DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination (RCE) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed on November 2, 2020 in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on September 24, 2020 has been entered.
 Response to Amendments
	This office action is responsive to application 15/944,254 where the Applicant filed an RCE on November 2, 2020 for the corresponding amendments filed on September 24, 2020.  Claims 1, 6-7, 9-10, 15-16, and 18-19 were amended, and claims 1-20 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed in association with the RCE have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 7 of the Remarks that concerns the objection to the drawings, the Examiner acknowledges the amended specification submitted by the Applicant and apologizes for the oversight.  The objection to the drawings is withdrawn. 

Regarding the Applicant’s response at pages 8-9 of the Remarks that concerns the § 103 rejection of independent claims 1, 10, and 19, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the independent claims because the arguments do not apply to some of the references currently used in the rejection of the aforementioned claims as detailed below.
	Regarding the Applicant’s response at pages 9-10 of the Remarks that concerns the § 103 rejection of dependent claims 3, 5, 12, and 14, the arguments for patentability rely upon the arguments presented for independent claims 1, 10, and 19.  Because the independent claims are not allowable over the prior art as detailed below, the aforementioned dependent claims are similarly not allowable.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1-2, 4, 6-11, 13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide (US 2017/0126729, “Oberheide”) in view of Irimie et al. (US 2018/0124108, “Irimie”).
Regarding Claim 1
A computer-implemented (abstract, Fig. 1) method comprising: 
scanning, by one or more processors (¶ [0014]), data that is maintained on one or more social networks associated with a target social entity (Fig. 2, ¶¶ [0096]-[0101], “The targeting data collected can include any data, and not solely web presence data, about the organization and/or individuals [as a target social entity] associated with the organization.,” and “Examples of targeting data collection include scraping [or scanning] organizational websites and/or websites owned by individuals associated with an organization, scraping websites of service providers and/or affiliated partners/collaborators of the organization, retrieving social media data [of a social network] (e.g., an organization's LinkedIn/Facebook pages, LinkedIn/Facebook profiles of employees, the organization, and the like),” i.e., step “S230”); 
analyzing the scanned data …1 (Fig. 2, ¶¶ [0102]-[0103], “S240 includes generating control and configuration campaign parameters,” and “S240 preferably analyzing the] targeting data collected by S230…”); 
generating custom content based on the analyzed data (Fig. 2, ¶¶ [0107]-[0109], “S240 preferably also includes configuring [or generating] phishing vectors,” “Phishing vectors may include email, instant messaging, social networks,…,” and “S240 may include configuring phishing vectors on a per-individual basis [that comprises custom content];” and/or ¶¶ [0115]-[0117], “Templates generated by S250 may be generic or personalized”); 
posting, by the one or more processors (¶ [0014]), a form of the generated custom content to at least one of the one or more social networks associated with the target social entity (Fig. 2, ¶¶ [0113]-[0115], “S250 includes generating campaign templates. S250 functions to generate phishing campaign material (e.g., websites, emails, instant messages, text messages, images, etc.) to be used in phishing attacks according to one or more configuration parameters,” and “Additionally, or alternatively, S250 may incorporate generating phishing websites in any manner,” i.e., the “templates” are post[ed] within “websites” associated with social networks, such as Facebook and LinkedIn as disclosed in ¶ [0097]; and ¶ [0121], “ S260 may include sending out phishing text messages and emails that direct users to a phishing website (all generated by S250)”); 
detecting an interaction with the form of the generated custom content by the target social entity (¶ [0122], “In addition to producing a phishing attack as specified by S240/S250, S260 preferably includes collecting response [or interaction] data (e.g., did a user enter text into a password box on a phishing page, did a user click on detect[ed]]. S260 preferably includes collecting response data at a finely-grained level in order to provide detailed data for campaign analysis produced by S270.”); and 
determining a vulnerability rating for the target entity based on the interaction (Fig. 2, ¶¶ [0124]-[0126], “Specifically, based on one or more of the response data, user activity and behavior data, and the like, S270 is able to generate [and determin[e]] comprehensive information and illustrations (e.g., graphs, charts, and the like [that suggest a vulnerability rating]) about the results of the phishing campaign for consideration and possibly, further exploration by an administrator.”), 
the vulnerability rating reflecting a likelihood of exposure of the target social entity to at least one of malware or phishing (Fig. 4B, ¶¶ [0124]-[0126], “For example, S270 may generate analysis on which users are most at risk for phishing attacks, so those users may be given special training.”).
Oberheide doesn’t disclose
	1 …using one or more machine learning techniques;
Irimie, however, discloses
	1 …using one or more machine learning techniques (¶ [0066], “A system can be configured to sending multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence.”);
	Regarding the combination of Oberheide and Irimie, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified phishing campaign system of Oberheide to have included machine 
Regarding Claim 2
Oberheide in view of Irimie (“Oberheide-Irimie”) discloses the method of claim 1, and Oberheide further discloses 
wherein scanning, by one or more processors (¶ [0014]), data that is maintained on one or more social networks (Fig. 2, ¶¶ [0096]-[0101]) comprises identifying, by one or more processors (¶ [0014]), data that is associated with one or more social entities (¶ [0097], “Examples of targeting data collection include scraping organizational websites and/or websites owned by individuals associated with an organization, scraping websites of service providers and/or affiliated partners/collaborators of the organization, retrieving social media data (e.g., an organization's LinkedIn/Facebook pages, LinkedIn/Facebook profiles of employees [as one or more social entities], the organization, and the like).”).
Regarding Claim 4
Oberheide-Irimie discloses the method of claim 1, and Oberheide further discloses
wherein analyzing, by the one or more processors,…1 , the scanned data (Fig. 2, ¶¶ [0102]-[0103]) comprises, analyzing the scanned data using one or more models (¶ [0103], “S240 preferably includes generating campaign parameters based on targeting one [] more model).  
Irimie further discloses
	1 …, using one or more machine learning techniques (¶ [0066]),…
	Regarding the combination of Oberheide and Irimie, the rationale to combine is the same as provided for claim 1 based upon the overlapping subject matter between claims 1 and 4.
Regarding Claim 6
Oberheide-Irimie discloses the method of claim 1, and Oberheide further discloses 
wherein detecting the interaction (¶ [0122]) comprises: 
detecting, by one or more processors (¶ [0014]), a selection of the form of the generated custom content by the target social entity (¶ [0107], “Configuring phishing vectors may include configuring vectors to operate individually (e.g., a text message and/or an email both link to a phishing site [that includes the form]) or may include configuring vectors to work in concert (e.g., a text message directs a user to read an email, which contains a link to a phishing site [where the form is select[ed]]),” and ¶ [0122], i.e., the detect[ion] of the selection to perform the phishing campaign.  The Examiner notes that Oberheide doesn’t literally teach the selection of the form; however, given the disclosure of implementing the phishing campaign, it would be obvious to one skilled in the art to include this feature because it merely includes one more way to fool an individual in a phishing attack.  See MPEP § 2141(III), stating “Prior .  
Regarding Claim 7
Oberheide-Irimie discloses the method of claim 1, and Oberheide further discloses
wherein posting, by the one or more processors (¶ [0014]), a form of the generated custom content associated with the target social entity to one or more of the target social entity's social networks (Fig. 2, ¶¶ [0113]-[0115]) comprises: 
posting a URL to one or more of the target social entity's social networks (¶ [0107], “Configuring phishing vectors may include configuring vectors to operate individually (e.g., a text message and/or an email both link to a phishing site) or may include configuring vectors to work in concert (e.g., a text message directs a user to read an email, which contains a link [with a URL] to a phishing site [that is within the target social entity’s social network[]])”), 
detecting, by one or more processors (¶ [0014]), a selection of the URL by the target social entity (¶ [0122], “In addition to producing a phishing attack as specified by S240/S250, S260 preferably includes collecting response data (e.g., did a user enter text into a password box on a phishing page, did a user click on a phishing website)”), and 
directing the target social entity to a particular location (¶ [0122], i.e., the “user click[ing] on a phishing website” direct[s] the target social entity to a particular location).  
Regarding Claim 8
Oberheide-Irimie discloses the method of claim 7, and Oberheide further discloses
further comprising: generating, by the one or more processors (¶ [0014]), a notification based on the detection of the selection of the generated URL by the one or more social entities (¶ [0125], “S270 preferably includes providing a real-time campaign analysis interface (e.g., phishing assessment interface) that tracks activities of users being assessed and how users respond to a phishing campaign. This interface could take the appearance of an interface that shows all users currently interacting with the phishing campaign with some indication of their status (e.g., ‘seen campaign’, ‘clicked on phishing link’…” that thus serves as a notification that has been generat[ed] due to the detection of the selection by one or more social entities).  
Regarding Claim 9
Oberheide-Irimie discloses the method of claim 1, and Oberheide further discloses
wherein generating custom content based on the analyzed data (¶ [0117], “S250 may include generating phishing templates according to a set sophistication criterion; for example, a phishing template generated with a low sophistication criterion might appear obviously suspicious to most users, while a phishing template generated with a high sophistication criterion may not appear suspicious to many users.”) comprises …1.
a …to generate a social media post… (¶ [0117], i.e., the “template”)
Irimie further discloses
	1 …using at least one other machine learning technique …a that mimics at least one of a language, a grammatical structure, or a linguistic structure of the scanned data (¶ [0066], “A system can be configured to sending multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence,” i.e., the “sophistication” of the “simulated emails [or] text messages” suggests using machine language to match language that, as noted by Oberheide above, “may not appear suspicious.”).
	Regarding the combination of Oberheide and Irimie, the rationale to combine is the same as provided for claim 1 based upon the overlapping subject matter between claims 1 and 9.
Regarding Independent Claims 10 and 19
With respect to independent claims 10 and 19, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claims 10 and 19. Therefore, claims 10 and 19 are rejected, for similar reasons, under the grounds set forth for claim1. 
Regarding Claims 11 and 20
With respect to claims 11 and 20, a corresponding reasoning as given earlier for claim 2 applies, mutatis mutandis, to the subject matter of claims 11 and 20. Therefore, claims 11 and 20 are rejected, for similar reasons, under the grounds set forth for claim 2. 

Regarding Claims 13 and 15-18
With respect to claims 13 and 15-18, a corresponding reasoning as given earlier for claims 4 and 6-9 applies, mutatis mutandis, to the subject matter of claims 13 and 15-18. Therefore, claims 13 and 15-18 are rejected, for similar reasons, under the grounds set forth for claims 4 and 6-9. 
B.	Claims 3 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide in view of Irimie, and further in view of Xu (US 2018/0191849, “Xu”).
Regarding Claim 3
Oberheide-Irimie discloses the method of claim 1, and Turpin further discloses
1…, 
the scanned data (Fig. 2, ¶¶ [0096]-[0101]) comprises, …2.
Irimie further discloses
	1 wherein analyzing, by the one or more processors, using one or more machine learning techniques (¶ [0066]),
Oberheide-Irimie doesn’t disclose
	2 analyzing the scanned data using long short-term memory neural networks algorithms.
Xu, however, discloses
	2 analyzing the scanned data (of Oberheide Fig. 2, ¶¶ [0096]-[0101]) using long short-term memory neural networks algorithms (Fig. 4, ¶¶ [0052]-[0053], “FIG . 4 illustrates a system to analyze time sequences to determine Internet activities of a user according to one embodiment of the invention,” which relates to targeting advertising .
Regarding the combination of Oberheide-Irimie and Xu, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Oberheide-Irimie to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices [or methods] in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base method, namely the machine learning method of Irimie (see ¶ [0066]), upon which the claimed invention can be seen as an “improvement” through the use of long short-term memory (LSTM) neural network algorithms that also classifies Internet activity;
2) the prior art contained a “comparable” method, namely the LSTM technique of Xu, that has been improved in the same way as the claimed invention through the LSTM computational method; and
3) one of ordinary skill in the art could have applied the known improvement technique 
of applying the LSTM computational method to the base method, or the computational method of Irimie, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 12
With respect to claim 12, a corresponding reasoning as given earlier for claim 3 applies, mutatis mutandis, to the subject matter of claim 12. Therefore, claim 12 is 
C.	Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide in view of Irimie, and further in view of Kuo et al. (US 2018/0060326, “Kuo”)
Regarding Claim 5
Oberheide-Irimie discloses the method of claim 1, and Oberheide further discloses 
wherein analyzing the scanned data (¶¶ [0102]-[0103]) …1 comprises analyzing scanned data…2.
Irimie further discloses
	1 …using one or more machine learning techniques… (¶ [0066])
Oberheide-Irimie doesn’t disclose
2 … in one or more different languages.
Kuo, however, discloses
	2…in one or more different languages (¶ [0062], “Continuing with the prior example , the language used in the query " drone fishing michael ” may be detected as being English,” i.e., the suggestion that “English” be detected makes it obvious to one skilled in the art that different languages be associated with the scanned data).
Regarding the combination of Oberheide and Irimie, the rationale to combine is the same as provided for claim 1 based upon the overlapping subject matter between claims 1 and 5.
Regarding the combination of Oberheide, Irimie and Kuo, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the phishing campaign system of Oberheide-Irimie to have 
Regarding Claim 14
With respect to claim 14, a corresponding reasoning as given earlier for claim 5 applies, mutatis mutandis, to the subject matter of claim 14. Therefore, claim 14 is rejected, for similar reasons, under the grounds set forth for claim 5. 
Additional Prior Art of Record
	 The Examiner additionally makes of record US 8,484,741 to Chapman that discloses a penetration test through a phishing campaign that uses a customized web page template, see, e.g., Col. 8:44-52. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 8:00-5:00 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491