Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 stand pending and are presented for examination.
Response to Arguments
On page 2 of Remarks, Applicant argues:
“DOUBLE PATENTING Claims 1-20 are rejected on the ground of non-statutory double patenting as anticipated by Claims of the commonly owned US Patent Nos. 9,742,803, 9,906,555, 10,581,911 and 10,715,551. Applicant requests the Examiner to hold this rejection in abeyance until subject matter is identified as allowed in the instant application.”

	Since no particular arguments or amendments  are made as to the expressly recited claim language, the rejections on the grounds of non-statutory double patenting are sustained.

On page 2 of Remarks, Applicant argues:
“The combination of Hawthorn and Aaron fails to identify a category for each event of a plurality of events associated with a plurality of simulated phishing communications. Instead of identifying a category for an event associated with simulated phishing communications, Hawthorn is focused on calculating risk scores for user interactions concerning security or training items (e.g., 112 or 124) as reflected in security or training item interaction data (e.g., 132 or 134). (See, Hawthorn, pars. [0048]-[0054], FIGS. 7, 10, 16-19 and the associated description). Hawthorn’s risk score determinations whether using training and security items (e.g., 112 and 124) or interaction data (e.g., 132 and 134) do not involve any event categorizations, let alone identifying a category for each of plurality of events associated with simulated phishing.”

	Applicant’s arguments have been carefully considered, but are not persuasive as the Examiner does not merely apply the risk score nor the risk score determinations of Hawthorn to the recited elements of the claims.

	However, “the fact that a specific [embodiment] is taught to be preferred is not controlling, since all disclosures of the prior art, including unpreferred embodiments, must be considered.” In re Lamberti, 545 F.2d 747, 750 (CCPA 1976); In re Fulton, 391 F.3d 1195, 1200 (Fed. Cir. 2004) (“[C]ase law does not require that a particular combination must be the preferred, or the most desirable, combination described in the prior art in order to provide motivation for the current invention.”)  Yet Hawthorn explicitly teaches, at least in part, a simulated phishing message wherein the simulation is associated with a number of security items and/or training items.  Hawthorn explicitly teaches events associated with a plurality of simulated phishing communications via statistical information for a given campaign including information such as a number of employees that interacted with security item and training items and those that did not interact (see at least: ¶64; ¶77; ¶110; ¶129).  Accordingly, the statistical information that is utilized by Hawthorn is applied to the claimed “identify a category for each event of a plurality of events associated with a plurality of simulated phishing communications”.

On pages 3 & 4 of Remarks, Applicant argues: 
“Meanwhile, Aaron does not compensate for this deficiency of Hawthorn as Aaron does not even discuss phishing, not to mention simulated phishing, thereby merely grouping users based on activities that are not associated with simulated phishing communications. (See, Aaron, FIGs. 1, 3, 4 and par. [0005]). For at least these reasons, the combination of Hawthorn and Aaron does not identify a category for each event of a plurality of events associated with a plurality of simulated phishing communications.”

	The Examiner notes the Aaron reference is applied to the recited: a category from the plurality of categories; and including, by the one or more processors, the user in a user group of the plurality of user groups associated with the category; since the reference is not applied in the manner suggested by Applicant, the Examiner need not concede nor subscribe to the characterizations of the art.  The Examiner maintains that it is the combination of Hawthorn and Aaron that teaches “identify a category for each event of a plurality of events associated with a plurality of simulated phishing communications”.

On page 4 of Remarks, Applicant argues:
“In addition, the combination of Hawthorn and Aaron does not include a user into a user group identified based on an event associated with a simulated phishing communication. While Hawthorn discusses phishing items and messages as examples of security threats for user training, Hawthorn does not take an action with respect to a user based on an event that is associated with any phishing items or messages. As Hawthorn is focused on merely determining a risk score for a user in view of user’s interactions with security and training items, Hawthorn is focused on user training and not inclusion of a particular user into a group that is identified based on simulated phishing.”


	The Examiner applies the Hawthorn reference as per a user into a user group identified based on an event associated with a simulated phishing communication as further explained supra and in the actions both previously and instantly presented.  As per the argument that Hawthorn does not take an action with respect to a user based on an event, the Examiner initially notes that such features are not claimed; during prosecution, claims are to be given “their broadest reasonable interpretation consistent with the specification” and that claim language should be read “in light of the specification as it would be interpreted by one of ordinary skill in the art.” In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004) (citations omitted). Although the claims are properly read in light of the Specification, limitations appearing in the Specification, but not recited in the claims are not to be read into the claims. See, e.g., E-Pass Techs., Inc. v. 3Com Corp., 343 F.3d 1364, 1369 (Fed. Cir. 2003).
	Nevertheless, even if by arguendo, such features are claimed, the Hawthorn reference states the campaign of the user will be subject to a dynamically updated campaign such that the user starts to receive security items and/or training items of a higher sophistication level (¶166-¶167) or take the action of calculating the risk score (¶168-¶169).  Even further, Hawthorn provides for adding technical details and/or profile details after the target user interacts with the campaign (Fig 21 and its associated descriptions).  Accordingly, the Hawthorn reference is sustained.

On page 4 of Remarks, Applicant argues:

“Meanwhile, by the virtue of not even discussing simulated phishing at all, Aaron is not capable of bridging this gap left by Hawthorn, and therefore falls short of helping Hawthorn include a user into a user group identified based on an event associated with a simulated phishing communication. For at least these reasons, the combination of Hawthorn and Aaron does not teach or suggest each and every element of independent Claims 1 and 11.”

	The Examiner notes the Aaron reference is applied to the recited: a category from the plurality of categories; and including, by the one or more processors, the user in a user group of the plurality of user groups associated with the category; since the reference is not applied in the manner suggested by Applicant, the Examiner need not concede nor subscribe to the characterizations of the art.  The Examiner maintains that it is the combination of Hawthorn and Aaron that teaches “identify a category for each event of a plurality of events associated with a plurality of simulated phishing communications”.
	One with ordinary skill in the art is not compelled to follow blindly the teaching of one prior art reference over the other without the exercise of independent judgment. See Lear Siegler, Inc. v. Aeroquip Corp., 733 F.2d 881, 889 (Fed. Cir. 1984); see also KSR, 550 U.S. at 420–21 (A person with ordinary skill in the art is “a person of ordinary creativity, not an automaton,” and “in many cases . . . will be able to fit the teachings of multiple patents together like pieces of a puzzle.”)

	For at least these reasons, the claim rejections are sustained.
Examiner’s Remark
	At the time of writing of the instant action, the Examiner is aware of potential avenues for advancing prosecution and encourages Applicant to contact the Examiner to advance prosecution.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7 and 11-17 are rejected under 35 U.S.C. 103 as being unpatentable over Hawthorn et al (U.S. Pat App Pub 2015/0229664 A1), hereinafter referred to as Hawthorn, in view of Aaron (U.S. Pat App Pub 2008/0115190 A1), hereinafter referred to as Aaron.
	Re claims 1 and 11: Hawthorn teaches a method and system comprising: one or more processors coupled to memory, and configured to: identifying, by one or more processors (Fig 1, elts 102 & 110; Fig 2, elt 110; ¶38-¶41), for each event of a plurality of events associated with a plurality of simulated phishing communications a category from a plurality of categories; associating, by the one or more processors, one or more user groups of a plurality of user groups to each of the plurality of categories; identifying, by the one or more processors based at least on a first event of a user associated with one or more of the plurality of simulated phishing communications (Figs 7, 10, 16-19 and the associated descriptions).
	Aaron teaches a category from the plurality of categories; and including, by the one or more processors, the user in a user group of the plurality of user groups associated with the category (Figs 1, 3 & 4 and the associated descriptions).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Hawthorn with the teachings of Aaron, for the purpose of providing adjusting the firewall policy group to which users are assigned based upon their activity on a network; reassignment of users to different firewall policy groups based upon user activity so as to properly protect groups of users seamlessly and dynamically to reflect current network conditions & activities.  The teachings of Aaron provide for improving the general approach to setting firewall policies via group-based firewall policies (see ¶5).
	Re claims 2 and 12: The combination of Hawthorn and Aaron teaches communicating, by the one or more processors, a second simulated phishing communication to the user of the user group (Hawthorn: Figs 7, 10, 16-19 and the associated descriptions; Aaron: Figs 3 & 4 and the associated descriptions). 
	Re claims 3 and 13: The combination of Hawthorn and Aaron teaches classifying, by the one or more processors, each event of the plurality of events into at least one category of the plurality of categories (Hawthorn: Figs 7, 10, 16-19 and the associated descriptions; Aaron: Figs 3 & 4 and the associated descriptions).
	Re claims 4 and 14: The combination of Hawthorn and Aaron teaches providing, by the one or more processors a mapping of each of the plurality of categories to one or more user groups of the plurality of user groups (Hawthorn: Figs 7, 10, 16-19 and the associated descriptions; Aaron: Figs 3 & 4 and the associated descriptions).
	Re claims 5 and 15: The combination of Hawthorn and Aaron teaches identifying, by the one or more processors at least one category from the plurality of categories for each group of the plurality of user groups (Hawthorn: Figs 7, 10, 16-19 and the associated descriptions; Aaron: Figs 3 & 4 and the associated descriptions).
	Re claims 6 and 16: The combination of Hawthorn and Aaron teaches receiving, by one or more processors, an indication of the first event identifying an interaction of the user with the simulated phishing communication (Hawthorn: Figs 7, 10, 16-19 and the associated descriptions; Aaron: Figs 3 & 4 and the associated descriptions).
	Re claims 7 and 17: The combination of Hawthorn and Aaron teaches the first event comprises a number of times the user interacted with the one or more of the plurality of simulated phishing communications (Hawthorn: Figs 7, 10, 16-19 and the associated descriptions; Aaron: Figs 3 & 4 and the associated descriptions; the Examiner notes that the broadest reasonable interpretation of “a number of times” can be construed a single event).

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hawthorn et al (U.S. Pat App Pub 2015/0229664 A1), hereinafter referred to as Hawthorn, in view of Aaron (U.S. Pat App Pub 2008/0115190 A1), hereinafter referred to as Aaron, in further view of Sadeh-Koniecpol et al (U.S. Pat App Pub 2014/0199663 A1), hereinafter referred to as Sadeh.
	Re claims 8 and 18: The combination of Hawthorn and Aaron teaches all the limitations of claims 1 and 11.
	Sadeh teaches the first event comprises a number of times the user has reached a threshold associated with the first event (¶81; ¶103; ¶105)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Hawthorn and Aaron with the teachings of Sadeh, for the purpose of providing partial training needs models based on simple threshold levels; this rationale is expressly suggested by Sadeh.

Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hawthorn et al (U.S. Pat App Pub 2015/0229664 A1), hereinafter referred to as Hawthorn, in view of Aaron (U.S. Pat App Pub 2008/0115190 A1), hereinafter referred to as Aaron, in further view of Sadeh-Koniecpol et al (U.S. Pat App Pub 2012/0258437 A1), hereinafter referred to as Koniecpol.
	Re claims 9 and 19: The combination of Hawthorn and Aaron teaches all the limitations of claims 1 and 11.
	Koniecpol teaches including, by the one or more processors, the user in the user group while keeping the user in another group of the plurality of user groups (¶65; page 8, claim 1).  
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Hawthorn and Aaron with the teachings of Koniecpol, for the purpose of providing multiple training interventions for users to combat and protect from phishing attacks; such rationale is expressly suggested by Koniecpol.

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hawthorn et al (U.S. Pat App Pub 2015/0229664 A1), hereinafter referred to as Hawthorn, in view of Aaron (U.S. Pat App Pub 2008/0115190 A1), hereinafter referred to as Aaron, in further view of Belani et al (U.S. Pat 8910287 B1), hereinafter referred to as Belani.
	Re claims 10 and 20: The combination of Hawthorn and Aaron teaches all the limitations of claims 1 and 11.  The combination teaches including, by the one or more processors, the user in the user group while removing the user from one or more other groups of the plurality of user groups (Hawthorn: ¶105).
	Belani also teaches including, by the one or more processors, the user in the user group while removing the user from one or more other groups of the plurality of user groups (col 2, lines 24-37; col 5, line 56 – col 6, line 20).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Hawthorn and Aaron with the teachings of Belani, for the purpose of preventing real attackers from accessing previously used phishing records; by removing or rendering such associations provides this explicit benefit suggested by Belani.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Patent No. 9742803. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims here are rendered anticipated or obvious in view of the patented claims.  Any differences and motivation of which are stated supra are fully incorporated herein and are not duplicated.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Patent No. 9906555. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims here are rendered anticipated or obvious in view of the patented claims.  Any differences and motivation of which are stated supra are fully incorporated herein and are not duplicated.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Patent No. 10581911. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims here are rendered anticipated or obvious in view of the patented claims.  Any differences and motivation of which are stated supra are fully incorporated herein and are not duplicated.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Patent No. 10715551. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims here are rendered anticipated or obvious in view of the patented claims.  Any differences and motivation of which are stated supra are fully incorporated herein and are not duplicated.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARREN B SCHWARTZ whose telephone number is (571)270-3850. The examiner can normally be reached 9am-7pm EST, Monday-Thursday, 9am-5pm EST, Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARREN B SCHWARTZ/Primary Examiner, Art Unit 2435