DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This action is in response to the communication filed on August 11, 2021.  Claims 1-20 were originally received for consideration.  No preliminary amendment for the claims have been received.
2.	Claims 1-20 are currently pending consideration.

Information Disclosure Statement

3.	An attached and initialed copy of Applicant’s IDS (form 1449), received on 08/11/2021, is attached to this Office Action.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-28 of U.S. Patent No. 11,108,822.  Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the ‘822 patent anticipate or render obvious all of the limitations of the present application as shown below. 




Application 17/399,739
U.S. Patent 11,108,822

1. A method comprising: 


identifying, by one or more processors, one or more parameters of a simulation system for selecting an email thread from a plurality of email threads of an entity to target a simulated phishing email; 

selecting, by the one or more processors, the email thread from the plurality of email threads from the email system based at least on the one or more parameters; and 



converting, by the one or more processors, an email of the email thread into a reply simulated phishing email from a user that is one of a recipient or a sender of one or more emails of the email thread.


2. The method of claim 1, further comprising providing, by the one or more processors, the converted reply simulated phishing email to an email account of a target user.



3. The method of claim 1, further comprising communicating, by the one or more processors, the reply simulated phishing email to one of another recipient or sender of one or more emails of the email thread.




4. The method of claim 1, further comprising accessing, by the one or processors, the email system to identify the plurality of email threads.



5. The method of claim 1, further comprising receiving, by the one or more processors, identification of the plurality of email threads from the email system.




6. The method of claim 1, wherein converting the email of the email thread into the reply simulated phishing email comprises generating from the user’s email account the reply simulated phishing email.



8. The method of claim 1, wherein the one or more parameters comprises one or more attributes of one of an entity of the user or one or more users participating in the email thread.

9. The method of claim 1, wherein the one or more parameters comprises a subject matter of one or more emails of the email thread or an attachment to the one or more emails.

10. The method of claim 1, wherein the one or more parameters comprises one or more characteristics of one or more emails.

11. A system comprising: one or more processors, coupled to memory and configured to: identify one or more parameters of a simulation system for selecting an email thread from a plurality of email threads of an entity to target a simulated phishing email; select the email thread from the plurality of email threads from the email system based at least on the one or more parameters; and convert an email of the email thread into a reply simulated phishing email from a user that is 

12. The system of claim 11, wherein the one or more processors are further configured to provide the converted reply simulated phishing email in an email account of a target user.

13. The system of claim 11, wherein the one or more processors are further configured to communicate the reply simulated phishing email to one of another recipient or sender of one or more emails of the email thread.

14. The system of claim 11, wherein the one or more processors are further configured to access the email system to identify the plurality of email threads.

15. The system of claim 11, wherein the one or more processors are further configured to receive identification of the plurality of email threads from the email system.

16. The system of claim 11, wherein the one or more processors are further configured to convert the email of the email thread into the reply simulated phishing email by generating from the user’s email account the reply simulated phishing email.




18. The system of claim 11, wherein the one or more parameters comprises one or more attributes of one of an entity of the user or one or more users participating in the email thread.

19. The system of claim 11, wherein the one or more parameters comprises a subject matter of one or more emails of the email thread or an attachment to the one or more emails.

20. The system of claim 11, wherein the one or more parameters comprises one or more characteristics of one or more emails



1.  . A method for simulating a phishing attack involving an email thread, the method comprising: 


(a) selecting, by a simulation system using one or more thread selection parameters configured in the simulation system, an email thread from a plurality of email threads of an email system of an entity for use in a simulated phishing attack; 






(b) generating, by the simulation system, a converted reply simulated phishing email to an email of the thread, the converted reply simulated phishing email generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread; and 

(c) communicating, by the simulation system, to a target user's email account, the converted reply simulated phishing email.




4. The method of claim 1, wherein (b) further comprises generating the converted reply simulated phishing email to prompt the target user to one of interact with one of a link or an attachment in the converted reply simulated phishing email, reply to the converted reply simulated phishing email, or forward the converted reply simulated phishing email.

2. The method of claim 1, wherein (a) further comprises accessing, by the simulation system to identify the email thread, a user's email account, wherein the user is one of a recipient or a sender of one or more emails of the email thread.

3. The method of claim 1, wherein (a) further comprises one of forwarding, transferring, or copying to the simulation system, the email thread identified by an administrator of a mail server of the entity.



5. The method of claim 1, wherein (b) further comprises accessing, by the simulation system, the user's email account to generate the converted reply simulated phishing email from the user's email account.
6. The method of claim 1, wherein (b) further comprises generating the converted reply email 
7. The method of claim 1, wherein (b) further comprises generating the converted reply email to display a correct name of recipients or senders of the email thread and an incorrect email address for the recipients and senders of the email thread.
8. The method of claim 1, further comprising identifying, by the simulation system, whether the target user one of interacts with the converted reply email, replies to the converted reply email or forwards the converted reply email.
9. The method of claim 1, further comprising intercepting, by one or more rules of a server of the entity, any replies to or forwards of the converted reply email.
10. The method of claim 1, wherein (b) further comprise generating, by the simulation system, the converted reply email to appear as though it is communicated from the user's email account.
11. The method of claim 1, wherein (b) further comprises generating the converted reply email as one of a converted reply to a last email of the email thread, a converted reply to a first email of the email thread, or a converted reply to an email intermediary to a first email and a last email of the email thread.
12. The method of claim 1, wherein (a) further comprises selecting the email thread from the 
13. The method of claim 1, wherein the target user is one of a recipient or a sender of one or more emails of the email thread.
14. The method of claim 1, wherein the target user is a user that is not a recipient or a sender of one or more emails of the email thread.
15. A system for simulating a phishing attack involving an email thread, the system comprising: a simulation system configured on one or more processors, coupled to memory and configured to: select, using one or more thread selection parameters configured in the simulation system, an email thread from a plurality of email threads of an email system of an entity for use in a simulated phishing attack; generate a converted reply simulated phishing email to an email of the email thread, the converted reply simulated phishing email generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread; and communicate to a target user's email account, the converted reply simulated phishing email.
16. The system of claim 11, wherein the simulation system is further configured to identify the email thread, a user's email account, 
17. The system of claim 11, wherein the simulation system is further configured to one of forward, transfer, or copy to the simulation system, the email thread identified by an administrator of a mail server of the entity.
18. The system of claim 11, wherein the simulation system is further configured to generate the converted reply simulated phishing email to prompt the target user to one of interact with one of a link or an attachment in the converted reply simulated phishing email, reply to the converted reply simulated phishing email, or forward the converted reply simulated phishing email.
19. The system of claim 11, wherein the simulation system is further configured to access the user's email account to generate the converted reply simulated phishing email from the user's email account.
20. The system of claim 11, wherein the simulation system is further configured to generate the converted reply email to remove all recipients or senders of the email thread from the converted reply email except the target user.
21. The system of claim 11, wherein the simulation system is further configured to generate the converted reply email to display a correct name of recipients or senders of the email thread and an incorrect email address for the recipients and senders of the email thread.

23. The system of claim 11, wherein one or more rules of a server of the entity are configured to intercept any replies to or forwards of the converted reply email.
24. The system of claim 11, wherein the simulation system is further configured to generate the converted reply email to appear as though it is communicated from the user's email account.
25. The system of claim 11, wherein the simulation system is further configured to generate the converted reply email as one of a converted reply to a last email of the email thread, a converted reply to a first email of the email thread, or a converted reply to an email intermediary to a first email and a last email of the email thread.
26. The system of claim 11, wherein the simulation system is further configured to select the email thread from the plurality of email threads based on the one or more thread selection parameters comprising one or more attributes of any of the following: the entity, one or more users that are one of a recipient or a sender of one or more emails of the email thread, subject matter of the email thread.

28. The system of claim 11, wherein the target user is a user that is not a recipient or a sender of one or more emails of the email thread.





Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) a system for generating an online registry which is a method of organizing human activity which is an abstract idea.  The claimed invention (claim 1) identifies parameters to be used in selecting an email thread, selects an email thread, and generates a phishing email in the selected email thread.  These limitations are a method of organizing human activity and thus an abstract idea as these steps can be performed by a computer user who wishes to generate a phishing email.  This judicial exception is not integrated into a practical application because the claims do not have any additional elements which integrate the exception into a practical application.  The claims discloses one or more processors and a simulation system.  However, the courts have identified that elements which merely use a computer as a tool to perform the abstract idea do not integrate the exception into a practical application (see Alice, 73 U.S. at 222-226).  These elements are merely collecting and aggregating data which can be performed by a human operator.  Furthermore, the claim 
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the invocation of one or more processors and a simulation system do not add additional elements which would comprise an inventive concept.  Therefore, the claims are directed towards an abstract idea.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Belani et al. (WO 2016/164844) in view of Higbee et al. (U.S. Patent 8,615,807).

Regarding claim 1, Belani discloses: 
A method comprising: 
:  generating a phishing email in a simulation module using personalized information and targets certain recipients); and 
converting, by the one or more processors, an email of the email thread into a reply simulated phishing email from a user that is one of a recipient or a sender of one or more emails of the email thread (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

	Belani does not explicitly disclose selecting, by the one or more processors, the email thread from the plurality of email threads from the email system based at least on the one or more parameters.  In an analogous art, Higbee discloses sending a first message to a computing device disguised as coming from a trusted contact (column 2, lines 55-67).  Then a second message is sent also disguised from a trusted contact which references the first message (column 3, lines 1-25, lines 57-67, column 4, lines 1-23) which resembles an email thread (column 3, lines 57-65).  The selection of the email thread occurs when the simulation system decides which follow up email to send to an individual.  It would have been obvious to use the email thread of Higbee in the system of Belani to instruct users on phishing attacks because users typically associate email threads with legitimate electronic communication (Higbee:  column 3, lines 60-67).  

Claim 2 is rejected as applied above in rejecting claim 1.  Furthermore, Belani discloses: 
The method of claim 1, further comprising providing, by the one or more processors, the converted reply simulated phishing email to an email account of a target user (paragraphs 0034-0036, :  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 3 is rejected as applied above in rejecting claim 1.  Furthermore, Belani discloses: 
The method of claim 1, further comprising communicating, by the one or more processors, the reply simulated phishing email to one of another recipient or sender of one or more emails of the email thread (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 4 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, further comprising accessing, by the one or processors, the email system to identify the plurality of email threads (column 3, lines 1-17, 57-67:  wherein a thread (follow up message) is transmitted). 

Claim 5 is rejected as applied above in rejecting claim 1.  Furthermore, Higbee discloses: 
The method of claim 1, further comprising receiving, by the one or more processors, identification of the plurality of email threads from the email system  (column 3, lines 1-17, 57-67:  wherein a thread (follow up message) is transmitted).

Claim 6 is rejected as applied above in rejecting claim 1.  Furthermore, Belani discloses: 
The method of claim 1, wherein converting the email of the email thread into the reply simulated phishing email comprises generating from the user’s email account the reply simulated phishing email (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 7 is rejected as applied above in rejecting claim 1.  Furthermore, Belani discloses: 
The method of claim 1, further comprising converting the email of the email thread into the reply simulated phishing email to display a correct name of the user but use a different email address for routing any replies communicated responsive to replying to the reply simulated phishing email (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 8 is rejected as applied above in rejecting claim 1.  Furthermore, Belani discloses: 
The method of claim 1, wherein the one or more parameters comprises one or more attributes of one of an entity of the user or one or more users participating in the email thread (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 9 is rejected as applied above in rejecting claim 1.  Furthermore, Belani discloses: 
The method of claim 1, wherein the one or more parameters comprises a subject matter of one or more emails of the email thread or an attachment to the one or more emails (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 10 is rejected as applied above in rejecting claim 1.  Furthermore, Belani discloses: 
The method of claim 1, wherein the one or more parameters comprises one or more characteristics of one or more emails (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Regarding claim 11, Belani discloses: 
A system comprising: 
one or more processors, coupled to memory and configured to: 
identify one or more parameters of a simulation system for selecting an email thread from a plurality of email threads of an entity to target a simulated phishing email (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients); and
convert an email of the email thread into a reply simulated phishing email from a user that is one of a recipient or a sender of one or more emails of the email thread (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

	Belani does not explicitly disclose selecting, by the one or more processors, the email thread from the plurality of email threads from the email system based at least on the one or more parameters.  In an analogous art, Higbee discloses sending a first message to a computing device disguised as coming from a trusted contact (column 2, lines 55-67).  Then a second message is sent also disguised from a trusted contact which references the first message (column 3, lines 1-25, lines 57-67, column 4, lines 1-23) which resembles an email thread (column 3, lines 57-65).  The selection of the email thread occurs when the simulation system decides which follow up email to send to an individual.  It would have been obvious to use the email thread of Higbee in the system of Belani to instruct users on phishing attacks because users typically associate email threads with legitimate electronic communication (Higbee:  column 3, lines 60-67).  


Claim 12 is rejected as applied above in rejecting claim 11.  Furthermore, Belani discloses: 
The system of claim 11, wherein the one or more processors are further configured to provide the converted reply simulated phishing email in an email account of a target user (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 13 is rejected as applied above in rejecting claim 11.  Furthermore, Higbee discloses: 
The system of claim 11, wherein the one or more processors are further configured to communicate the reply simulated phishing email to one of another recipient or sender of one or more emails of the email thread (column 3, lines 1-17, 57-67:  wherein a thread (follow up message) is transmitted).

Claim 14 is rejected as applied above in rejecting claim 11.  Furthermore, Belani discloses: 
The system of claim 11, wherein the one or more processors are further configured to access the email system to identify the plurality of email threads (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 15 is rejected as applied above in rejecting claim 11.  Furthermore, Higbee discloses: 
The system of claim 11, wherein the one or more processors are further configured to receive identification of the plurality of email threads from the email system (column 3, lines 1-17, 57-67:  wherein a thread (follow up message) is transmitted).


The system of claim 11, wherein the one or more processors are further configured to convert the email of the email thread into the reply simulated phishing email by generating from the user’s email account the reply simulated phishing email (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 17 is rejected as applied above in rejecting claim 11.  Furthermore, Belani discloses: 
The system of claim 11, wherein the one or more processors are further configured to convert the email of the email thread into the reply simulated phishing email to display a correct name of the user but use a different email address for routing any replies communicated responsive to replying to the reply simulated phishing email (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 18 is rejected as applied above in rejecting claim 11.  Furthermore, Belani discloses: 
The system of claim 11, wherein the one or more parameters comprises one or more attributes of one of an entity of the user or one or more users participating in the email thread (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 19 is rejected as applied above in rejecting claim 11.  Furthermore, Belani discloses: 
The system of claim 11, wherein the one or more parameters comprises a subject matter of one or more emails of the email thread or an attachment to the one or more emails (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).

Claim 20 is rejected as applied above in rejecting claim 11.  Furthermore, Belani discloses: 
The system of claim 11, wherein the one or more parameters comprises one or more characteristics of one or more emails (paragraphs 0034-0036, 0038-0043:  generating a phishing email in a simulation module using personalized information and targets certain recipients).



Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786. The examiner can normally be reached M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Robert Hodge can be reached on 571-272-2097.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional 





/KAVEH ABRISHAMKAR/
11/26/2021Primary Examiner, Art Unit 3649