example training calendar entry specifying the training module, the materials needed to complete the module and the timeframe allowed for completion..., as taught by Moses, with a reasonable expectation of success if arriving at the claimed invention. One of ordinary skill in the art would have been motivated to make this modification to the teachings of Sadeh-Koniecpol in view of Hawthorn with the motivation of, …Keeping up-to-date on newly mandated training and the training needs and progress of new arrivals...integrated into a powerful platform with a rich data analytics layer. The platform brings consumer level joy of use to a Gen X/Y workforce...easy access to important documents such as equipment operating and maintenance manuals, training manuals, and tactical manuals for which the user has access rights 910...integrated technologies and workflow practices currently successfully used in the private sector for workforce optimization and operational efficiency... designed to make the enablers easier, faster, more transparent, and significantly more efficient...an efficient method to encapsulate rapidly expanding information attaching to defined subjects...using an efficient interactive alert chat screen that allows the recipient to complete a task without opening additional apps... to efficiently and meaningfully store information such that it can be intelligently combined with similar data to suggest conclusions or tie data together...to get through engineering and damage control training more efficiently....providing possible better use of the aggregate information...may better understand its workforce...will be more accurate and commanders will be able to make better decisions based on improved information..., as recited in Moses. 


As per Claim 12, Sadeh-Koniecpol teaches: The system of claim 11,
wherein the device comprises a user interface configured to receive the attributes responsive to the …, provided by the user interface, regarding implementation by the entity of the security awareness program (in at least [0117][Fig. 9] discloses a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user…historical training data in this particular case shows that the user was assigned four training modules (safe social networks, email security, anti-phishing, and passwords) 3007 and has provided responses to the questions or other prompts included in the assigned training modules.)


While implied, Sadeh-Koniecpol do no expressly disclose the following features, which however, are taught by Hawthorn:
wherein the device comprises a user interface configured to receive the attributes responsive to the questionnaire, provided by the user interface, regarding implementation by the entity of the security awareness program (in at least [0051] The security system 102 may include hardware and/or software components to build a campaign, transmit campaign data to a user system 104, 106, receive behavioral and/or technical data associated with a campaign from a user system 104, and/or calculate a risk score for each end user, group of end users, and/or organization associated with an end user (e.g., company). Security system 102 may include a risk assessment manager 110 that transmits computing network-based security items and/or training items to end users at user systems 104, 106 to assess security risks posed by the end users to a computing network.[0052] Examples of security items 112 and/or training items 124 may include messages comprising security threats such as phishing messages (e.g., phishing emails, text/SMS/MMS messages, voice messages, instant messages, social network messages, and/or the like), password generation and/or update requests, questionnaires comprising different security-related scenarios such as handling computing devices outside of a work environment, social media interaction, mobile security interaction, social engineering topics, web safety, data protection, email security, computer security, and/or physical security, password generation)

The reason and rationale to combine Sadeh-Koniecpol and Hawthorn is the same as recited above. 


As per Claim 13, Sadeh-Koniecpol teaches: (Currently Amended) The system of claim 11,
wherein the tool is further configured to compare the attributes for the entity to attributes of other entities that share at least one of the attributes. (in at least [0118] discloses comparing these statistics with baseline populations (e.g., employees at other companies, employees in other departments, same group of employees but at other times) [0122] the system may assess user vulnerability to different threat scenarios using sensed user response actions to mock attacks, such as users connecting (or not connecting) to mock rogue Wi-Fi access points, users clicking (or not clicking) on links in mock malicious SMS messages, or users connecting (or not connecting) mock malicious USB devices to their computers and/or opening (or not opening) mock malware stored on the mock malicious USB devices. The resulting data may be collected through these mock attacks to estimate the vulnerability of individual users, groups of users with similar characteristics (e.g. users reading their email from smartphones, users who use Wi-Fi outside the corporate network), or an entire population of users.)


As per Claim 14, Sadeh-Koniecpol teaches: (Currently Amended) The system of claim 13,
wherein the tool is further configured to determine, based on at least the comparison of the percentage of users of the entity that are phish-prone to one or more other entities that share at least one of the attributes, the configuration of at least one of the baseline simulated phishing campaign, the electronic based training of users of the entity for security awareness or the one or more subsequent simulated phishing campaigns. (in at least [0043] estimated effectiveness of the training intervention (possibly across all users or possibly for a subset of users based on considerations such as level of education, age, gender, prior training to which the users have been exposed) and other relevant considerations [0118][Fig. 10] discloses an administrator interface that may display statistics for a population of users, such as those users who have taken a particular interactive training module or collection of modules, or users who have been subject to particular mock attacks… vulnerability data 3103 that shows a measurement of how many users fell for various types of mock attacks. It may also illustrate statistics 3005 representing user responses to various training modules or interventions…..By comparing these statistics with baseline populations (e.g., employees at other companies, employees in other departments, same group of employees but at other times), the system can calibrate the need to train individual users or groups of users… Statistics can be organized and presented according to taxonomies of training needs and training interventions (e.g. “mock phishing emails with fraudulent phone numbers”, “mock phishing emails with prize offers”, etc.). The interface may include user-selectable options that allow the administrator to have the statistics presented, sorted and/or compiled according to administrator-selected criteria such as particular training interventions, training modules or time windows. [0122] system may assess user vulnerability to different threat scenarios using sensed user response actions to mock attacks, such as users connecting (or not connecting) to mock rogue Wi-Fi access points, users clicking (or not clicking) on links in mock malicious SMS messages, or users connecting (or not connecting) mock malicious USB devices to their computers and/or opening (or not opening) mock malware stored on the mock malicious USB devices. The resulting data may be collected through these mock attacks to estimate the vulnerability of individual users, groups of users with similar characteristics (e.g. users reading their email from smartphones, users who use Wi-Fi outside the corporate network), or an entire population of users.)


As per Claim 15, Sadeh-Koniecpol teaches: (Currently Amended) The system of claim 11,
wherein the tool is further configured to determine the configuration of one of the baseline phishing simulation campaign or the one or more simulated phishing campaigns to include one or more of the following: a schedule, a type of simulated phishing attack, a type of exploit, and type of data to collect. (in at least [0103] FIG. 5 illustrates an embodiment of a partial list of possible threat scenarios 2020 for which a context-aware cybersecurity training system may determine that a user is at risk…sensed data relating to the user actions 2030 and apply rules to determine whether the user is at risk for the associated threat scenario [0119][Fig.15][Fig. 16] discloses a scheduling screen 3601 of a user interface that may enable such selection…can be variably assigned to individual users or entire groups of users as shown in FIG. 16, also further discloses SMS attack and USB phishing attack [0121] discloses selecting the training interventions associated with the mock attack campaign, scheduling the campaign, and confirming all parameters.)


As per Claim 16, Sadeh-Koniecpol teaches: (Currently Amended) The system of claim 11,
wherein the tool is further configured to identify, based on at least the attributes, one or more training modules for the electronic based training of users of the entity for security awareness. (in at least [0032] discloses Sensing activities, behaviors, or other contextual attributes can help enrich the data available to identify and select training needs, resulting in more targeted training, better training outcomes and more effective mitigation of consequences associated with undesirable user behaviors. [0119][Fig. 11] discloses various types of electronic training modules, Selection and customization of training intervention may be based on any suitable rules or criteria, including rules or criteria that rely on data obtained from user profiles or other data available such as training history or behavior data (including information about the very mock attack the user just fell for).)


As per Claim 17, Sadeh-Koniecpol teaches: (Currently Amended) The system of claim 11,
wherein the tool is further configured to identify, responsive to execution of the baseline simulated phishing campaign, the percentage of users of the entity that are phish-prone. (in at least [0118] discloses FIG. 10 illustrates a screen 3101 of an embodiment of an administrator interface that may display statistics for a population of users, such as those users who have taken a particular interactive training module or collection of modules, or users who have been subject to particular mock attacks. The statistics may include, for example, vulnerability data 3103 that shows a measurement of how many users fell for various types of mock attacks; Examiner notes that the measurement displayed in 3103 of fig. 10 is expressed as a percentage, [0041][Fig. 8] discloses The system may include various training needs models that are customized or unique to a user or group of users, or the system may include standard training needs models that it may apply to any user [0108]-[0110][Fig. 7][Fig.8] discloses untrained risk percentage, thereby phish-prone, and risk reduction, thereby responsive to execution of baseline campaign to establish risk reduction [0117][Fig. 9] discloses This sensed data can in turn be used in combination with training needs models that rely on a user's likelihood of being at risk for a threat scenario…training campaign, namely a collection of one or more training interventions assigned to a selected group of users. The system or the administrator may use this information 3009 to identify users at risk for different threat scenarios).


As per Claim 18, Sadeh-Koniecpol teaches: The system of claim 17,
wherein the percentage of users of the entity that are phish-prone comprise a number of users of the entity that clicked on a link of a simulated phishing email. (in at least [0122] As described above, the system may assess user vulnerability to different threat scenarios using sensed user response actions to mock attacks, such as users clicking (or not clicking) on links in mock malicious SMS messages, [0039] discloses data may include relevant statistics relating to the user's activity over a period of time as received from the sensors. Those relevant statistics may include, for example, frequency of certain activities, frequency of certain behaviors, deviations from relevant baselines, and relevant trends. [0063] discloses User behavior data 15 can be captured and recorded in one or more locations and may include relevant statistics, such as frequency associated with different types of events or situations [0086] discloses delivery of SMS phishing messages to a number of users [0092] discloses The user may attempt to access such a program, such as by trying to click a link in an email…or SMS message [0093] discloses a phishing sensor, such as a monitor that receives data indicating whether (and optionally how frequently) a user visits or attempts to visit one or more blacklisted web sites [0103][Fig. 5]  policy manager may require that a threshold plurality of indicative user actions 2030 be sensed, or that a particular user action 2030 be repeated a threshold number of times or achieve a certain frequency…user falling for an SMS phishing threat scenario can benefit from monitoring activities that include how often a user replies to SMS phishing messages [0108]-[0110][Fig. 7][Fig. 8] discloses “Request Blacklisted Website” and Frequency [0115] discloses The user in embodiments of context-aware training could be a human user or, for example, a robot, a cyber entity, an organism, an organization, a trainable entity, or a group or subset of those users. [0118][Fig. 10] discloses  Statistics can be organized and presented according to taxonomies of training needs and training interventions (e.g. “mock phishing emails with fraudulent phone numbers”, “mock phishing emails with prize offers”, etc.). The interface may include user-selectable options that allow the administrator to have the statistics presented, sorted and/or compiled according to administrator-selected criteria such as particular training interventions, training modules or time windows.)


As per Claim 19, Sadeh-Koniecpol teaches: The system of claim 12,
wherein the server is further configured to execute the electronic based training to at least those users of the entity identified as phish-prone. (in at least [0118] discloses interface that may display statistics for a population of users, such as those users who have taken a particular interactive training module or collection of modules, or users who have been subject to particular mock attacks…shows a measurement of how many users fell for various types of mock attacks… system may use this information, which can be stored with historical training data or behavioral data, to benchmark individual users or groups of users and help determine which training interventions to direct to them later on based on training needs models)


As per Claim 20, Sadeh-Koniecpol teaches: The system of claim 11,
wherein the server is further configured to execute the one or more simulated phishing campaigns based on at least a result of one of the baseline simulated phishing campaign or the electronic based training of users of the entity for security awareness. (in at least [0032] discloses Sensing activities, behaviors, or other contextual attributes can help enrich the data available to identify and select training needs, resulting in more targeted training, better training outcomes and more effective mitigation of consequences associated with undesirable user behaviors. [0044] discloses review results of the analysis conducted by the policy manager 19 and select one or more training interventions to address those training needs for which one or more users are at a particularly high risk [0080] discloses Based on the analysis results produced by the policy manager 19, the system administrator may further select or prioritize training interventions that will be delivered to one or more users [0117] discloses filtering by individual users or groups of users, by training assignment (such as the “new hire assignment” shown in FIG. 9), which can include a collection of training interventions, by specific training intervention, by training campaign, namely a collection of one or more training interventions assigned to a selected group of users…may use this information 3009 to identify users at risk for different threat scenarios. An example can be as simple as identifying users with scores below a given threshold for a given threat scenario below. The administrator may then select (or the system may recommend to the administrator to select) training interventions [0121] discloses The interface also displays a workflow 3405 that the system may follow when walking the administrator through the setup of a mock attack campaign, including specifying and/or reviewing the recipients of the mock attack campaign, selecting and/or modifying a message to be used in the scenario, reviewing or selecting the training interventions associated with the mock attack campaign, scheduling the campaign, and confirming all parameters. [0122] discloses The resulting data may be collected through these mock attacks to estimate the vulnerability of individual users, groups of users with similar characteristics (e.g. users reading their email from smartphones, users who use Wi-Fi outside the corporate network), or an entire population of users. [0123] discloses the mock attack campaigns can be directed at individual users, entire groups of users organized by department, location, role or some other combination of available parameters, where mock campaigns can be subject to customizable scheduling constraints, and user training data and activity/behavior data can be accessed by the system administrator to review the campaign while in progress or after it has been completed…links in an mock malicious SMS message; messaging clients to be used in a particular mock messaging campaign; particular interventions to be used for users falling for a particular mock attack scenario; an administrator-selected link to be inserted in an SMS message such as a click-to-call link or a URL link;) 


As per Claim 21, Sadeh-Koniecpol teaches: (New) The system of claim 11, 
wherein the one or more graphical representations are selectable to display one or more metrics of a corresponding campaign.  (in at least [0117] FIG. 9 depicts an embodiment of a screen of a system administrator user interface 3001 that displays examples of sensed historical training data collected about a user 3003 (identified as “George Smith”). In this example, user Smith was recently assigned a collection of training modules referred to as the “New Hire Assignment” 3005. The historical training data in this particular case shows that the user was assigned four training modules (safe social networks, email security, anti-phishing, and passwords) 3007 and has provided responses to the questions or other prompts included in the assigned training modules. The interface displays a summary of the type of historical training data collected by the platform, including in this case training relating to the threat scenarios of social network usage, email security, anti-phishing and password security 3009...The example screen shown in FIG. 10 allows an administrator user to select, view and filter statistics of user activity data according to different criteria. These criteria can include filtering by individual users or groups of users, by training assignment (such as the “new hire assignment” shown in FIG. 9), which can include a collection of training interventions, by specific training intervention, by training campaign, namely a collection of one or more training interventions assigned to a selected group of users. The system or the administrator may use this information 3009 to identify users at risk for different threat scenarios. )


As per Claim 22, Sadeh-Koniecpol teaches: (New) The system of claim 11, 
wherein the one or more graphical representations comprise an aggregation of statistics across users.  (in at least [0117] The example screen shown in FIG. 10 allows an administrator user to select, view and filter statistics of user activity data according to different criteria. These criteria can include filtering by individual users or groups of users, by training assignment (such as the “new hire assignment” shown in FIG. 9), which can include a collection of training interventions, by specific training intervention, by training campaign, namely a collection of one or more training interventions assigned to a selected group of users. The system or the administrator may use this information 3009 to identify users at risk for different threat scenarios. )


As per Claim 23, Sadeh-Koniecpol teaches: (New) The system of claim 11, 
wherein the server is further configured to update the one or more graphical representations as a corresponding campaign progresses.  (in at least [0082] Regular assessment of user training needs may also include pushing short security quizzes and creating mock situations aimed at better evaluating the needs of an individual user or a group of users. In a real-time mode, the policy manager 19 may operate in an event-driven manner enabling it to more rapidly detect changes in user behavior or activities and other relevant contextual attributes, and to more quickly push training interventions that reflect the risks to which the user is exposed at a desired time. [0087] as users engage with the training interventions 190, their responses may be recorded in part or in whole 200. That response data itself may be analyzed in real-time by the policy manager or may be stored in an appropriate format, possibly for later analysis, (whether in raw form or in summarized form) in a part of the storage system responsible for storing historical training data or in a part of the storage system responsible for storing user behavior data, or some other relevant storage, or any combination of the above. [0123] Mock attack campaigns can be automatically created by the policy manager or can be the result of mixed initiative interaction with a system administrator interface or administrator client, where the mock attack campaigns can be directed at individual users, entire groups of users organized by department, location, role or some other combination of available parameters, where mock campaigns can be subject to customizable scheduling constraints, and user training data and activity/behavior data can be accessed by the system administrator to review the campaign while in progress or after it has been completed..)






Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PO HAN MAX LEE whose telephone number is (571) 272-3821.  The examiner can normally be reached on Mon-Thurs 8:00 am - 7:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rutao Wu can be reached on (571) 272-6045.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/PO HAN MAX LEE/Examiner, Art Unit 3623

/CHARLES GUILIANO/Primary Examiner, Art Unit 3623