DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections – 35 USC § 101
2.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

 Claims 1-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Independent claims 1, 11 and 21 recite a method comprising: 
intercepting and detecting an active content in a payload of an email arriving at a recipient's email account within an entity or corporation; 
synchronously examining the active content of the email in real time for potential malicious intent of a phishing attack when the recipient attempts to access the active content of the email; 
blocking the recipient from accessing the active content of the email if the active content is identified to be malicious to prevent the recipient from falling victim to the phishing attack; 
disassembling, isolating, and deactivating the malicious active content of the email once the active content of an email has been identified and blocked; 
replacing the malicious active content in the email with training data, wherein the training data is benign active content that is not harmful to the recipient even when he or she accesses the training data; 

The limitations of intercepting content in an email, examining the content, blocking the recipient from accessing the content, disassembling, isolating and deactivating, replacing the content, and reconstructing the email, as drafted, constitutes a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting a system with “engines” (interpreted broadly as generic software and/or computer hardware) for performing the steps in claim 1 and instructions for a computer to perform the steps in claim 21, nothing in the claim elements precludes the steps from practically being performed in the mind. For example, but for the computerized language, “intercepting and detecting” in the context of this claim encompasses a user manually accessing an email intended for another user and evaluating it. Similarly, “synchronously examining”, “blocking”, “disassembling, isolating, and deactivating”, “replacing”, and “reconstructing” covers performance of the limitation in the mind but for the recitation of generic computer components. For example, a person could print the e-mail and make changes using pen and paper before delivering it to the intended user, or a person could access the e-mail on a computer, examine it, and perform alterations on certain content by making mental determinations and providing input to the computer to alter the e-mail. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claims recite an abstract idea. 

The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element amount to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Dependent claims 2-10 and 12-20 recite the same abstract idea as in their respective parent claims, and do not recite additional limitations sufficient to direct the claimed invention to significantly more. These claims only recite additional details of the content and alterations to the e-mail (URL links, neutralizing the URL links, maintaining links) and delivering personalized e-mail or training to a user based on user interactions in a manner that could be performed by a person manually observing the e-mail and making changes to it on a computer, as discussed above. Accordingly, these claims do not recite additional limitations sufficient to direct the claimed abstract idea to significantly more. 
 
3.	Claims 1-10 are also rejected because the claims are directed to non-statutory subject matter. As detailed below, claim 1 recites a system comprising a series of engines. Applicant’s 

CLAIM INTERPRETATION

4.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

5.	Use of the word “means” (or “step for”) in a claim with functional language creates a rebuttable presumption that the claim element is to be treated in accordance with 35 U.S.C. § 112(f) (pre-AIA  35 U.S.C. 112, sixth paragraph).  The presumption that § 112(f) (pre-AIA  § 112, sixth paragraph) is invoked is rebutted when the function is recited with sufficient structure, material, or acts within the claim itself to entirely perform the recited function. 

Claim elements in this application that use the word “means” (or “step for”) are presumed to invoke § 112(f) except as otherwise indicated in an Office action.  Similarly, claim elements that do not use the word “means” (or “step for”) are presumed not to invoke § 112(f) except as otherwise indicated in an Office action. 
6.	Claim limitation “content filtering and interception engine”, “security protection engine”, and “anti-phishing training engine” in claim 1 have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because they use a generic placeholder “engine” coupled with functional language “configured to” without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not preceded by a structural modifier. 
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claim 1 has been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
However, a review of the specification does NOT appear to reveal structure corresponding to the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitations. Par. 15 of Applicant’s specification only states “each of the engines…runs on one or more computing units or hosts”, but does not describe the structure that goes to make up the claimed engines. 

If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 112
8.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.



10.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


11.	Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. As detailed above claim 1 recites limitations that 

Claim Rejections - 35 USC § 102
12.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

13.	Claims 1-4, 11-14 and 21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Emigh et al. (US Patent No. 8,984,640 B1).
Regarding claims 1, 11 and 21, Emigh discloses a system to support neutralizing real cyber threats to training materials, comprising: 
a content filtering and interception engine running on a host and configured to intercept and detect an active content in a payload of an email arriving at a recipient's email account within an entity or corporation (column 8, lines 26-51 – e.g. detect a suspicious URL within a message, which may be an e-mail – column 4, lines 2-5); 
a security protection engine running on a host and configured to 

block the recipient from accessing the active content of the email if the active content is identified to be malicious to prevent the recipient from falling victim to the phishing attack (block traversal – column 17, lines 49-54); 
an anti-phishing training engine running on a host and configured to 
disassemble, isolate, and deactivate the malicious active content of the email once the active content of an email has been identified and blocked (column 17, line 66 – column 18, line 24); 
replace the malicious active content in the email with training data, wherein the training data is benign active content that is not harmful to the recipient even when he or she accesses the training data; and reconstruct payload of the email with the replaced benign training data and deliver the reconstructed payload of the email to the recipient in place of the original email (column 8, line 22 – “displaying a modified version of the link indicating the link is suspicious”; column 25, lines 28-31 – suspicious URL’s may be deactivated and accompanied by a version of the URL that includes an indication of a suspicious factor) (as per claims 1, 11 and 21).
To the extent that Emigh does not explicitly disclose neutralizing real cyber threating “to training materials” in the preamble of claims 1 and 11, reconstruction the email “for an anti-phishing training exercise” in claims 1, 11 and 21, these are merely statements of intended use of the system and method, and do not recite any further structural limitations of the systems of claims 1 and 21 or further steps of the method of claim 11. Accordingly, these limitations do not 

	Regarding claims 2-4 and 12-14, Emigh further discloses:
	the active content of the email is an embedded URL link directing to a website or macros in an attached document to the email (column 25, lines 28-31) (as per claims 2 and 12),
	the anti-phishing training engine is configured to neutralize the URL link directed to the fake website such link no longer pose a security threat to the recipient even if the recipient chooses to click on the link (column 25, lines 28-31) (as per claims 3 and 13), and
	the training data includes neutralized active links and/or active code that are not harmful to the recipient even when he or she clicks on it (deactivated URL – column 25, lines 28-31) (as per claims 4 and 14).	

Claim Rejections - 35 USC § 103
14.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

15.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

16.	Claims 5-10 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Emigh et al. (US Patent No. 8,984,640 B1) in view of Kras et al. (US 2018/0307844 A1).
Regarding claims 5-10 and 15-20, Emigh further discloses the anti-phishing training engine is configured to keep the neutralized URL link and/or document in place within the email as the training data; allow the recipient to access them (column 25, lines 28-31) (as per claims 5 and 15), and the anti-phishing training engine is configured to customize the rendered e-mail specifically for the recipient based on the blocked phishing attack the recipient received in the email (based on the type of phishing attack - column 25, line 55 – column 26, line 3) (as per claims 10 and 20). 
Emigh does not appear to explicitly disclose, but Kras discloses in a similar system for providing simulated phishing attack e-mails for users to interact with:
allowing access to the URL link without prior alert or warning in order to monitor the recipient's behavior when facing the phishing attack (Par. 65, 76) (as per claims 5 and 15), the anti-phishing training engine is configured to maintain the neutralized URL link and/or document and/or the behaviors of the recipient during the anti-phishing training exercise (Par. 79) into the user behavior database (tracker 235) (as per claims 6 and 16), the anti-phishing training engine is configured to access and retrieve the recipient's pattern of behavior of accessing malicious content in the past from the user behavior database to determine the type of anti-phishing training exercise the recipient needs (Par. 83) (as per claims 7 and 17), the anti-phishing training engine is configured to import information related to the behavior of the user/recipient from the user behavior database to personalize the reconstructed payload of the email prescriptively to tailor the training data specific to the recipient (Par. 83) (as per claims 8 
	It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the teachings of Emigh by providing the e-mail messages with deactivated URL links without warnings, as taught by Kras, and providing personalized training to the user based on the user’s interaction with the phishing e-mails in the manner used by Kras with simulated phishing e-mails. Such a modification would involve a use of a known technique (Kras’ tracking of interactions with simulated phishing e-mails and providing of customized training based on the interactions) to improve similar products (Emigh’s anti-phishing system with safe delivery of modified e-mails to users) in the same way. 

Conclusion
17.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Oberheide (US 2017/0126729 A1) discloses methods and systems for implementing a phishing assessment. Bloxham et al. (US 2018/0041537 A1) discloses identifying and remediating phishing security weaknesses. Sadeh-Komiecpol et al. (US 2014/0199663 A1) discloses methods and system for controlling context-aware cybersecurity training. Higbee et al. (US 2018/0191754 A1) discloses suspicious message processing and incident response. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Xuan Thai can be reached at (571) 272-7147.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Peter R Egloff/
Primary Examiner, Art Unit 3715