DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending.
Examiner Comments

Claims 6-7 and 19 are directed towards a computer-readable storage medium and has been analyzed for 35 USC 112(2). The claim comprises a first spear phishing management module and a second spear phishing management module, respectively. No 35 USC 112(2) deemed necessary since specification states: memory(s) 112 may store and/or otherwise provide a spear phishing management module 112a, a spear phishing management database 112b, and a machine learning engine 112c. In some instances, spear phishing management module 112a may store instructions that cause spear phishing management platform 110 to identify message features associated with a particular user (para 0028).
	
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/03/2021 was filed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claims 4, 6, 17, and 19 are objected to because of the following informalities:  
Claim 4, line 7: “...phishing message should
Claim 6, line 7: “...phishing message should...;” replace intention language to positively recite.
Claim 17, line 6: “...phishing message should...;” replace intention language to positively recite.
Claim 19, line 6: “...phishing message should...;” replace intention language to positively recite.
Appropriate correction is required.
CLAIM INTERPRETATION
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a first spear phishing training module...a second spear phishing training module... a first spear phishing training module” in claims 6-7 and 19.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-3, 5-6, 9-11, 13-16, and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Irimie et al., hereinafter (“Irimie”), US PG Publication (2019/0173919 A1), was submitted in 02/03/2021 IDS.
Regarding claims 1, 14, and 20, Irimie teaches a computing platform  [Irimie, ¶0112: FIG. 2B depicts some of the architecture of an implementation of an artificial intelligence driven agent (AIDA) system 215 capable of creating, controlling and executing simulated phishing campaigns using artificial intelligence] , comprising: at least one processor [Irimie, ¶0049: CPU 121]; a communication interface [Irimie, ¶0049: network interface 118] communicatively Irimie, ¶0253] storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory [Irimie, ¶0253], cause the computing platform to:
identify a plurality of users to receive one or more simulated spear phishing messages; [Irimie 20190173919 A1, ¶0005: “...configure to send multiple simulated phishing emails, text, or SMS messages, voice calls, or Internet based communication, varying the...” ¶0243: a campaign controller, information associated with one or more actions of a plurality of users to access, via one or more applications]
identify, based on historical message data associated with a first user of the plurality of users identified to receive the one or more simulated spear phishing messages, message features of messages associated with the first user; [Irimie, ¶0079: “...from the past efficiency of templates that have been used to phish the user;” ¶0080: “... to create simulated phishing messages for users...”; “AIDA system may use information from logs from previous simulated phishing campaigns, include: all actions performed on/by user, information form event logs, earning management system (LMS) analysis. See ¶0243: plurality of users]
¶0080: “... to create simulated phishing messages for users; ¶0130: the security awareness system 280 includes a storage for landing pages 283... each landing page in the landing pages storage 283 includes one or more of a landing page ID, the HTML content of the landing page, the title of the landing page, one or more identifiers of the landing page, the account (company) ID that the landing page is to be used for, the landing page category ID. The categories identified by the category ID for the landing pages can be any predetermined category provided by the system or user generated or specified categories; based on a type of campaigns, templates, models, personas, companies, groups of users or attributes of any of the foregoing.] and 
send, to the first user account, the first spear phishing message. [Irimie, ¶0005 and 0077: "... send multiple simulated phishing emails...in a simulated phishing campaign after the first simulated phishing message may be used to direct the user to open the first simulated phishing message"]
Regarding claims 2 and 15, Irimie teaches claim 1 as described above.
Irimie teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor [Irimie, See ¶0253], cause the computing platform to: prior to identifying the plurality of users to receive the one or more simulated spear phishing messages, receive a very attacked persons (VAP) list, wherein identifying the plurality of users to receive the one or more simulated Irimie, ¶0109: the user console 214B wakes up and retrieves the data and queries the lists of trusted and untrusted domains stored locally and on the server 106. ¶0243: plurality of users to access]

Regarding claims 3 and 16, Irimie teaches claim 2 as described above.
Irimie teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: update, at a predetermined interval, the VAP list. [See Irimie, ¶0109:... trusted and untrusted domains stored locally and on the server 106. ¶0145: campaign controller 250 campaign updated per time zone

Regarding claims 5 and 18, Irimie teaches claim 1 as described above.
Irimie teaches wherein identifying the plurality of users to receive the one or more simulated spear phishing messages comprises identifying the plurality of users to receive the one or more simulated spear phishing messages based on each user of the plurality of users having security posture characteristics that meet predetermined security posture criteria. [Irimie, ¶0138:  serving module determines or selects a persona model that meets one or more criteria or threshold for a rate of success for a user or group of users. See ¶0243: plurality of users]



Irimie teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
receive first user interaction information indicating an initial interaction with the first spear phishing message; [Irimie, ¶0111: The client 102 is able to receive the simulated phishing messages via the messaging application 237, display the received messages for the user using the display 236, and is able to accept user interaction via the user interface 235] and 
in response to receiving the first user interaction information, send, to the first user account, a message indicating a first spear phishing training module that the first user should complete. [Irimie, ¶¶0079 and 0080: AIDA system uses LMS analysis to reports that track the number of users the simulated messages were sent to; the system may provide training on why a user should not have performed a requested action at the time the user performs the requested action, what training a user has had, and where the user struggled with the training that the user completed.]

Regarding claim 9, Irimie teaches claim 1 as described above.
Irimie teaches wherein generating the first spear phishing message comprises: 
automatically selecting the predetermined template; [Irimie, ¶0087: the simulated phishing campaign manager 251 generates a campaign for a simulated phishing attack, including one or more selected phishing message templates, one or more selected landing page templates, and one or more selected targeted user groups, in addition to other user input.]
directing an administrator computing system to cause display of the predetermined template; [Irimie, ¶0095: “simulated phishing campaign manager 251 and/or server 106 may make choices concerning how a simulated phishing attack is to be carried out...An administrator, via the server 106, may input parameters for the attack that affect how it will be carried out. For example, via the server 106 an administrator may make choices as to which users to include as potential targets in the attack, ... whether to use an attack template”]
receiving user input indicating text to be included in the first spear phishing message; [Irimie, ¶¶0245-0246: campaign controller receives input from user, where the information is: type of action, type of exploit, identifier of an application...a user chose to review the action or take action. 0247: campaign controller stores the information in association with results of execution of a plurality of simulated phishing campaigns, stores the information ] and 
creating the first spear phishing message based on the user input and the predetermined template. [Irimie, ¶0248: “...the campaign controller based on at least the information, one of a model or a template to use for a simulated phishing campaign (step 440)...”]





Irimie teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
receive a reply message to the first spear phishing message from the first user account; [Irimie, ¶0234: reply emails sent from the client 102 to the server 106 can be processed by the simulated phishing campaign manager.]
analyze, using one or more natural language processing (NLP) algorithms, the reply message; [Irimie, ¶0071: deep learning comprises artificial neural network of which include natural language processing; words can be represented as vectors] 
generate, based on the NLP analysis of the reply message, a second spear phishing message; [Irimie, ¶0071: In artificial intelligence (AI) models for natural language processing, words represented as vectors. ¶¶0076-0077: methods to create and execute simulate phishing campaigns using AI can be configured to send multiple or different simulated phishing emails, text messages or requested action...Examiner interprets these message also include forwarded and reply; hence facilitating communication between client and server. See ¶¶0096 and 0098] and 
send, to the first user account, the second spear phishing message. [See Irimie, ¶0234]

Regarding claim 11, Irimie teaches claim 1 as described above.
¶0080: an AIDA system may be able to perform a risk profile of a user with respect to wire transfer fraud, or IP theft. In some embodiments, an AIDA system can track events in a company and/or for a user in a company to identify one or more risk points. In some embodiments, an AIDA system can track information that a given user is exposed to in order to identify a risk point. For example, employees in a company that regularly deal with wire transfers may be likely to be at a higher risk for wire transfer fraud, and people that are exposed to sensitive information may be at a higher risk for leaking intellectual property. Examiner interprets as analogous security posture type of information highlighted in para 0044 in the specification]

Regarding claim 13, Irimie teaches claim 1 as described above.
Irimie teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to select, based on the message features of the messages associated with the Docket No. 009075.00114\US first user, the predetermined template prior to generating the first spear phishing message based on the message features. [See Irimie, ¶0037: non-transitory machine readable storage media encoded with computer program code; ¶0080: “... to create simulated phishing messages for users} 
¶0080: AIDA system may use information from logs from previous simulated phishing campaigns, including all actions performed on a user and all user actions performed and extract information from the past efficiency of templates that have been used to phish users.]

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

Claims 4, 7-8, 12, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Irimie et al., hereinafter (“Irimie”), US PG Publication (2019/0173919 A1) was submitted in 02/03/2021 IDS, in view of Cidon et al., hereinafter (“Cidon”), US PG Publication (2019/0028499 A1), was submitted in 02/03/2021 IDS.

Regarding claims 4 and 17, Irimie teaches claim 1 as described above.
However, Irimie fails to explicitly teach but Cidon teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
determine a spear phishing score for the first user account linked to the first user; [Cidon, Abstract and ¶0027: the message collection and analysis component 106 is configured to calculate a security score for each individual in the entity 114 based on the analysis of his/her historical electronic messages] and 
determine, based on a determination that the spear phishing score for the first user account linked to the first user exceeds a predetermined threshold, that the first spear phishing message should be generated. [Cidon et al 20190028499 A1, ¶0027: ...wherein an individual is identified as high-risk if his/her security score is above a predetermined threshold, indicating he/she is at high risk and is most likely to be targeted in an impersonation attack (e.g., spear phishing).]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of 
Regarding claim 7, the combination of Irimie and Cidon teach claim 6 as described above.
Irimie teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
receive second user interaction information indicating a second interaction with the first spear phishing message; [Irimie, See ¶0111: The client 102 is able to receive the simulated phishing messages via the messaging application 237, display the received messages for the user using the display 236, and is able to accept user interaction via the user interface 235. Hence, Examiner interprets there are many simulate phishing message(s) communication. ¶0122: dashboard generator 298 displays a circle with a size that is proportionate to the number of interactions with a simulated phishing message in a time period, wherein the greater the number of user interactions with links in simulated phishing messages, the larger the size of the circle that is displayed] and
¶0177: “when a recipient opens an email, clicks on a link in an email or a text message, or otherwise interacts with the action sent to them, website worker 263 serves up the landing page from landing page storage 283 to the recipient...website workers 263 present the recipient with any training that they must complete at the moment of failure.”]

Regarding claim 8, Irimie teaches claim 1 as described above.
However, Irimie fails to explicitly teach but Cidon teaches wherein the message features of the messages associated with the first user include one or more of: 
a quantity of messages received from external accounts, a quantity of messages received from internal accounts, information about the external accounts, information about the internal accounts, an average number of attachments, information about the attachments, the attachments themselves, an average number of links, information about the links, the links themselves, or an average number of replies sent on a message string. [Cidon, ¶0021: ...classification can be based on one or more features including but not limited to: the text and attachments used in the messages. The communication patterns identified for the electronic messages received by each individual user through AI-based classification include statistics (or stats) on one or more of number (how many times), frequency, and/or distribution of the electronic messages received over time]

Regarding claim 12, Irimie teaches claim 1 as described above.
However, Irimie fails to explicitly teach but Cidon teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
identify, by accessing an internal database configured to store personal details about the first user, personal details corresponding to the first user, wherein generating the first spear phishing message comprises generating, based in part on the personal details corresponding to the first user, the first spear phishing message. [Cidon ¶¶0021-0022: As soon as one or more new/incoming messages have been received on the electronic messaging system 112, they are retrieved (or intercepted) by the message collection and analysis component 106 in real time. The fraud detection component 108 of the AI engine 104 is then configured to use the unique communication patterns identified and stored in the analysis database 110 to examine and detect anomalous signals in attributes in the metadata and/or ¶0023: Based on the detected anomalous signals, the fraud detection component 108 is configured to determine with a high degree of accuracy whether the incoming messages received is part of an impersonating (e.g., spear phishing) attack or other kinds of communication fraud and/or former/ongoing network threats, which include but are not limited to a personalized phishing attempt which entices the recipient to click on a link which may ask them to enter their credentials or download a virus, or an attacker hijacking an internal account].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of systems and methods for AIDA based second chance of Irimie before him or her by including the teachings system and method for ai-based anti-fraud user training and protection of Cidon. The motivation/suggestion would have been obvious to try to modify the system that simulates phishing attack to help expose how different individuals that are more susceptible to phishing attacks of Irimie by impersonating through a more personalized phishing attempt as taught by Cidon [Cidon, ¶0023].  

	
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hunt et al (20170286544 A1) discloses using hash signatures of dom objects to identify website similarity.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682. The examiner can normally be reached Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Sakinah White Taylor/           Primary Examiner, Art Unit 2497