DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment

1.	This action is in response to the amendment received on February 15, 2021.  Claims 1-28 were originally received for consideration.  No claims were added or amended by the received response. 
2.	Claims 1-28 are currently pending consideration.


Response to Arguments
Applicant's arguments filed on February 15, 2021 have been fully considered but they are not persuasive for the following reasons:
The Applicant argues that the Cited Prior Art (CPA), Higbee et al. (U.S. Patent 8,615,807) in view of Cimpanu, does not teach generating a converted reply simulated phishing email to an email of the email thread.  This argument is not found persuasive.  Higbee discloses the use of simulated phishing emails for the purposes of training users (column 1, lines 51-65, column 3, lines 5-15, 57-65,column 5, lines 37-45).  These emails can reference one another (an email thread) and resemble an email thread (column 3, lines 57-67).  Cimpanu was introduced to disclose a type of malware called the “Emotet” malware where old email conversation threads are revived and links to malicious files are injected (see page 2, paragraph 2).  This Emotet attack gathers old email threads, and the email appears to be coming from another user involved in the email thread (see page 2, paragraph 3).  Cimpanu discusses the actual attack using stolen email threads.  However, in combination of Higbee, these attacks can be simulated.  .




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Higbee et al. (U.S. Patent 8,615,807) in view of Cimpanu “Emotet hijacks email conversation threads to insert links to malware.”  

Regarding claim 1, Higbee discloses:
A method for simulating a phishing attack involving an email thread, the method comprising:
 (b)    generating, by a simulation system, a converted reply simulated phishing email to an email of the email thread, the converted reply simulated phishing email generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread (column 1, lines 51-65, column 3, lines 5-15, 57-65,column 5, lines 37-45:  series of emails referencing each other are generated and sent to an individual); and
(c)    communicating, by the simulation system, to a target user’s email account, the converted reply simulated phishing email (column 7, lines 4-15:  second message may be transmitted in response to one or more of the individual replying to the first message).

Higbee does not explicitly disclose identifying an email thread of a plurality of email threads of an entity for use in a simulated phishing attack.  Higbee does disclose simulating the sending of sequential emails which may resemble an email thread (column 3, lines 57-67), but does not explicitly disclose “identifying” an email thread.  In an analogous art, Cimpanu discloses hijacking email threads in order to deceive users to install malware (pages 3-4).  Higbee can simulate the attack delineated in Cimpanu but instead of a malicious link, it would be the training link provided in Higbee (Higbee:  column 5, lines 25-35).  It would have been obvious to simulate these attacks in the system of Higbee to prepare users for the malware attack involving reviving old email threads and injecting links to malicious files (Cimpanu:  page 2).  




The method of claim 1, wherein (a) further comprises accessing, by the simulation system to identify the email thread, a user’s email account, wherein the user is one of a recipient or a sender of one or more emails of the email thread (column 2, lines 53-67:  message disguised as being from a contact is sent to the individual).

Claim 3 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses:
The method of claim 1, wherein (a) further comprises one of forwarding, transferring, or copying to the simulation system, the email thread identified by an administrator of a mail server of the entity (column 5, lines 17-47:  simulated phishing attack is monitored).

Claim 4 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, wherein (b) further comprises generating the converted reply simulated phishing email to prompt the target user to one of interact with one of a link or an attachment in the converted reply simulated phishing email, reply to the converted reply simulated phishing email, or forward the converted reply simulated phishing email (column 5, lines 30-35:  wherein if an individual clicks on the embedded link, a training is provided).

Claim 5 is rejected as applied above in rejecting claim 1.  Furthermore, Cimpanu discloses: 
The method of claim 1, wherein (b) further comprises accessing, by the simulation system, the user’s email account to generate the converted reply simulated phishing email from the user’s email account (pages 2-3:  access the user’s email account).

Claim 6 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
first message sent to an individual along with an attachment).

Claim 7 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, wherein (b) further comprises generating the converted reply email to display a correct name of recipients or senders of the email thread and an incorrect email address for the recipients and senders of the email thread (column 5, line 65 – column 6, line 5:  first message sent to an individual along with an attachment).

Claim 8 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, further comprising identifying, by the simulation system, whether the target user one of interacts with the converted reply email, replies to the converted reply email or forwards the converted reply email (column 5, lines 30-35:  wherein if an individual clicks on the embedded link, a training is provided).

Claim 9 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses:
The method of claim 1, further comprising intercepting, by one or more rules of a server of the entity, any replies to or forwards of the converted reply email (column 5, lines 30-35:  wherein if an individual clicks on the embedded link, a training is provided).

Claim 10 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
simulated phishing attack only needs the recipient’s name and information).

Claim 11 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, wherein (b) further comprises generating the converted reply email as one of a converted reply to a last email of the email thread, a converted reply to a first email of the email thread, or a converted reply to an email intermediary to a first email and a last email of the email thread (column 6, lines 1-10:  sending sequential messages to the user referencing previous emails).

Claim 12 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, wherein (a) further comprises identifying the email thread from the plurality of email threads based on one or more attributes of any of the following: the entity, one or more users that are one of a recipient or a sender of one or more emails of the email thread, subject matter of the email thread (column 6 lines 56-67:  simulated phishing attack only needs the recipient’s name and information).

Claim 13 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, wherein the target user is one of a recipient or a sender of one or more emails of the email thread (column 1, lines 57-67:  sequence of messages sent to an individual).

Claim 14 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
sequence of messages sent to an individual).

Regarding claim 15, Higbee discloses: 
A system for simulating a phishing attack involving an email thread, the system comprising:
a simulation system configured on one or more processors, coupled to memory and configured to:
generate a converted reply simulated phishing email to an email of the email thread, the converted reply simulated phishing email generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread (column 1, lines 51-65, column 3, lines 5-15, 57-65,column 5, lines 37-45:  series of emails referencing each other are generated and sent to an individual); and
communicate to a target user’s email account, the converted reply simulated phishing email (column 7, lines 4-15:  second message may be transmitted in response to one or more of the individual replying to the first message).

Higbee does not explicitly disclose identifying an email thread of a plurality of email threads of an entity for use in a simulated phishing attack.  Higbee does disclose simulating the sending of sequential emails which may resemble an email thread (column 3, lines 57-67), but does not explicitly disclose “identifying” an email thread.  In an analogous art, Cimpanu discloses hijacking email threads in order to deceive users to install malware (pages 3-4).  Higbee can simulate the attack delineated in Cimpanu but instead of a malicious link, it would be the training link provided in Higbee (Higbee:  column 5, lines 25-35).  It would have been obvious to simulate these attacks in the system of Higbee to 


Claim 16 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to identify the email thread, a user’s email account, wherein the user is one of a recipient or a sender of one or more emails of the email thread (column 2, lines 53-67:  message disguised as being from a contact is sent to the individual).

Claim 17 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to one of forward, transfer, or copy to the simulation system, the email thread identified by an administrator of a mail server of the entity (column 5, lines 17-47:  simulated phishing attack is monitored).

Claim 18 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to generate the converted reply simulated phishing email to prompt the target user to one of interact with one of a link or an attachment in the converted reply simulated phishing email, reply to the converted reply simulated phishing email, or forward the converted reply simulated phishing email (column 5, lines 30-35:  wherein if an individual clicks on the embedded link, a training is provided).

Claim 19 is rejected as applied above in rejecting claim 15.  Furthermore, Cimpanu discloses: 
access the user’s email account).

Claim 20 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to generate the converted reply email to remove all recipients or senders of the email thread from the converted reply email except the target user (column 5, line 65 – column 6, line 5:  first message sent to an individual along with an attachment).

Claim 21 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to generate the converted reply email to display a correct name of recipients or senders of the email thread and an incorrect email address for the recipients and senders of the email thread (column 5, line 65 – column 6, line 5:  first message sent to an individual along with an attachment).

Claim 22 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to identify whether the target user one of interacts with the converted reply email, replies to the converted reply email or forwards the converted reply email (column 5, lines 30-35:  wherein if an individual clicks on the embedded link, a training is provided).

Claim 23 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
:  simulation system monitors all email replies).

Claim 24 is rejected as applied above in rejecting claim 15.  Furthermore, Higbeee discloses: 
The system of claim 15, wherein the simulation system is further configured to generate the converted reply email to appear as though it is communicated from the user’s email account (column 6 lines 56-67:  simulated phishing attack only needs the recipient’s name and information).

Claim 25 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to generate the converted reply email as one of a converted reply to a last email of the email thread, a converted reply to a first email of the email thread, or a converted reply to an email intermediary to a first email and a last email of the email thread (column 6, lines 1-10:  sending sequential messages to the user referencing previous emails).

Claim 26 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the simulation system is further configured to identify the email thread from the plurality of email threads based on one or more attributes of any of the following: 
the entity, one or more users that are one of a recipient or a sender of one or more emails of the email thread, subject matter of the email thread (column 6 lines 56-67:  simulated phishing attack only needs the recipient’s name and information).

Claim 27 is rejected as applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
sequence of messages sent to an individual).

Claim 28 is rejected is applied above in rejecting claim 15.  Furthermore, Higbee discloses: 
The system of claim 15, wherein the target user is a user that is not a recipient or a sender of one or more emails of the email thread (column 1, lines 57-67:  sequence of messages sent to an individual).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786.  The examiner can normally be reached on M-F 9-5:30.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Robert Hodge can be reached on 571-272-2097. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KAVEH ABRISHAMKAR/
02/22/2021Primary Examiner, Art Unit 3649