Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/25/2022 has been entered.

Response to Arguments
In communications filed on 1/25/2022, claims 1-20 are presented for examination. Claims 1 and 11 are independent.
Amended claims: 1, 11.
Applicants’ arguments, see Applicant Arguments/Remarks filed 1/25/22, with respect to claim(s) rejected under 35 USC 101 have been fully considered and are unpersuasive.  The abstract functions of the claims in the case are claim(s) is/are together do not offer “significantly more” than the abstract idea itself because the claims do not recite an improvement to another technology or technical field, an improvement to the functioning of any computer itself, or provide meaningful limitations beyond generally linking an abstract idea to a particular technological environment (a general purpose device).
Applicants’ arguments, see Applicant Arguments/Remarks filed 1/25/22, with respect to claim(s) rejected under prior art have been fully considered and are unpersuasive. Contrary to Applicant’s assertion, Chrapo in combination with Higbee teaches all the elements of the claimed invention. Specifically, Charpo discloses: receiving, by a server, configured to communicate with a job application system executed on one or more servers, information about a candidate from the job application system responsive to a job application process of the job application system; (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶94-¶97, i.e., candidate applying for a job through an application system); (b) communicating, by the server responsive to receiving the information (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, i.e., calculating risk score using multiple factors including email, social media activity of an entity such as a job applicant in response to receiving the application). 
With regards to Applicant’s Remarks regarding motivation to combine, it is noted Higbee was cited for motivation to provide trustworthiness of a person (Higbee: ¶5-¶7). 
  
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


The claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  Claim(s) 1 and 11 is/are directed to a method and system (apparatus). The claim(s) do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claimed invention is directed to a judicial exception (i.e. an abstract idea) without significantly more. Based upon consideration of all of the relevant factors with respect to the claims as a whole, claims are held to claim an unpatentable abstract idea, and are therefore rejected as ineligible subject matter under 35 U.S.C. § 101. When considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition 
Federal Register on 01/07/2019 and Alice Corporation Pty. Ltd. i/. CLS Bank International, et al., 573 U.S._ (2014).Step 1: Identifying Statutory Categories              In the present case, claim(s) is/are directed to method/system for to provide a risk score for a candidate in association with an application for a job, the method comprising: (a) receiving, by a server, configured to communicate with a job application system executed on one or more servers, information about a candidate from the job application system responsive to a job application process of the job application system; (b) communicating, by the server responsive to receiving the information, one or more simulated phishing communications to one or more devices of the candidate, the one or more phishing campaigns generated based at least on the information about the candidate; (c) determining, by the server, a risk score for the candidate based at least on results of the one or more simulated phishing communications received from the one or more devices of the candidate; and (d) providing, by the server via an interface to the job application system, the risk score to the job application system for use by the job application system to provide information on whether or not the candidate is to be hired – falls into one of the four statutory categories (i.e., method and system). Nevertheless, the claims fall within the judicial exception of an abstract idea.
Step 2A (prong 1): Identifying a Judicial Exception
The Supreme Court and Federal Circuit have identified abstract ideas in patent claims by making comparisons to concepts found in past decisions to be judicial exceptions to eligibility. July 2015 Update on Subject Matter Eligibility, 80 Fed. Reg. 45429 (July 30, 2015) (“IEG Update”). The July Update summarizes concepts the courts have considered to be abstract ideas by associating eligibility decisions with judicial descriptors (e.g., “an idea of itself,” “certain methods of organizing human activities”, “mathematical relationships and formulas”) based on common characteristics. These associations define the judicial descriptors in a manner that stays within the confines of the judicial precedent, with the understanding that these associations are not mutually exclusive, i.e., some concepts may be associated with more than one judicial descriptor.

As such, the abstract idea is (1) certain methods of organizing human activity (i.e., personnel hiring decision as recited in the abstract and limitation (d) of the present claims), such as fundamental economic practices (Alice, 573 U.S. at 219-20; Bilski, 561 U.S. at 611); and (2) collecting and analyzing information to detect misuse and notifying a user when misuse is detected (see e.g., FairWarning) (i.e., collecting information to generate risk scores and analyzing the score as recited in limitations (a)-(d) to identify an action i.e., hiring decision) - as defined by the claimed steps listed above. As such, the claims fall under at least the category of “an idea of itself” and “certain methods of organizing human activity”. The phrase “an idea of itself” is used to describe an idea standing alone such as an instantiated concept, plan or scheme, as well as a mental process (thinking) that “can be performed in the human mind, or by a human using a pen and paper."  The phrase “certain method of organizing human activities” is used to describe managing relationships or transactions between people; business practices; concepts relating to managing human behavior; concepts relating to tracking or organizing information. Looking 
a. Collecting and analyzing information to detect misuse and notifying a user when misuse is detected (FairWarning)
b. Sending information, directing sent information, and monitoring and accumulating records about receipt of sent information (Two-Way Media ‘187 and ‘005 patents)
c. Organizing and manipulating information through mathematical correlations (Digitech)
d. Collecting, displaying, and manipulating data (Int. Ventures v. Cap One Financial)
e. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network)
f. Mitigating settlement risk (Alice)

Step 2A (prong 2) Identifying an integrated practical application
Under step 2A (prong 1) of the 101 analysis, claims recite abstract idea of collecting and analyzing information to make a business decision of hiring a candidate. Claims do not integrate a practical application of the abstract idea in the claims (step 2A, prong 2)
Finding the claims to be directed toward an abstract idea, however, is not the end of the inquiry. See Mayo Collaborative Servs. v. Prometheus Labs. Inc., 132 S. Ct. 1289, 1297 (2012). 
 Step 2B: Considering Additional Elements
The considerations are whether the claim includes:
•    Improvements to another technology or technical field;
•    Improvements to the functioning of the computer itself;
•    Applying the judicial exception with, or by use of, a particular machine;
•    Effecting a transformation or reduction of a particular article to a different state or thing;
•    Adding a specific limitation other than what is well-understood, routine and conventional in the field, or adding unconventional steps that confine the claim to a particular useful application;
•    Other meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment. 
Applying the test to the claims in the application, the structural elements of the claims, which include a generic device, modules when taken in combination with the functional together do not offer “significantly more” than the abstract idea itself because the claims do not recite an improvement to another technology or technical field, an improvement to the functioning of any computer itself, or provide meaningful limitations beyond generally linking an abstract idea to a particular technological environment (a general purpose device). When considered as an ordered combination, the Examiner does not find any combination of the additional elements that amounts to more than the sum of the parts. The Examiner finds that the Individual elements of the claims are performing their intended roles and functions. In most cases, the additional elements are applied merely to carry out data processing, as discussed above, which fall under well-understood, routine, and conventional functions of generic computers – in our common day-to-day interactions. Note: Applicant’s disclosure states a generic, commercially available third party computer processor, machine, network equipment, and software is used to execute the claimed method (¶39-¶71); note also cited art of record also discloses processors; devices, programs (see, e.g., Chrapo (US 20170293873 A1): Fig. 1, ¶68-¶79). Therefore, the claimed interactions of the various generically recited methods / devices lacks an unconventional step that confines the claim to a particular useful application Dependent claims are rejected based on the aforementioned rationale discussed in the rejection of the independent claims because the claims merely recite variations of the type of information collected in generating the risk score.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim 1-5, 8, 9, 11-15, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20170293873 A1 (hereinafter ‘Chrapo’) in view of US 20140230061 A1 (hereinafter ‘Higbee’)

As regards claim 1, Chrapo (US 20170293873 A1) discloses: A method of using one or more simulated phishing communications to provide a risk score for a candidate in association with an application for a job, the method comprising: (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶94-¶97, ¶134-¶137, i.e., hiring decision determination based on calculating risk scores regarding a potential candidate) 
(a) receiving, by a server, configured to communicate with a job application system executed on one or more servers, information about a candidate from the job application system responsive to a job application process of the job application system; (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶94-¶97, i.e., candidate applying for a job through an application system)
(b) communicating, by the server responsive to receiving the information (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, i.e., calculating risk score using multiple factors including email, social media activity of an entity such as a job applicant in response to receiving the application), 
However, Chrapo does not but in analogous art, Higbee (US 20140230061 A1) teaches: one or more simulated phishing communications to one or more devices of the candidate, the one 
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chrapo to include responses to a simulated phishing campaign to a user as taught by Higbee with the motivation to calculate trustworthiness of an individual (Higbee: ¶5-¶7)
Charpo et al combination further discloses: (c) determining, by the server, a risk score for the candidate based at least on results of the one or more simulated phishing communications received from the one or more devices of the candidate; and (Higbee: ¶5-¶7 and ¶20-¶25, i.e., generating trustworthiness level of an individual based on the response to the results of one or more simulated phishing campaigns received from the individual’s device)
(d) providing, by the server, via an interface to the job application system, the risk score to the job application system for use by the job application system to provide information on whether or not the candidate is to be hired. (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, ¶134-¶137, i.e., hiring decision determination based on calculating risk scores regarding a potential candidate. See also, Higbee: ¶5-¶7 and ¶20-¶25)

Claim 11 recites substantially the same features recited in claim 1 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 2, Chrapo et al combination discloses the method of claim 1, wherein (a) further comprises receiving the information about the candidate during one of a profile creation process or a job application process of the job application system. (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, ¶134-¶137, i.e., the job application process)

Claim 12 recites substantially the same features recited in claim 2 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 3, Chrapo et al combination discloses the method of claim 1, wherein (b) further comprises generating, by the server, the one or more simulated phishing communications by personalizing content of the one or more simulated phishing communications based at least on the information about the candidate that identifies one or more social media platforms of the candidate. (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42. See also, Higbee: ¶5-¶7, ¶36-¶38, i.e., calculating the trustworthiness 

Claim 13 recites substantially the same features recited in claim 3 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 4, Chrapo et al combination discloses the method of claim 1, further comprising receiving, by the server, information on authentication information used by the candidate during creation of a profile via the job application system. (Chrapo: Fig. 4, ¶70-¶71, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information)

Claim 14 recites substantially the same features recited in claim 4 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 5, Chrapo et al combination discloses the method of claim 4, further comprising determining, by the server, the risk score based on the authentication information. (Chrapo: Fig. 4, ¶70-¶71, ¶101-¶102, i.e., risk scores are 

Claim 15 recites substantially the same features recited in claim 5 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 8, Chrapo et al combination discloses the method of claim 1, further comprising receiving, by the server, one or more responses of the candidate to one or more security related questions presented by the job application system to the candidate. (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, ¶160-¶161, i.e., calculating risk score using multiple factors including email, social media activity of an entity such as a job applicant in response to receiving the application wherein the applicant provides answers to questionaires related to trustworthiness)

Claim 18 recites substantially the same features recited in claim 8 above and is rejected based on the aforementioned rationale discussed in the rejection.

claim 9, Chrapo et al combination discloses the method of claim 8, further comprising determining, by the server, the risk score of the candidate based on the one or more responses. . (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, ¶160-¶161)

Claim 19 recites substantially the same features recited in claim 9 above and is rejected based on the aforementioned rationale discussed in the rejection.

Claim 6, 7, 10, 16, 17, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chrapo over Higbee in view of US 20110047608 A1 (hereinafter ‘Leven’)

As regards claim 6, Chrapo et al combination discloses the method of claim 4. However, Chrapo et al do not but in analogous art, Leven (US 20110047608 A1) teaches: wherein the authentication information includes at least one of strength of password or selection of one-factor or two-factor authentication. (Leven: ¶57-¶58, i.e., authentication based on the strength of the authentication password and/or multifactor authentications)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art 

Claim 16 recites substantially the same features recited in claim 6 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 7, Chrapo et al combination discloses the method of claim 4, further comprising identifying, by the server for use in determining the risk score (Chrapo: Fig. 4, ¶70-¶71, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information).  
However, Chrapo et al do not but in analogous art, Leven (US 20110047608 A1) teaches: whether or not any of the authentication information has been associated with a data breach. (Leven: ¶57-¶59, i.e., authentication based on the strength of the authentication password and/or multifactor authentications wherein the authentication information can be associated with breach)


Claim 17 recites substantially the same features recited in claim 7 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 10, Chrapo et al combination discloses the method of claim 1, further comprising determining, by the server, the risk score as a weighted function of two or more of the following information received via the job application system: security question selection (Chrapo: Fig. 4, ¶6-¶7, i.e., weighing of multiple factors of risk factors, ¶70-¶71, ¶101-¶102, ¶160-¶161, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information) 
However, Chrapo et al do not but in analogous art, Leven (US 20110047608 A1) teaches: password strength, password reuse, phish prone percentage, email exposure and whether or not two-
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chrapo to include authentication information to include strength of the authentication password and/or multifactor authentication as taught by Leven with the motivation to make the authentication stronger (Leven: ¶14)

Claim 20 recites substantially the same features recited in claim 10 above and is rejected based on the aforementioned rationale discussed in the rejection.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SYED A ZAIDI/Primary Examiner, Art Unit 2432