Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10, 12-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Segal US 2019/0109872 in view of in view of Dhakshinamoorthy US 2019/0109872
As per claim 1. Segal teaches A method for verifying a target system against one or more security threats, the method comprising: instantiating a user interface for communicating with an attack vector infrastructure configured to generate attack vectors in a controlled environment; receiving, via the user interface, a selection of a threat type; receiving, via the user interface, a selection of one or more selectable parameters for delivery of the threat type to the target system; communicating, by the user interface to the attack vector infrastructure, data indicative of the selected threat type and the selected parameters; in response to receiving the data: accessing a base binary executable and a library comprising functions for generating attack vectors; adding, to the base binary executable, one or more functions from the library based on the selected threat 
(Segal teaches a penetration testing system which iteratively generates attack vectors, and or uses selectable parameters as configured by a user by using an interface.  Segal teaches a library of scenarios that may be created and or predefined and used in the penetration test system and executed by the system.  Segal teaches the attack includes an attack agent execution module which is loaded in the target node and serves as a payload)
Although Examiner believes the attack methods of Segal constitute attack vectors, Examiner has included Dhakshinamoorthy to explicitly teach said features.

Dhakshinamoorthy explicitly teaches vectors and payloads [0030][0031][0033] (applications tested for different attack vectors, injection attacks, files)
It would have been obvious to use the different attack vectors of Dhakshinamoorthy with the system of Segal because it increases the changes of improving network security.

As per claim 2. Segal teaches The method of claim 1, wherein the selected threat type and the selected parameters are defined using JavaScript Object Notation (JSON). [0230][0231] (javascript)As per claim 3. Segal teaches The method of claim 1, wherein the selectable parameters comprise templates defining predetermined attack scenarios. [0181][0182]

As per claim 4, Dhakshinamoorthy teaches  The method of claim 1, further comprising generating fuzzed payloads that are variants of the generated payload. [0098]  (fuzz attack vectors)As per claim 5. Dhakshinamoorthy teaches  The method of claim 4, wherein the fuzzed payloads are generated by randomly varying the selectable parameters.  [0033] (random)As per claim 6. Dhakshinamoorthy teaches  The method of claim 4, wherein the fuzzed payloads are generated by deterministically varying the selectable parameters. [0078][0082] (receiving new inputs for more targeted attacks using a feedback loop) As per claim 7. Dhakshinamoorthy teaches  The method of claim 4, wherein the fuzzed payloads are generated based on machine learning.  [0040] (machine learning)
As per claim 8. Segal teaches A computing device configured to detect unauthorized use of user credentials in a network implementing an authentication protocol, the computing device comprising: a processor; a storage device coupled to the processor; an application stored in the storage device, wherein execution of the application by the processor configures the computing device to 
(Segal teaches a penetration testing system which iteratively generates attack vectors, and or uses selectable parameters as configured by a user by using an interface.  Segal teaches a library of scenarios that may be created and or predefined and used in the penetration test system and executed by the system.  Segal teaches the attack includes an attack agent execution module which is loaded in the target node and serves as a payload)
Although Examiner believes the attack methods of Segal constitute attack vectors, Examiner has included Dhakshinamoorthy to explicitly teach said features.

Dhakshinamoorthy explicitly teaches vectors and payloads [0030][0031][0033] (applications tested for different attack vectors, injection attacks, files)
It would have been obvious to use the different attack vectors of Dhakshinamoorthy with the system of Segal because it increases the changes of improving network security.
As per claim 9.  Segal teaches The computing device of claim 8, wherein the user interface is a graphical user interface comprising an interactive area configured to enable selection of the selectable parameters.  [0130][0135] (GUI selection of parameters)As per claim 10.  Segal teaches The computing device of claim 8, wherein the selectable parameters comprise tags or labels that identify one or more properties for generating samples or attack simulations. [0181]-[0186] (templates, attack labels, goals, targets, strategy)As per claim 12. Segal teaches The computing device of claim 8, wherein the selectable parameters comprise templates defining predetermined attack scenarios. [0181][0182] (predefined scenarios)As per claim 13. Dhakshinamoorthy teaches  The computing device of claim 8, wherein the acts comprise generating fuzzed payloads that are variants of the generated payload. [0098]  (fuzz attack vectors)As per claim 14. Dhakshinamoorthy teaches  The computing device of claim 13, wherein the fuzzed payloads are generated by randomly varying the selectable parameters. [0033] (random)As per claim 15. Dhakshinamoorthy teaches  The computing device of claim 13, wherein the fuzzed payloads are generated by deterministically varying the selectable parameters. [0078][0082] (receiving new inputs for more targeted attacks using a feedback loop) As per claim 16. Dhakshinamoorthy teaches   The computing device of claim 13, wherein the fuzzed payloads are generated based on machine learning. [0040] (machine learning)As per claim 17.  Segal teaches A computer-readable medium having stored thereon a plurality of sequences of instructions which, when executed by a processor, cause the processor to perform a method comprising: receiving, via a user interface, a selection of a threat type for an attack vector for verifying defensive capabilities of a target system; receiving, via the user interface, a selection of one or more selectable parameters for delivery of the threat type to the target system; in response to selection of the threat type and the selected parameters: accessing a base binary executable and a library comprising functions for generating attack vectors; adding, to the base binary executable, one or more functions from the library based on the selected threat type and the selected parameters; and generating a payload that implements the selected threat type and the selected parameters in a delivery format based on the selected parameters. [0026][0027][0041][0095] [0164]-[0166][0180]-[0186]
(Segal teaches a penetration testing system which iteratively generates attack vectors, and or uses selectable parameters as configured by a user by using an interface.  Segal teaches a library of scenarios that may be created and or predefined and used in the penetration test system and executed by the system.  Segal teaches the attack includes an attack agent execution module which is loaded in the target node and serves as a payload)
Although Examiner believes the attack methods of Segal constitute attack vectors, Examiner has included Dhakshinamoorthy to explicitly teach said features.

Dhakshinamoorthy explicitly teaches vectors and payloads [0030][0031][0033] (applications tested for different attack vectors, injection attacks, files)
It would have been obvious to use the different attack vectors of Dhakshinamoorthy with the system of Segal because it increases the changes of improving network security.
As per claim 18. Segal teaches The computer-readable medium of claim 17, wherein the selectable parameters comprise templates defining predetermined attack scenarios. [0181][0182] (predefined scenarios)As per claim 19. Dhakshinamoorthy teaches The computer-readable medium of claim 17, further comprising a plurality of sequences of instructions which, when executed by a processor, cause the processor to perform a method comprising generating fuzzed payloads that are variants of the generated payload. [0098]  (fuzz attack vectors)As per claim 20. Dhakshinamoorthy teaches The computer-readable medium of claim 19, wherein the fuzzed payloads are generated based on machine learning. [0040] (machine learning)

Claim  11  is/are rejected under 35 U.S.C. 103 as being unpatentable over Segal US 2019/0109872 in view of Dhakshinamoorthy US 2019/0109872 in view of Sites US 2019/0356679

As per claim 11. Sites teaches The computing device of claim 8, wherein the delivery format comprises one or more of a macro, zip file, or email. [0063] (email)
It would have been obvious to one of ordinary skill in the art to include the delivery format of email with the prior art because it is a well known delivery system for vulnerability detection of phishing.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439