PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/829,732
Filing Date: 1 Dec 2017
Appellant(s): Irimie et al.



__________________
Christopher J. McKenna
Reg. No. 53,302
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 10/18/2021.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 2/24/2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
The following ground(s) of rejection are applicable to the appealed claims.

Claim Rejections - 35 USC § 103

Claims 1-29 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. 8,464,346 to Barai, et al (hereinafter Barai) as applied to claim 1 and claim 16 respectively above, and further in view of US PG Pub. No. 2012/0124671 to Fritzson et al. (hereinafter Fritzson) in view of US PG Pub. No. 2013/0347116 to Flores et al. (hereinafter Flores).

As to claims 1, 16, and 31, Barai teaches:
a.	Training a model by applying machine learning on at least one or more attributes of a plurality of users and one or more responses of a plurality of users from results of simulated attacks (scan controller and master agent gather information and initiate simulated attacks on systems according to vulnerabilities found within the systems and gathered information is used for developing attack 
Barai teaches simulating hacking attacks, but does not expressly mention phishing attacks. However, in an analogous art, Fritzson teaches phishing communications (tracking responses to phishing e-mail messages) (Fritzson, [0032]) using a plurality of types of exploits (types of exploits) (Barai, 7:51-60), the model comprising a neural network trained to take as input at least one or more attributes of a user and one or more responses of the user and provides as output a type of exploit to use for that user responsive to the input (criterion is selected which determines the type of attack to use on the user) (Barai, 9:24-10:58) .
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the simulated hacking attacks of Barai with the tracking and analyzing of user responses to the simulated phishing attacks of Fritzson in order to improve system security through attack awareness training as suggested by Fritzson (Fritzson, [0003]).
Barai as modified uses artificial intelligence and/or machine learning techniques in training the model, but does not explicitly recite a “neural network”. However, in an analogous art, Flores teaches the use of neural networks in developing phishing simulations for training purposes (Flores, [0078]).
Therefore, one of ordinary skill in the art at the time the invention was made would have been motivated to implement the simulated hacking attacks of Barai as modified with the use of neural networks of Flores in order to make the target network more secure as suggested by Flores (Flores, [0005]).

b.	Identifying, by the campaign controller, the user for which to communicate the simulated phishing communication and one or more attributes of the user and one or more responses of the user to one or more simulated phishing communications (attack strategy identifies which users to target with what kind of attack) (Barai, 12:20-67).
c.	Providing, by the campaign controller, each of the one or more attributes of the user and one or more responses of the user to one or more simulated phishing communications (at least the human profile model data is used for input for devising the attack strategy) (Barai, 12:20-67).
d.	Receiving, from the model, by the campaign controller responsive to providing the input, an output identifying a first type of exploit from the plurality of types of exploits to use for the user in the simulated phishing communication (attributes of at least the Network, user behavior, and user input (security mistakes) are used to continuously update and refine simulated attacks) (Barai, 12:20-67).
e.	Selecting, by the campaign controller the first type of exploit from the plurality of types of exploits, identified by the campaign controller from the output of the model received by the campaign controller from the model (attributes of users include users disclosing sensitive information, easily trusting strangers, 
f.	Communicating, by the campaign controller, to the one or more devices of the user the simulated phishing communication comprising the first type of exploit selected by the campaign controller from the output of the model (attack is initiated) (Barai, 8:7-18, 9:24-10:58, and 12:1-9).

As to claims 2 and 17, Barai as modified teaches receiving by the campaign controller, a response from the user to the simulated phishing communication (tracking responses to phishing e-mail messages) (Fritzson, [0032]).

As to claims 3 and 18, Barai as modified teaches selecting, by the campaign controller based on at least the response, a second type of exploit for a second simulated phishing communication to be communicated to the one or more devices of the user, and communicating to the one or more devices of the user the second simulated phishing communication comprising the second type of exploit (the attacks are performed in multiple stages and test different exploits) (Barai, 7:49-8:32).

As to claims 4 and 19, Barai as modified teaches selecting, by the campaign controller, a first template of a plurality of templates for the second simulated phishing communication, the first template comprising the second type of exploit (each attack has its own template in the attack template repository) (Barai, 14:41-46).



As to claims 6 and 21, Barai as modified teaches the model is a personal model trained to represent a certain type of persona or personality (myriad personal attributes are including to represent certain personalities including naiveté, diffidence, curiosity, position in the organization, human relationships) (Barai, 12:1-67).

As to claims 7 and 22, Barai as modified teaches applying, by the campaign controller, to select the first type of exploit one of artificial intelligence or machine learning to one or more of the following: one or more attributes of the user and one or more responses from the user (Barai, 12:1-67).

As to claims 8 and 23, Barai as modified teaches selecting, by the campaign controller, a first template of a plurality of templates for the simulated phishing communication, the first template comprising the template type of exploit (each attack has its own template in the attack template repository) (Barai, 14:41-46).

As to claims 9 and 24, Barai as modified teaches applying, by the campaign controller, to select the first template one of artificial intelligence or machine learning to 

As to claims 10 and 25, Barai as modified teaches the first template comprises a sequence of a plurality of simulated phishing communications, each of the plurality of simulated phishing communications comprising a different type of exploit of the plurality of types of exploits and a simulated phishing communication of the plurality of simulated phishing communications comprising the first type of exploit (Barai, 12:1-67 and 14:41-46).

As to claims 11 and 26, Barai as modified teaches the first template comprises a sequence of a plurality of simulated phishing communications, each of the plurality of simulated phishing communications comprising a different timing between the simulated phishing communications (simulated attacks run for a predefined time and the attacks can have multiple parts that have to be executed before the time expires) (Barai, 7:42-45).

As to claims 12 and 27, Barai as modified teaches the plurality of types of exploit comprise one of a macro, an executable, a document with the executable or a link (Barai, 12:33-45).

As to claims 13 and 28, Barai as modified teaches selecting, by the campaign controller using the model, a second type of exploit of the plurality of types of exploits 

As to claims 14 and 29, Barai as modified teaches communicating, by the campaign controller, to the one or more devices of the second user the second simulated phishing communication comprising the second type of exploit (scan controller and master agent gather information and initiate simulated attacks on systems according to vulnerabilities found within the systems) (Barai, 6:1-7:38).

As to claim 15, Barai as modified teaches determining, by the campaign controller, a third type of exploit to communicate via a third simulated phishing communication to the second user responsive to a response from the second user to the second simulated phishing communication (a first user is attacked and compromised and the information gathered from that attack leads to more attacks on other users and so on) (Barai, 5:45-67).

Double Patenting

The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may 

Claims 1-29 and 31 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of U.S. Patent No. 9,894,092. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations of the instant application are merely broader in scope than the limitations of the patented claims. The ‘092 patent is concerned specifically with simulated phishing e-mail attacks while the instant application is concerned with simulated phishing attacks in general, which includes phishing e-mails along with the use of generally available tools that help to automate the execution of the patented limitations. The instant application uses artificial intelligence algorithms and neural network models in determining what exploits to use against a user while the patented claims are more general in nature and do not use the terms models, artificial intelligence, and neural networks.

NEW GROUNDS OF REJECTION

There are no new grounds of rejection.

WITHDRAWN REJECTIONS

The following grounds of rejection are not presented for review on appeal because they have been withdrawn by the examiner.  There are no withdrawn rejections.

(2) Response to Argument

	As to Appellant’s assertion that, “The Examiner has not identified how the neural network of the combination of references is trained nor has the Examiner identified the specific inputs to the neural network and specific output from the neural network as recited in the Claims” (Brief, p. 9), the Board’s attention is directed to at least Barai, 12:20-67 which specifies user behaviors and user attributes that are stored and used in the development of simulated attacks including security mistakes, clicking on false links, disclosing passwords, using weak passwords, using the same passwords for different accounts, interpersonal relationships, and the like. The critical sentence in the reference is “The attack strategies can be added or updated by the user or by applying artificial intelligence algorithms” (Barai, 12:65-67). Barai describes the inputs that are used in generating simulated attacks which can be done by a user of the scheme or “by applying artificial algorithms”. It is abundantly clear that the same inputs (user behavior, user inputs, network capabilities, security policies (Barai, 12:1-67)) and the same outputs (generating simulated attacks (Barai, 4:12-33) whether the simulated attacks are generated by a human or artificial intelligence algorithms. The Appellant’s own 
	
	As to Appellant’s assertion that, “The combination of Barai, Fritzson, and Flores fails to teach or suggest ‘the campaign controller, providing each of the one or more attributes of the user and the one or more responses of the user as input to the model and responsive to providing the input the campaign controller receiving from the model, an output identifying a first type of exploit from the plurality of types of exploits to use for the user in the simulated phishing communication” (Brief, p. 11), the Board is directed to the rejection of the independent claims reproduced above for the applied art references to the limitations. The Appellant further asserts that there is no “communications interface between the controller/agents and the artificial intelligence algorithm” (Brief, p. 
For the above reasons, it is believed that the rejections should be sustained.




Respectfully submitted,
/WILLIAM S POWERS/Primary Examiner, Art Unit 2419                                                                                                                                                                                                        
Conferees:

/HADI S ARMOUCHE/Supervisory Patent Examiner, Art Unit 2419                                                                                                                                                                                                        

Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.