Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claim(s) 1-20 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Regarding claim 1, applicant's recitation of “wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious to at least one computing device associated with an intended recipient of the first message of the plurality of messages” would have been unclear to one of ordinary skill in the art. The claim is drawn to a computing platform and not a messaging server yet comprises functions of the messaging server. The claim is obfuscated such that one of ordinary skill in the art would not know from the claim terms what structure is encompassed by the claim. To overcome the rejection applicant should 1) positively recite the messaging server as an element of the claimed apparatus; or 2) cancel the language directed to the messaging server. For purposes of prior art application and/or claim interpretation 
Regarding claim 16, applicant's recitation of “wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious to at least one computing device associated with an intended recipient of the first message of the plurality of messages” would have been unclear to one of ordinary skill in the art. The claim is drawn to a method at a computing platform and not a messaging server yet comprises steps enacted by the messaging server. It is further unclear whether the wherein clause comprises a necessary step of the method or is merely descriptive of the sending step. The claim is obfuscated such that one of ordinary skill in the art would not know from the claim terms what steps are encompassed by the claim. To overcome the rejection applicant should 1) positively recite the steps performed by the messaging server as an element of the computing platform; or 2) cancel the language directed to the messaging server. For purposes of prior art application and/or claim interpretation the messaging server and its functions will not be afforded patentable weight. Claims 17 and 20 are addressed by similar rationale regarding the functions of the messaging server.
Dependent claims not addressed are rejected for incorporating the deficiencies of their respective parent claims.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-2, 4-5, 8-12, 14-17, 19-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 20190014143 to Syme.

Regarding claim 1, 
Syme teaches a computing platform, comprising: 

at least one processor; a communication interface; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: monitor a plurality of messages received by a messaging server associated with an operator (¶ 33-37, 40, fig. 2, monitoring messages); 

detect that a first message of the plurality of messages is potentially malicious (¶ 33-37, 40, fig. 2, malicious message detection); and 

in response to detecting that the first message of the plurality of messages is potentially malicious, execute one or more protection actions, wherein executing the one or more protection actions comprises: 

generating a first alert message comprising information indicating that the first message of the plurality of messages is potentially malicious; and sending, via the communication interface, to the messaging server associated with the operator, the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious (¶ 33, fig. 2, alert generation and sending of alert), 

wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious to at least one computing device associated with an intended recipient of the first message of the plurality of messages (fig. 2, ¶ 30, 63, 66, transmission of alerts or notifications).
Regarding claim 2, 17,
Syme teaches: 
wherein monitoring the plurality of messages received by the messaging server associated with the operator comprises: sending, via the communication interface, to the messaging server associated with the operator, a request for new messages being processed by the messaging server associated with the operator; and receiving, via the communication interface, from the messaging server associated with the operator, the plurality of messages (¶ 30, 44, requesting and obtaining messages).

Regarding claim 4, 19,
Syme teaches: 
wherein detecting that the first message of the plurality of messages is potentially malicious comprises identifying that the first message of the plurality of messages contains spam content (¶ 33, spam identification).

Regarding claim 5,
Syme teaches: 
wherein detecting that the first message of the plurality of messages is potentially malicious comprises identifying that the first message of the plurality of messages contains phishing content (¶ 33, phishing identification).

Regarding claim 8,
Syme teaches: 
wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message to the at least one computing device associated with the intended recipient of the first message of the plurality of messages prior to delivering the first message of the plurality of messages to the at least one computing device associated with the intended recipient of the first message of the plurality of messages (¶ 66).




Regarding claim 9,
Syme teaches: 
wherein executing the one or more protection actions comprises: 

generating a second alert message comprising information associated with the first message of the plurality of messages; and sending, via the communication interface, to the messaging server associated with the operator, the second alert message comprising the information associated with the first message of the plurality of messages (¶ 66, secondary alerts)

wherein sending the second alert message to the messaging server associated with the operator causes the messaging server associated with the operator to write one or more log lines to one or more system logs associated with the operator (¶ 66, alert comprising indications related to messages).

Regarding claim 10,
Syme teaches: 
wherein executing the one or more protection actions comprises: identifying an external entity associated with potentially malicious content included in the first message of the plurality of messages; generating a third alert message comprising information associated with the first message of the plurality of messages; and sending, via the communication interface, to a computer system associated with the external entity associated with the potentially malicious content included in the first message of the plurality of messages, the third alert message comprising the information associated with the first message of the plurality of messages (¶ 63, 66, additional alerting).

Regarding claim 11,
Syme teaches: 
wherein identifying the external entity associated with the potentially malicious content included in the first message of the plurality of messages comprises identifying the external entity associated with the potentially malicious content included in the first message of the plurality of messages based on one or more templates associated with the external entity (¶ 63, messaging based on identification of separate computing device).



Regarding claim 12,
Syme teaches: 
wherein generating the third alert message comprising the information associated with the first message of the plurality of messages comprises inserting, into the third alert message, information indicating that the first message of the plurality of messages is associated with a malicious campaign of messages targeting users associated with the external entity (¶ 63, messaging includes information related to malicious message)

Regarding claim 14,
Syme teaches: 
wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 

monitor a second plurality of messages received by the messaging server associated with the operator (¶ 33-37, 40, fig. 2); 

detect that a second message of the second plurality of messages is potentially malicious (¶ 33-37, 40, fig. 2); and 

in response to detecting that the second message of the second plurality of messages is potentially malicious, execute one or more second protection actions, wherein executing the one or more second protection actions comprises: 

generating a second alert message comprising information indicating that the second message of the second plurality of messages is potentially malicious; and 
sending, via the communication interface, to the messaging server associated with the operator, the second alert message comprising the information indicating that the second message of the second plurality of messages is potentially malicious, 
wherein sending the second alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the second alert message comprising the information indicating that the second message of the second plurality of messages is potentially malicious to at least one computing device associated with an intended recipient of the second message of the second plurality of messages (¶ 33-37, 40, 63, 66, fig. 2).




Regarding claim 15,
Syme teaches: 
wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: identify an external entity associated with potentially malicious content included in the second message of the second plurality of messages; identify that the external entity associated with the potentially malicious content included in the second message of the second plurality of messages is also associated with potentially malicious content included in the first message of the plurality of messages; generate a third alert message comprising information indicating that the first message of the plurality of messages and the second message of the second plurality of messages are associated with a malicious campaign of messages targeting users associated with the external entity; and send, via the communication interface, to a computer system associated with the external entity, the third alert message comprising the information indicating that the first message of the plurality of messages and the second message of the second plurality of messages are associated with the malicious campaign of messages targeting users associated with the external entity (¶ 33-37, 40, 63, 66, fig. 2, messaging related to external entity).

Claim 16 and 20 are addressed by similar rationale as claim 1.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating      obviousness or nonobviousness.

Claims 3 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Syme.


Regarding claim 3, 18,
Syme teaches: 
wherein monitoring the plurality of messages received by the messaging server associated with the operator comprises: monitoring one or more short message service (SMS) messages received by the messaging server for delivery (¶ 25).
Syme discloses monitoring common electronic messages such as email or SMS (¶ 25) but does not explicitly indicate that the monitoring extends to MMS or RCS (i.e. “monitoring one or more multimedia messaging service (MMS) messages received by the messaging server for delivery; or monitoring one or more rich communication services (RCS) messages received by the messaging server for delivery”). However, Official Notice is taken that MMS and RCS are common electronic message types. 	
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include MMS and RCS with Syme because Syme is directed to improving computer security related to electronic messages and MMS and RCS are common electronic messages.


Claim 6-7 is rejected under 35 U.S.C. 103 as being unpatentable over Syme in view of US 20200112544 to Smith.
Regarding claim 6,
Syme fails to teach: 
wherein generating the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious comprises inserting, into the first alert message, a source identifier associated with the first message of the plurality of messages, and wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message as originating from the source identifier associated with the first message of the plurality of messages.

However, Smith teaches
wherein generating the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious comprises inserting, into the first alert message, a source identifier associated with the first message of the plurality of messages, and wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message as originating from the source identifier associated with the first message of the plurality of messages (¶ 14, 30).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Smith. The motivation to do so is that the teachings of Smith would have been advantageous in terms of impersonating a trusted device (Smith, ¶ 14).

Regarding claim 7,
Syme fails to teach: 
wherein generating the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious comprises inserting, into the first alert message, a trusted source identifier associated with the computing platform, and 

wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message as originating from the trusted source identifier associated with the computing platform.

wherein generating the first alert message comprising the information indicating that the first message of the plurality of messages is potentially malicious comprises inserting, into the first alert message, a trusted source identifier associated with the computing platform, and wherein sending the first alert message to the messaging server associated with the operator causes the messaging server associated with the operator to deliver the first alert message as originating from the trusted source identifier associated with the computing platform (¶ 14, 30). Motivation to include Smith is the same as presented above.

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Syme in view of US 20120311703 to Yanovsky.
Regarding claim 13,
Syme fails to teach but Yanovsky teaches: 
wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 

detect that a second message of the plurality of messages has changed from a legitimate state to a malicious state; and in response to detecting that the second message of the plurality of messages has changed from the legitimate state to the malicious state: generate a second alert message comprising information indicating that the second message of the plurality of messages is malicious; and send, via the communication interface, to the messaging server associated with the operator, the second alert message comprising the information indicating that the second message of the plurality of messages is malicious (¶ 56, message marked as legitimate is now considered spam and issuance of associated alert).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Yanovsky. The motivation to do so is that the teachings of Yanovsky would have been advantageous in terms of providing notifications of false negatives (Yanovsky, ¶ 56).


CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RYAN J JAKOVAC whose telephone number is (571)270-5003.  The examiner can normally be reached on 8-4 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on 572-270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/RYAN J JAKOVAC/Primary Examiner, Art Unit 2445