Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
	This office action is in response to the filing of Patent Application 17022878 on 9/16/2020.

.         35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-9, 11-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  
Claim(s) 1 is/are drawn to method (i.e., a process), claim(s) 11 is/are drawn to a system (i.e., a machine/manufacture), and claim(s).
Claims  1-9, 11-18 are directed to analyze an email. Specifically, the claims recite list the claim limitations that recite the abstract idea, which is grouped within the Mental Processes and is similar to the concept of (concepts performed in the human mind (including an observation, evaluation, judgement, opinion) grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)). Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as server, data processing apparatus, memory device, medium merely use(s) a computer as a tool to perform an abstract idea and/or generally link(s) the use of a judicial exception to a particular technological environment. Specifically, the server, data processing apparatus, memory device, medium perform(s) the steps or functions of parsing, calculating, etc. The use of a processor/computer as a tool to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using a server, data processing apparatus, memory device, medium to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of analyze an email. As discussed above, taking the claim elements separately, the server, data processing apparatus, memory device, medium perform(s) the steps or functions of parsing, calculating, etc. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of analyze an email. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims 2-12, 14-16, and 18-20 further describe the abstract idea of analyze an email. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1, 11, 20, the phrase “checking the email against … a whitelist” does not seem to relate to the other elements of the claims. The claim elements seem to be disjoint and therefore correction is needed to determine the scope of the claims.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9, 11-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verma (U.S. Patent App Pub 20150067833) in view of Greevy (U.S. Patent 10904266).

Regarding claim 1,
Verma teaches a computer-implemented method for automatically analyzing a potentially malicious email, the method comprising: parsing an email by converting the email into scannable objects, and scanning the objects to collect findings about the email; (See figure 5, paragraphs 93-95, Verma teaches parsing an email into header links and email and run through a classifier ie scan these components)
calculating a score of the email based on a phishing rule by: (See paragraphs 76, 105, Verma teaches calculate a phishing score)
assigning item scores to the findings, respectively, based on the phishing rule; and (See paragraphs 76, 81, 89, Verma teaches assigning score for each classifier)
calculating the score being a total of the item scores; and (See paragraphs 76, 81, 89, Verma teaches calculating total score based on all classifiers)
determining the email to be a malicious email if the score exceeds a threshold value. (See paragraphs 76, 81, 89, Verma teaches a score above 0 i.e. 1 is considered a malicious phishing email)
Verma does not explicitly teach but Greevy teaches checking the email against a whitelist; (See column 2 lines 28-54, column 6 line 12-31, Greevy teaches checking an email against a whitelist)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Greevy with Verma because both deal with email filters. The advantage of incorporating the above limitation(s) of Greevy into Verma is that Greevy teaches the computer system automatically authorize transmission of emails sent from email addresses within the organization domain without further checks for authenticity according to the method, thus reducing overhead and computational power scanning internal emails for spoofing attempts, therefore making the overall system more robust and efficient. (See paragraphs [0004] - [0006], Greevy)

	Regarding claim 2,
Verma and Greevy teaches the method of claim 1, wherein the phishing rule defines first items that categorize emails as malicious, the method further comprising: categorizing the email as the malicious email if the findings include one or more of the first items from the phishing rule. (See paragraphs 79-80, Verma teaches categorizing email as malicious based on item)

	Regarding claim 3,
Verma and Greevy teaches the method of claim 1.
Greevy further teaches wherein the whitelist defines second items that categorize emails as benign, the method further comprising: categorizing the email as a benign email if the findings include one or more of the second items from the whitelist. (See column 6lines 11-31, Greevy teaches checking a whitelist to determine if a email is benign) See motivation to combine for claim 1.

	Regarding claim 4,
Verma and Greevy teaches the method of claim 1.
Greevy further teaches further comprising: determining the email as a benign email if the score does not exceed the threshold value; and storing the benign email in a database. (See column 10 line 44-67, Greevy teaches  threshold below keeping email) See motivation to combine for claim 1.

	Regarding claim 5,
Verma and Greevy teaches the method of claim 4.
Greevy further teaches further comprising: updating the whitelist; and updating the phishing rule.(See column 13 line 19-33, column 16 line 65 – column 17 line 7, Greevy teaches updating whitelist and overall rule for phishing)  See motivation to combine for claim 1.

	Regarding claim 6,
Verma and Greevy teaches the method of claim 5, further comprising: 
Greevy further teaches checking the benign email against the whitelist; calculating a second score of the benign email based on the phishing rule by: assigning second item scores to the findings, respectively, based on the phishing rule; and (See claims 14, 17, column 1 line 45, column 54, Greevy teaches calculating thresholds and checking them against scores and rules)
calculating the second score being a total of the second item scores; and determining the email to be a malicious email if the second score exceeds the threshold value. (See claims 14, 17, column 1 line 45, column 54, Greevy teaches calculating multiple scores and checking threshold to see if email was malicious) See motivation for claim 1.
	
	Regarding claim 9,
Verma and Greevy teaches the method of claim 1, wherein the scannable objects include text objects and binary objects. (See paragraphs 14, 165, Verma)

Claims 11-16 list all the same elements of claims 16 but in system form rather than method form.  Therefore, the supporting rationale of the rejection to claims 1-6 applies equally as well to claims 11-16.  Furthermore with regards to the limitation of a server comprising: a data processing apparatus; and a memory device storing instructions that when executed by the data processing apparatus cause the server to perform operations comprising: (See paragraphs 62, 78, Verma)

Claim  7, 8, 10, 17, 18, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verma (U.S. Patent App Pub 20150067833) in view of Greevy (U.S. Patent 10904266) in view of Higbee (U.S. Patent App Pub 20180191754).

Regarding claim 7,
Verma and Greevy teaches the method of claim 1.
Verma and Greevy do not explicitly teach but Higbee teaches further comprising: receiving a user input indicative of the email being potentially malicious; (See paragraphs 78-80, figure 15, Higbee teaches  a user dashboard to input email issues) storing the email in a predetermined database; and scanning the predetermined database to obtain the email.  (See paragraphs 72, 103, Higbee)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Higbee with Verma and Greevy because both deal with email filters. The advantage of incorporating the above limitation(s) of Higbee into Verma and Greevy is that Higbee teaches a security analysts are enabled to efficiently analyze and respond to phishing attacks and analysis and response as users fine-tune is improved, therefore making the overall system more robust and efficient. (See paragraphs [0004] , [0027], Higbee)

Regarding claim 8,
Verma and Greevy teaches the method of claim 1.
Verma and Greevy do not explicitly teach but Higbee teaches wherein receiving a user input includes: generating a user interface selectable by a user to indicate that the email is potentially malicious. (See paragraphs 78-80, figure 15, Higbee teaches  a user dashboard)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Higbee with Verma and Greevy because both deal with email filters. The advantage of incorporating the above limitation(s) of Higbee into Verma and Greevy is that Higbee teaches a security analysts are enabled to efficiently analyze and respond to phishing attacks and analysis and response as users fine-tune is improved, therefore making the overall system more robust and efficient. (See paragraphs [0004] , [0027], Higbee)

	Regarding claim 10,
Verma and Greevy teaches the method of claim 1,.
Verma and Greevy do not explicitly teach but Higbee teaches further comprising: generating a report in a form of email, the report including an email subject, a list of attachments, the findings, the item scores, and the score; and transmitting the report to a security analyst computing device. (See paragraphs 78-80, figure 15, Higbee teaches attachments, scores and a report available to the user)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Higbee with Verma and Greevy because both deal with email filters. The advantage of incorporating the above limitation(s) of Higbee into Verma and Greevy is that Higbee teaches a security analysts are enabled to efficiently analyze and respond to phishing attacks and analysis and response as users fine-tune is improved, therefore making the overall system more robust and efficient. (See paragraphs [0004] , [0027], Higbee)

Regarding claim 20,
Verma teaches a non-transitory computer-readable medium having stored therein a program for causing a computer to execute a process of analyzing a potentially malicious email, the process comprising:parsing an email by converting the email into scannable objects, and  scanning the objects to collect findings about the email; (See figure 5, paragraphs 93-95, Verma teaches parsing an email into header links and email and run through a classifier ie scan these components)
calculating a score of the email based on a phishing rule by assigning item scores to the findings, respectively, based on the phishing rule, and calculating the score being a total of the item scores; (See paragraphs 76, 81, 89, Verma teaches calculating total score based on all classifiers)
determining the email to be a malicious email if the score exceeds a threshold value; (See paragraphs 76, 81, 89, Verma teaches a score above 0 i.e. 1 is considered a malicious phishing email)
Verma does not explicitly teach but Greevy teaches checking the email against a whitelist; (See column 2 lines 28-54, column 6 line 12-31, Greevy teaches checking an email against a whitelist)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Greevy with Verma because both deal with email filters. The advantage of incorporating the above limitation(s) of Greevy into Verma is that Greevy teaches the computer system automatically authorize transmission of emails sent from email addresses within the organization domain without further checks for authenticity according to the method, thus reducing overhead and computational power scanning internal emails for spoofing attempts, therefore making the overall system more robust and efficient. (See paragraphs [0004] - [0006], Greevy)
Verma and Greevy do not explicitly teach but Higbee teaches receiving a user input indicative of the email being potentially malicious;  (See paragraphs 78-80, figure 15, Higbee teaches  a user dashboard input about emails)
storing the email in a predetermined database; scanning the predetermined database to obtain the email; (See paragraphs 72, 103, Higbee)
generating a report in a form of email, the report including an email subject, a list of attachments, the findings, the item scores, and the score; and transmitting the report to a security analyst computing device. (See paragraphs 78-80, figure 15, Higbee teaches attachments, scores and a report available to the user)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Higbee with Verma and Greevy because both deal with email filters. The advantage of incorporating the above limitation(s) of Higbee into Verma and Greevy is that Higbee teaches a security analysts are enabled to efficiently analyze and respond to phishing attacks and analysis and response as users fine-tune is improved, therefore making the overall system more robust and efficient. (See paragraphs [0004] , [0027], Higbee)

Claims 17-19 list all the same elements of claims 7,8, 10, but in system form rather than method form.  Therefore, the supporting rationale of the rejection to claims 7, 8, 10 applies equally as well to claims 17-19. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure and located in the PTO-892 form. 
1.Prakash, U.S. Patent 9154514, teaches systems and methods for analyzing electronic messages for phishing detection are disclosed. In one example embodiment, whether a received email message is a phishing message is determined based on the outcome of a comparison of a recipient background information to a email characteristic wherein the recipient background information is obtained from an online social network. In some embodiments, whether the received email message is a phishing message is determined by comparing a new received email message profile to an email characteristic profile to determine whether the new received email message profile is similar to the email characteristic profile. In some embodiments, whether the received email message is a phishing message is determined by comparing the email characteristics of the new received email message with pattern characteristics. In some embodiments, the determination is made by comparing a email characteristics of the received message with a historical email characteristic.
2. Marinescu, U.S. Patent App 20120244500 , teaches a system, method and computer program product for detecting leadership in a socio-technical environment based on the chronologic distribution of artifacts. The system and method captures and makes use of chronologic information as a predictor of causality in the dissemination of artifacts. A measure of leadership is based in part on the amount of relevant artifacts generated as a result, and temporal causality is used to detect this. The system method and computer program product further determines the patterns of behavior that govern a socio-technical context. By defining a set of patterns and comparing them with the interactions observed within a socio-technical network issues are discoverable.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NINOS DONABED whose telephone number is (571)272-8757.  The examiner can normally be reached on Monday - Friday 8:00pm - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John FOLLANSBEE can be reached on (571)272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NINOS DONABED/Primary Examiner, Art Unit 2444