DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/22/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Specification
The disclosure is objected to because of the following informalities: paragraph 0062 states: “the social engineering classifier engine 140 may comprise a combination of individual classifiers 142-158.” However the drawing only details individual classifiers from 142-146. 
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
7.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Maciejak et al. (US 10,621,343 Bl, “Maciejak”) in view of Sawant et al. (US 10,110,738 Bl, “Sawant”). 
Regarding claim 1, Maciejak teaches a method, in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions executed by the at least one processor to cause the at least one processor to implement a social engineering cognitive system (Maciejak, lines 36-42, fig. 6, “As shown in FIG. 6, computer system 600 includes an external storage device 610, a bus 620, a main memory 630, a read only memory 640, a mass storage device 650, communication port 660, and a processor 670.”), the method comprising: training, by the social engineering cognitive system, a social engineering classifier to classify documents in a corpus as to whether they are associated with a social engineering communication (SEC); processing, by the social engineering cognitive system, one or more documents of the corpus to classify the one or more documents as to whether the one or more documents are associated with an SEC to thereby identify a set of SEC related documents (Maciejak, col. 6, lines 9-27, fig. 1, “According to an embodiment, system 106 can evaluate the package name using a language model, and based on the evaluation by system 106, can classify the executable application as being malicious or non-malicious. To develop a language model, system 106 can, in an exemplary embodiment, build a  domain names, and package names. Further, system 106 can train an N-gram for the corpus in which N can be a customizable length parameter of N-gram…[f]urther, system 106 can label elements of the corpus including the words, the domain names, and the package names as malicious or non-malicious. In an embodiment, the labeling can be done based on package names of existing malicious applications.”); extracting, by the social engineering cognitive system, key features from the SEC related documents in the set of SEC related documents (Maciejak, col. 6, lines 41-52, fig.1, “In an instance, when the executable application is classified as non-malicious by the language model, system 106 can perform a further classification process by extracting one or more icons associated with the received executable application and evaluating a set of icons from the one or more icons using a deep neural network (DNN) model. In an embodiment, a visual anchor that is bundled with executable applications can contain one or more images or icons in multiple sizes ranging from smaller size, for example, 29x29 pixels to a larger size, for example, 1024x1024 pixels. System 106 can extract these icons from the received executable application.”); training, by the social engineering cognitive system, an SEC classification model based on the extracted key features (Maciejak, col. 7, lines 1-14, “According to an embodiment, the DNN model is trained based on a corpus of icons that can be collected by crawling for icons of legitimate applications or non-malicious applications. The corpus of icons can be labeled and grouped into multiple classes such that each class can correspond to one application. For instance, icons can be crawled for using image search via a search engine, for example Google™ images and the icons can be grouped into separate classes pertaining to say WhatsApp™, Facebook™ and Adobe Flash™. Say class A can contain all icons pertaining to WhatsApp™ application. Similarly, class B can contain all icons pertaining to Facebook™ application and class C can contain all icons ); processing, by the trained SEC classification model, a newly received electronic communication to determine whether or not the newly received electronic communication is an SEC(Maciejak, col. 10, lines 44-60, fig.3,  “FIG. 3 is a flow diagram 300 illustrating a process for detecting a malicious executable application in accordance with an embodiment of the present invention. According to an exemplary embodiment, flow diagram 300 represents a method for detecting a malicious executable application (e.g., a malicious mobile app). At step 302, the computing device can receive an executable application or a part thereof from the network. The executable application can be in the form of an installation package or an executable file that can be installed or run on a computing device. At step 304, a package name associated with the received application can be extracted. The package name can be a unique name that is used to identify the executable application. At step 306, the package name can be evaluated using a language model to classify the executable application as being malicious or non-malicious. At step 308, if the application is classified as non-malicious by using the language model, one or more icons associated with the application can be extracted. At step 310, the extracted icons can be evaluated using a deep neural network (DNN) model.”). 
Maciejak does not teach: and performing, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC.
However, Sawant teaches: and performing, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC(Sawant, col. 11, lines 25-46, fig. 1, “The term ‘security action,’ as used herein, may refer to
any action taken during a potentially illegitimate voice call to address the potential illegitimacy of the voice call. In some examples, the security action may include alerting a
).
Accordingly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maciejak’s method in view of Sawant to teach: and performing, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC. The motivation to do so would be to give the end user some indication that the communication is a social engineering attack (Sawant, col.1, “Telephone users are increasingly vulnerable to frauds perpetrated during phone calls. Scammers may pose as agents of trusted institutions, as officials in positions of authority, or representatives of large companies that conduct business with substantial portions of the population. Using these and other social engineering techniques, scammers may persuade their targets to provide personal information, passwords, credit card details, and so forth, paving the way for financial theft, identity theft, or even digital extortion. Unfortunately, many telephone users are unaware of or otherwise unequipped to deal with fraudulent calls… [t]he instant 
Regarding claim 2, Maciejak in view of Sawant teaches the method of claim 1, wherein extracting key features from the SEC related documents in the set of SEC related documents comprises processing at least one of a linked document linked to an SEC related document, or a linked file linked to the SEC related document, to extract features present in the linked document or linked file that are indicative of an SEC(Maciejak, col. 5 lines 49-67, col. 7  lines 1-8, “ Those skilled in the art appreciate that package names, such as the unique application ID of an Android app, are unique identifiers for identifying an application on the computing device. Android package names are written in all lower case to avoid conflict with the names of classes or interfaces and are generally represented in the form of a Java package name. Further, legitimate or non-malicious applications generally have package names that are distinctively different from those of malicious applications. Companies typically use their reversed Internet domain name to begin their package names, for example, "com.example.myapp" for an app named "myapp" created by a programmer at example.com. For example, "com.google.android.youtube" is a non-malicious package that contains all the interfaces and classes of the YouTube Android Player application programming interface (API) and "com.symantec.mobilesecurity" is a non-malicious package representing the Symantec Mobile Security Agent used to enable protection and security for Android handsets and tablets. Based on these examples and other empirical data, it can be inferred that package names of non-malicious applications generally contain company names and/or meaningful or familiar words. On the other hand, package names of malicious applications generally contain sequences of random letters or characters, for example, ).
Regarding claim 3, Maciejak in view of Sawant teaches the method of claim 1, wherein extracting key features from the SEC related documents in the set of SEC related documents comprises extracting, from key structural portions of the documents in the set of SEC related documents, at least one of phrases, terms, or patterns of text, or features present in metadata associated with the documents in the set of SEC related documents(Maciejak, col. 8 line 41-51, “[F]or developing the language model, the corpus can be pre-processed, for example, the text can be converted to lower case and digits and special can be removed from elements of the corpus. Further, the language model can be based on an N-gram model that is used to compute the probability of a sequence of words or letters. The N-gram can pertain to a sequence of N co-occurring letters or words taken from the corpus that can be extracted and trained. In an embodiment, the N-gram model language model can be developed based on the Natural Language Toolkit (NKTL) and python.”).
Regarding claim 4, Maciejak in view of Sawant teaches the method of claim 1, wherein extracting key features from the SEC related documents comprises processing the SEC related documents by a feature extractor implementing at least one of a conditional random field operation, a recurrent neural network operation, or statistical modeling operation, to predict labels for elements of the SEC related documents indicative of an SEC (Sawant, col. 13 lines 10-44, “In one example, the systems and methods described herein may detect fraudulent calls by converting speech to text in real time train…recurrent neural networks on the training data, considering each sample as a sequence of events and/or features showing a dynamic temporal behavior (the recurrent neural networks may deal with sequential data and ).
Regarding claim 5, Maciejak in view of Sawant teaches the method of claim 1, wherein processing, by the trained SEC classification model, the newly received electronic communication to determine whether or not the newly received electronic communication is an SEC comprises: extracting features from the newly received electronic communication; and performing a weighted evaluation of the extracted features from the newly received electronic communication in accordance with weights defined in the trained SEC classification model (Sawant, col. 9 lines 24-34, “For example, a security service provider may have gathered a database of sample voice calls and classified the calls ( e.g., as legitimate or illegitimate; as non-fraudulent or fraudulent, etc.). The security service provider may have then trained the neural network by extracting feature sets (e.g., isomorphic to the feature sets generated by the systems and methods described herein, for example, on a mobile phone during a voice call) from the sample voice calls and applying the feature sets and the classifications to the neural network to modify the neural network via supervised learning.”), to generate a probability score for the newly received communication indicating a probability that the newly received electronic communication is an SEC (Sawant, col. 10 lines 40-50, fig. 1, “Determination module 108 may determine that the likelihood that the incoming voice call is illegitimate is above a predetermined threshold in any suitable manner. For example, one or more nodes in the output layer of the neural network may represent a probability that the voice call is illegitimate (e.g., according to an "illegitimate" classification). In one example, one or more nodes in the output layer of the neural network may represent a probability that the voice call ).
Regarding claim 6, Maciejak in view of Sawant teaches the method of claim 5, wherein the weights defined in the trained SEC classification model are machine learned weights associated with features of electronic communications that indicate a relative importance of extracted features in determining whether or not electronic communications are SECs(Sawant, col. 9 lines 24-34, “For example, a security service provider may have gathered a database of sample voice calls and classified the calls ( e.g., as legitimate or illegitimate; as non-fraudulent or fraudulent, etc.). The security service provider may have then trained the neural network by extracting feature sets (e.g., isomorphic to the feature sets generated by the systems and methods described herein, for example, on a mobile phone during a voice call) from the sample voice calls and applying the feature sets and the classifications to the neural network to modify the neural network via supervised learning.” Note: It is being interpreted that modifying the neural network via supervised learning represents machine learned weights associated with features of electronic communications that indicate a relative importance of extracted features in determining whether or not electronic communications are SECs).
Regarding claim 7, Maciejak in view of Sawant teaches the method of claim 1, further comprising: notifying, by the social engineering cognitive system, a user of results of processing the newly received electronic communication to determine whether or not the newly received electronic communication is an SEC; receiving, by the social engineering cognitive system, user feedback in response to the notification, wherein the user feedback indicates a correctness or incorrectness of the results of the processing of the newly received electronic communication; and updating, by the social engineering cognitive system, training of the trained SEC classification model based on the user feedback(Sawant, col. 13 lines 56-62, col.14 lines 1-21, “In some examples, pre-trained models for classifying calls may be available in a central repository. When an application for detecting illegitimate calls is installed on a user's phone, the application may download a pre-trained model…[u]pon identifying a call, the application may start monitoring the conversation. The application may activate the speech to-text converter, the voice analyzer, and/or the sound analyzer. These components may extract raw features, while the feature transformation engine may produce features in a form consumable by the model. The model may produce a fraudulence assessment every few seconds (e.g., as configured). The application may take actions as configured if the fraudulence assessment crosses a configured threshold. Once a call being monitored finishes, the application may query the user about the fraudulence of the call. The user's input in response may be uploaded to the central repository. Pre-trained models may be retrained using the user's input ( e.g., globally by retraining repository-stored models and/or individually by retraining an instance of the model specific to the user and/or to a group to which the user belongs). Once a new model is generated the application may update the model by downloading the new version from the central repository.”).
Regarding claim 8, Maciejak in view of Sawant teaches the method of claim 1, wherein the responsive action is an operation executed by the computing device to mitigate negative effects of the newly received electronic communication with regard to at least one of an operation of the computing device or access to personal information of a user of the computing device(Sawant, col. 11 lines 26-40, “The term [‘]security action,[’] as used herein, may refer to any action taken during a potentially illegitimate voice call to address the potential illegitimacy of the voice call. In some examples, the security action may include alerting a user ).1
Regarding claim 9, Maciejak in view of Sawant teaches the method of claim 1, wherein the responsive action is at least one of deleting the newly received electronic communication, moving the newly received electronic communication to a specific storage location, outputting a notification warning a user to not respond to the newly received electronic communication or open any attachments associated with the newly received communication, or reporting the newly received electronic communication to a provider of the trained SEC classification model(Sawant, col. 11, lines 25-46, “The term ‘security action,’ as used herein, may refer to any action taken during a potentially illegitimate voice call to address the potential illegitimacy of the voice call. In some examples, the security action may include alerting a user of the computing system during the incoming voice call about the likelihood that the incoming voice call is illegitimate. For example, the computing system may (e.g., once the estimated likelihood is above a predetermined threshold) display the estimated likelihood that the incoming voice call is illegitimate (e.g., fraudulent). Additionally or alternatively, the computing system may display suggested instructions to the user ( e.g., to terminate the call, to avoid providing certain types of personal information and/or to avoid taking ).2
Regarding claim 10, Maciejak in view of Sawant teaches the method of claim 1, wherein processing the newly received electronic communication to determine whether or not the newly received electronic communication is an SEC comprises: deploying, by the social engineering cognitive system, the trained SEC classification model to the computing device via at least one data network; and executing, by the computing device, the SEC classification model in association with a communication application executing on the computing device, to classify communications received by the communication application(Sawant, col. 13 lines 56-62, col.14 lines 1-11, “In some examples, pre-trained models for classifying calls may be available in a central repository. When an application for detecting illegitimate calls is installed on a user's phone, the application may download a pre-trained model. The application may also download, locate, and/or come equipped with a speech-to-text converter, a voice analyzer, a sound analyzer, and/or a feature transformation engine…[u]pon identifying a call, the application may start monitoring the conversation. The application may activate the speech to-text converter, the voice analyzer, and/or the sound analyzer. These components may extract raw features, while the feature transformation engine may produce features in a form consumable by the model. The model may produce a fraudulence assessment every few seconds (e.g., as configured). The ).
Regarding claim 11, Maciejak teaches a computer program product comprising a computer readable storage medium having a computer readable program stored therein(Maciejak, lines 36-42, fig. 6, “As shown in FIG. 6, computer system 600 includes an external storage device 610, a bus 620, a main memory 630, a read only memory 640, a mass storage device 650, communication port 660, and a processor 670.”), wherein the computer readable program, when executed in a data processing system, configures the data processing system to implement a social engineering cognitive system and operate to: train, by the social engineering cognitive system, a social engineering classifier to classify documents in a corpus as to whether they are associated with a social engineering communication (SEC); process, by the social engineering cognitive system, one or more documents of the corpus to classify the one or more documents as to whether the one or more documents are associated with an SEC to thereby identify a set of SEC related documents(Maciejak, col. 6, lines 9-27, fig. 1, “According to an embodiment, system 106 can evaluate the package name using a language model, and based on the evaluation by system 106, can classify the executable application as being malicious or non-malicious. To develop a language model, system 106 can, in an exemplary embodiment, build a corpus containing a collection of words domain names, and package names. Further, system 106 can train an N-gram for the corpus in which N can be a customizable length parameter of N-gram…[f]urther, system 106 can label elements of the corpus including the words, the domain names, and the package names as malicious or non-malicious. In an embodiment, the labeling can be done based on package names of existing malicious applications.”); extract, by the social engineering cognitive system, key features from the SEC related documents in the set of SEC related documents(Maciejak, col. 6, lines 41-52, fig.1, “In an instance, when the executable application is classified as non-malicious by the language model, system 106 can perform a further classification process by extracting one or more icons associated with the received executable application and evaluating a set of icons from the one or more icons using a deep neural network (DNN) model. In an embodiment, a visual anchor that is bundled with executable applications can contain one or more images or icons in multiple sizes ranging from smaller size, for example, 29x29 pixels to a larger size, for example, 1024x1024 pixels. System 106 can extract these icons from the received executable application.”); train, by the social engineering cognitive system, an SEC classification model based on the extracted key features(Maciejak, col. 7, lines 1-14, “According to an embodiment, the DNN model is trained based on a corpus of icons that can be collected by crawling for icons of legitimate applications or non-malicious applications. The corpus of icons can be labeled and grouped into multiple classes such that each class can correspond to one application. For instance, icons can be crawled for using image search via a search engine, for example Google™ images and the icons can be grouped into separate classes pertaining to say WhatsApp™, Facebook™ and Adobe Flash™. Say class A can contain all icons pertaining to WhatsApp™ application. Similarly, class B can contain all icons pertaining to Facebook™ application and class C can contain all icons pertaining to Adobe Flash™ application.”); process, by the trained SEC classification model, a newly received electronic communication to determine whether or not the newly received electronic communication is an SEC(Maciejak, col. 10, lines 44-60, fig.3,  “FIG. 3 is a flow diagram 300 illustrating a process for detecting a malicious executable application in accordance with an embodiment of the present invention. According to an exemplary embodiment, flow diagram 300 represents a method for detecting a malicious executable application (e.g., a malicious mobile ). 
Maciejak does not teach: and perform, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC.
However, Sawant teaches: and perform, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC(Sawant, col. 11, lines 25-46, fig. 1, “The term ‘security action,’ as used herein, may refer to
any action taken during a potentially illegitimate voice call to address the potential illegitimacy of the voice call. In some examples, the security action may include alerting a
user of the computing system during the incoming voice call about the likelihood that the incoming voice call is illegitimate. For example, the computing system may (e.g., once the estimated likelihood is above a predetermined threshold) display the estimated likelihood that the incoming voice call is illegitimate (e.g., fraudulent). Additionally or alternatively, the computing system may display suggested instructions to the user ( e.g., to terminate the call, to avoid providing certain types of personal information and/or to avoid taking certain types of actions, such as money transfers). In some examples, the computing system may alert the user with a ).
Accordingly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maciejak’s computer program product in view of Sawant to teach: and perform, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC. The motivation to do so would be to give the end user some indication that the communication is a social engineering attack (Sawant, col.1, “Telephone users are increasingly vulnerable to frauds perpetrated during phone calls. Scammers may pose as agents of trusted institutions, as officials in positions of authority, or representatives of large companies that conduct business with substantial portions of the population. Using these and other social engineering techniques, scammers may persuade their targets to provide personal information, passwords, credit card details, and so forth, paving the way for financial theft, identity theft, or even digital extortion. Unfortunately, many telephone users are unaware of or otherwise unequipped to deal with fraudulent calls… [t]he instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting illegitimate voice calls.”).
Regarding claim 12, Maciejak in view of Sawant teaches the computer program product of claim 11, wherein the computer readable program further causes the data processing system to extract key features from the SEC related documents in the set of SEC related documents at least by processing at least one of a linked document linked to an SEC related document, or a linked file linked to the SEC related document, to extract features present in the linked document or linked file that are indicative of an SEC(Maciejak, col. 5 lines 49-67, col. 7  lines 1-8, “ Those skilled in the art appreciate that package names, such as the unique application ID of an Android app, are unique identifiers for identifying an application on the computing device. Android package names are written in all lower case to avoid conflict with the names of classes or interfaces and are generally represented in the form of a Java package name. Further, legitimate or non-malicious applications generally have package names that are distinctively different from those of malicious applications. Companies typically use their reversed Internet domain name to begin their package names, for example, "com.example.myapp" for an app named "myapp" created by a programmer at example.com. For example, "com.google.android.youtube" is a non-malicious package that contains all the interfaces and classes of the YouTube Android Player application programming interface (API) and "com.symantec.mobilesecurity" is a non-malicious package representing the Symantec Mobile Security Agent used to enable protection and security for Android handsets and tablets. Based on these examples and other empirical data, it can be inferred that package names of non-malicious applications generally contain company names and/or meaningful or familiar words. On the other hand, package names of malicious applications generally contain sequences of random letters or characters, for example, "etcqlnzwauf.hflivryhdnjb" as the package names of malicious applications are typically programmatically generated.”).
Regarding claim 13, Maciejak in view of Sawant teaches the computer program product of claim 11, wherein the computer readable program further causes the data processing system to extract key features from the SEC related documents in the set of SEC related documents at least by extracting, from key structural portions of the documents in the set of SEC related documents, at least one of phrases, terms, or patterns of text, or features present in metadata associated with the documents in the set of SEC related documents(Maciejak, col. 8 line 41-51, “[F]or developing the language model, the corpus can be pre-processed, for example, the text can be converted to lower case and digits and special can be removed from elements of the corpus. Further, the language model can be based on an N-gram model that is used to compute the probability of a sequence of words or letters. The N-gram can pertain to a sequence of N co-occurring letters or words taken from the corpus that can be extracted and trained. In an embodiment, the N-gram model language model can be developed based on the Natural Language Toolkit (NKTL) and python.”).
Regarding claim 14, Maciejak in view of Sawant teaches the computer program product of claim 11, wherein the computer readable program further causes the data processing system to extract key features from the SEC related documents at least by processing the SEC related documents by a feature extractor implementing at least one of a conditional random field operation, a recurrent neural network operation, or statistical modeling operation, to predict labels for elements of the SEC related documents indicative of an SEC(Sawant, col. 13 lines 10-44, “In one example, the systems and methods described herein may detect fraudulent calls by converting speech to text in real time train…recurrent neural networks on the training data, considering each sample as a sequence of events and/or features showing a dynamic temporal behavior (the recurrent neural networks may deal with sequential data and have a continuously updated memory along with the current state, which may be used to provide a prediction/probability of an event at a point in time).”).
Regarding claim 15, Maciejak in view of Sawant teaches the computer program product of claim 11, wherein the computer readable program further causes the data processing system to process, by the trained SEC classification model, the newly received electronic communication  extracting features from the newly received electronic communication; and performing a weighted evaluation of the extracted features from the newly received electronic communication in accordance with weights defined in the trained SEC classification model(Sawant, col. 9 lines 24-34, “For example, a security service provider may have gathered a database of sample voice calls and classified the calls ( e.g., as legitimate or illegitimate; as non-fraudulent or fraudulent, etc.). The security service provider may have then trained the neural network by extracting feature sets (e.g., isomorphic to the feature sets generated by the systems and methods described herein, for example, on a mobile phone during a voice call) from the sample voice calls and applying the feature sets and the classifications to the neural network to modify the neural network via supervised learning.”), to generate a probability score for the newly received communication indicating a probability that the newly received electronic communication is an SEC(Sawant, col. 10 lines 40-50, fig. 1, “Determination module 108 may determine that the likelihood that the incoming voice call is illegitimate is above a predetermined threshold in any suitable manner. For example, one or more nodes in the output layer of the neural network may represent a probability that the voice call is illegitimate (e.g., according to an "illegitimate" classification). In one example, one or more nodes in the output layer of the neural network may represent a probability that the voice call includes fraudulent activity (e.g., a scammer attempting to induce a target to provide private information, to transfer funds, etc.).”).
Regarding claim 16, Maciejak in view of Sawant teaches the computer program product of claim 15, wherein the weights defined in the trained SEC classification model are machine learned weights associated with features of electronic communications that indicate a relative importance of extracted features in determining whether or not electronic communications are SECs(Sawant, col. 9 lines 24-34, “For example, a security service provider may have gathered a database of sample voice calls and classified the calls ( e.g., as legitimate or illegitimate; as non-fraudulent or fraudulent, etc.). The security service provider may have then trained the neural network by extracting feature sets (e.g., isomorphic to the feature sets generated by the systems and methods described herein, for example, on a mobile phone during a voice call) from the sample voice calls and applying the feature sets and the classifications to the neural network to modify the neural network via supervised learning.” Note: It is being interpreted that modifying the neural network via supervised learning represents machine learned weights associated with features of electronic communications that indicate a relative importance of extracted features in determining whether or not electronic communications are SECs).
Regarding claim 17, Maciejak in view of Sawant teaches the computer program product of claim 11, wherein the computer readable program further causes the data processing system to: notify, by the social engineering cognitive system, a user of results of processing the newly received electronic communication to determine whether or not the newly received electronic communication is an SEC; receive, by the social engineering cognitive system, user feedback in response to the notification, wherein the user feedback indicates a correctness or incorrectness of the results of the processing of the newly received electronic communication; and update, by the social engineering cognitive system, training of the trained SEC classification model based on the user feedback(Sawant, col. 13 lines 56-62, col.14 lines 1-21, “In some examples, pre-trained models for classifying calls may be available in a central repository. When an application for detecting illegitimate calls is installed on a user's phone, the application may download a pre-trained model…[u]pon identifying a call, the ).
Regarding claim 18, Maciejak in view of Sawant teaches the computer program product of claim 11, wherein the responsive action is an operation executed by the computing device to mitigate negative effects of the newly received electronic communication with regard to at least one of an operation of the computing device or access to personal information of a user of the computing device(Sawant, col. 11 lines 26-40, “The term [‘]security action,[’] as used herein, may refer to any action taken during a potentially illegitimate voice call to address the potential illegitimacy of the voice call. In some examples, the security action may include alerting a user of the computing system during the incoming voice call about the likelihood that the incoming voice call is illegitimate. For example, the computing system may (e.g., once the estimated likelihood is above a predetermined threshold) display the estimated likelihood that the incoming voice call is illegitimate (e.g., fraudulent). Additionally or alternatively, the computing ).3
Regarding claim 19, Maciejak in view of Sawant teaches the computer program product of claim 11, wherein the responsive action is at least one of deleting the newly received electronic communication, moving the newly received electronic communication to a specific storage location, outputting a notification warning a user to not respond to the newly received electronic communication or open any attachments associated with the newly received communication, or reporting the newly received electronic communication to a provider of the trained SEC classification model(Sawant, col. 11, lines 25-46, “The term ‘security action,’ as used herein, may refer to any action taken during a potentially illegitimate voice call to address the potential illegitimacy of the voice call. In some examples, the security action may include alerting a user of the computing system during the incoming voice call about the likelihood that the incoming voice call is illegitimate. For example, the computing system may (e.g., once the estimated likelihood is above a predetermined threshold) display the estimated likelihood that the incoming voice call is illegitimate (e.g., fraudulent). Additionally or alternatively, the computing system may display suggested instructions to the user ( e.g., to terminate the call, to avoid providing certain types of personal information and/or to avoid taking certain types of actions, such as money transfers). In some examples, the computing system may alert the user with a warning sound and/or audible warning message played over the call. Additionally or alternatively, performing module 110 may provide tactile feedback to the user ).4
Regarding claim 20, Maciejak teaches a data processing system comprising: at least one processor; and at least one memory coupled to the at least one processor(Maciejak, lines 36-42, fig. 6, “As shown in FIG. 6, computer system 600 includes an external storage device 610, a bus 620, a main memory 630, a read only memory 640, a mass storage device 650, communication port 660, and a processor 670.”), wherein the at least one memory comprises instructions which, when executed by the at least one processor, cause the data processing system to implement a social engineering cognitive system and operate to: train, by the social engineering cognitive system, a social engineering classifier to classify documents in a corpus as to whether they are associated with a social engineering communication (SEC); process, by the social engineering cognitive system, one or more documents of the corpus to classify the one or more documents as to whether the one or more documents are associated with an SEC to thereby identify a set of SEC related documents(Maciejak, col. 6, lines 9-27, fig. 1, “According to an embodiment, system 106 can evaluate the package name using a language model, and based on the evaluation by system 106, can classify the executable application as being malicious or non-malicious. To develop a language model, system 106 can, in an exemplary embodiment, build a corpus containing a collection of words domain names, and package names. Further, system 106 can train an N-gram for the corpus in which N can be a customizable length parameter of N-gram…[f]urther, system 106 can label elements of the corpus including the words, the domain names, and the package names as malicious or non-malicious. In an embodiment, the labeling can be done based on package names of existing ; extract, by the social engineering cognitive system, key features from the SEC related documents in the set of SEC related documents(Maciejak, col. 6, lines 41-52, fig.1, “In an instance, when the executable application is classified as non-malicious by the language model, system 106 can perform a further classification process by extracting one or more icons associated with the received executable application and evaluating a set of icons from the one or more icons using a deep neural network (DNN) model. In an embodiment, a visual anchor that is bundled with executable applications can contain one or more images or icons in multiple sizes ranging from smaller size, for example, 29x29 pixels to a larger size, for example, 1024x1024 pixels. System 106 can extract these icons from the received executable application.”); train, by the social engineering cognitive system, an SEC classification model based on the extracted key (Maciejak, col. 7, lines 1-14, “According to an embodiment, the DNN model is trained based on a corpus of icons that can be collected by crawling for icons of legitimate applications or non-malicious applications. The corpus of icons can be labeled and grouped into multiple classes such that each class can correspond to one application. For instance, icons can be crawled for using image search via a search engine, for example Google™ images and the icons can be grouped into separate classes pertaining to say WhatsApp™, Facebook™ and Adobe Flash™. Say class A can contain all icons pertaining to WhatsApp™ application. Similarly, class B can contain all icons pertaining to Facebook™ application and class C can contain all icons pertaining to Adobe Flash™ application.”);process, by the trained SEC classification model, a newly received electronic communication to determine whether or not the newly received electronic communication is an SEC (Maciejak, col. 10, lines 44-60, fig.3,  “FIG. 3 is a flow diagram 300 illustrating a process for detecting a malicious executable application in accordance with an embodiment of the present invention. According to ).  
Maciejak does not teach: and perform, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC.
However, Sawant teaches: and perform, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC(Sawant, col. 11, lines 25-46, fig. 1, “The term ‘security action,’ as used herein, may refer to
any action taken during a potentially illegitimate voice call to address the potential illegitimacy of the voice call. In some examples, the security action may include alerting a
user of the computing system during the incoming voice call about the likelihood that the incoming voice call is illegitimate. For example, the computing system may (e.g., once the estimated likelihood is above a predetermined threshold) display the estimated likelihood that the incoming voice call is illegitimate (e.g., fraudulent). Additionally or alternatively, the computing system may display suggested instructions to the user ( e.g., to terminate the call, to avoid ).
Accordingly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Maciejak’s computer program product in view of Sawant to teach: and perform, by a computing device, a responsive action in response to determining that the newly received electronic communication is an SEC. The motivation to do so would be to give the end user some indication that the communication is a social engineering attack (Sawant, col.1, “Telephone users are increasingly vulnerable to frauds perpetrated during phone calls. Scammers may pose as agents of trusted institutions, as officials in positions of authority, or representatives of large companies that conduct business with substantial portions of the population. Using these and other social engineering techniques, scammers may persuade their targets to provide personal information, passwords, credit card details, and so forth, paving the way for financial theft, identity theft, or even digital extortion. Unfortunately, many telephone users are unaware of or otherwise unequipped to deal with fraudulent calls… [t]he instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting illegitimate voice calls.”). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 US 2018/0097827 Al
US 10,834,127 Bl 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ADAM CLARK STANDKE whose telephone number is (571)270-1806.  The examiner can normally be reached on 7:00-5:00 M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kakali Chaki can be reached on (571) 272-3719.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 






/ADAM C STANDKE/Examiner, Art Unit 2122                                                                                                                                                                                                        
/ERIC NILSSON/Primary Examiner, Art Unit 2122                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 According to the broadest reasonable interpretation (BRI), the use of alternative language amounts to mapping one
        or more elements but not all.
        2 According to the broadest reasonable interpretation (BRI), the use of alternative language amounts to mapping one
        or more elements but not all.
        3 According to the broadest reasonable interpretation (BRI), the use of alternative language amounts to mapping one
        or more elements but not all.
        4 According to the broadest reasonable interpretation (BRI), the use of alternative language amounts to mapping one
        or more elements but not all.