DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 06/01/2022.
In the instant Amendment, Claims 1 and 14 have been amended. Claims 13 and 20 have been cancelled without prejudice. Claims 1 and 14 are independent claims. Claims 1-12 and 14-19 have been examined and are pending. This Action is made FINAL.

	
Response to Arguments
The rejections of claims 1-13 under 35 U.S.C. § 101 are withdrawn as the claims have been amended.
Applicants’ arguments with respect to claims 1-12 and 14-19 have been considered but are moot in view of the new ground(s) of rejection.  
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (313) 446-6644 to schedule an interview.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.






Claims 1-5, 7-12 and 14-18 are rejected under 35 U.S.C. 103 as being patentable over HAWTHORN et al. (“HAWTHORN,” US 20150229664, published on 08/13/2015) in view of Thomas et al. (“Thomas,” US 20140020072, published on 01/16/2014)
Regarding Claim 1;
HAWTHORN discloses a system comprising: 
a memory (par 0200; a system memory); and 
a hardware controller of a user's computing device, wherein the controller is adapted to (par 0041; fig. 22; the user system and/or security system further include, for example, a processor, which may be several processors, a single processor, or a single device having multiple processors): 
monitor interaction of a user with the user's computing device to update a user's information security profile that is stored at the memory (par 0053; fig. 1; monitor a user's interaction with security items and/or training items received from the risk assessment manager; par 0147; a user profile of the user and/or one or more addition profiles updated by the risk assessment manager to indicate that a user was presented with a security item and/or training item; par 0202; the main memory include the risk assessment manager);
select, based on the profile, and based on an event, to perform an action related to the user (par 0066; when a user has interacted with a security item in a way that that poses a security risk to the company, and/or after interaction. A "Training" widget allow a user of security system to edit and/or create a training item associated with a particular template; par 0120; security items and/or training items for a subsequent campaign selected based on the sophistication level of the previous campaign and/or a current risk score of a user of user system. A user of security system define a rule that states recipients associated with a given role are to receive security items and/or training items of a given sophistication level. Scheduling parameters and/or rules stored within a campaign profile; par 0164; where a template includes a training item such as a training video and quiz), 
 wherein the action is selected, such that it raises the awareness of the user to security of information (par 0120; security items and/or training items for a subsequent campaign selected based on the sophistication level of the previous campaign and/or a current risk score of a user of user system; par 0058; a security item transmitted to user device include a training item to be displayed, played, and/or the like; par 0172; if the user risk calculator determines that the user completed three training sessions during a campaign based on the user training item data, a risk score of the user is altered by 5%).  
HAWTHORN discloses the action is selected as recited above, but do not explicitly disclose determine compliance of the user with security of information; based on the determined compliance; block received information upon identification of phishing content.  
However, in an analogous art, Thomas discloses security access protection system/method that includes:
determine compliance of the user with security of information (Thomas: par 0063; a security state of the client device to determine if the client is in compliance with a security policy); 
based on the determined compliance (Thomas: par 0063; if the client is in compliance with the security policy, coupling the client to one of the plurality of cloud computing facilities through a second secure link using a corresponding one of the plurality of proxy access credentials for the user); 
block received information upon identification of phishing content (Thomas: par 0020; security management facility provide for web security and control, where security management help to block viruses, spyware, malware, unwanted application; par 0047; firewalls also provide some level of intrusion detection, which allow the software to terminate or block connectivity where it suspects an intrusion is being attempted). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Thomas with the method/system of HAWTHORN to include determine compliance of the user with security of information; based on the determined compliance; block received information upon identification of phishing content. One would have been motivated to determine if the client is in compliance with a security policy; and if the
client is in compliance with the security policy, coupling the client to one of the plurality of cloud computing facilities through a second secure link using a corresponding one of the plurality of proxy access credentials for the user (Thomas: abstract).



	
Regarding Claim 2;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to: receive, from an information security system (ISS) (par 0052; fig. 12; an input/output module allow a the user of user system to receive and/or interact with security items and/or training items transmitted from the risk assessment manager), information related to an action taken by the user or by the ISS with relation to the user (par 0149; when a user receives and/or is presented with a security item and/or training item. A security item and/or training item include an embedded identifier that allows the agent to distinguish and/or identify security items and/or training items); and based on the action, perform at least one of: inform the user regarding the action, guide the user in responding to the action, force the user to perform an action and prevent the user from performing an action (par 0151; security item and/or training item include content such as an N.times.N transparent pixel that prompts the client to ask the user if the user would like to download an external/remote content. When a user selects the option to download this content, the agent determine that security item and/or training item has been opened).  

Regarding Claim 3;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to select, based on an event and based on the profile, a training session for the user (HAWTHORN: par 0066; fig. 5; when a user has interacted with a security item in a way that that poses a security risk to the company, and/or after interaction. A "Training" widget may also allow a user of security system to edit and/or create a training item associated with a particular template; par 0082; fig. 5; selected by a user of user system, requests a training item from risk assessment manager to display training data to the user at user system; par 0120; security items and/or training items for a subsequent campaign selected based on the sophistication level of the previous campaign and/or a current risk score of a user of user system. A user of security system define a rule that states recipients associated with a given role are to receive security items and/or training items of a given sophistication level. Scheduling parameters and/or rules stored within a campaign profile; par 0164; where a template includes a training item such as a training video and quiz).

Regarding Claim 4;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to present and monitor completion of a security training session, the training session designed to raise the user's awareness to security, and update the profile based a result of the session (par 0172; If the user risk calculator determines that the user completed three training sessions during a campaign based on the user training item data, a risk score of the user is altered by 5%; par 0175; once a risk score has been determined for a given recipient user, a risk score may be saved and/or stored within the user profile associated with the recipient user. Risk scores may be stored in other profiles as well. If a previous risk score is already associated with the user, this previous score may be updated with the new score).  

Regarding Claim 5;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to update the profile according to information obtained from an ISS (par 0049; the risk assessment manager use the received data and use the received data and/or other data stored within security system to calculate a risk score for an end user associated with user system; par 0157; any application version that changes in a manner deemed to be vulnerable may trigger an alert to security system, which may then recalculate a risk score; par 0175; once a risk score has been determined for a given recipient user, a risk score may be saved and/or stored within the user profile associated with the recipient user. Risk scores may be stored in other profiles as well. If a previous risk score is already associated with the user, this previous score may be updated with the new score).  
 
Regarding Claim 7;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the action is selected based on: a score included in the profile (par 0120; security items and/or training items for a subsequent campaign selected based on the sophistication level of the previous campaign and/or a current risk score of a user of user system; par 0175; once a risk score has been determined for a given recipient user, a risk score may be saved and/or stored within the user profile associated with the recipient user); and an event including at least one of: reception of a message and an interaction of a user with a computing device (par 0052; an input/output module allow a the user of user system to receive and/or interact with security items and/or training items transmitted from the risk assessment manager and/or send and receive messages from other users and applications; par 0053; the risk assessment agent monitor a user's interaction with security items and/or training item received from the risk assessment manager).

Regarding Claim 8;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to chat with a user and provide guidance related to security issues (par 0140; figs 11 and 12; security items and/or training items generated and/or transmitted to target users. These additional security items and/or training items may include, for example, data associated with introductory security information, phishing information, social media information, remote and/or travel-related information, password information, social engineering information, web safety information, data protection information, email security information, computer security information, physical security information, simulation data associated with any of the preceding information, and/or any combination of the above).

Regarding Claim 9;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to cause an ISS to modify rules related to the user (par 0068; security system modify a previously created campaign via the campaign area. A campaign include a security items and/or training item to be transmitted and displayed to a user system associated with a specified recipients over a given period of time).

Regarding Claim 10;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to remind the user to perform an action related to a security threat caused by an action of the user (par 0182; figs. 12 and 16; when a user of security system selects a campaign, a campaign summary comprising one or more reports displayed in the interactive environment).  

Regarding Claim 11;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to modify a graphical user interface (GUI) object in an application according to a security consideration (par 0068; fig. 3; security system modify a previously created campaign via the campaign area. A campaign may include a security items and/or training item to be transmitted and displayed to a user system associated with a specified recipients over a given period of time).  

Regarding Claim 12;
The combination of HAWTHORN and Thomas disclose the system of claim 1,
HAWTHORN further discloses wherein the controller is further adapted to establish a communication channel between at least one of: a security management personnel and a user, and an ISS and the user (par 0036; fig. 1; the system include a user system and a security system connected over a network).

Regarding Claim 14;
This Claim recites a method that perform the same steps as system of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

Regarding Claim 15;
This Claim recites a method that perform the same steps as system of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  

Regarding Claim 16;
This Claim recites a method that perform the same steps as system of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Regarding Claim 17;
This Claim recites a method that perform the same steps as system of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  


Regarding Claim 18;
This Claim recites a method that perform the same steps as system of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  

Claims 6 and 9 are rejected under 35 U.S.C. 103 as being patentable over HAWTHORN et al. (US 20150229664) in view of Thomas et al. (US 20140020072) and further in view of Lieblich et al. (“Lieblich,” US 20060020814, published on 01/26/2006)

Regarding Claim 6; 

The combination of HAWTHORN and Thomas disclose the system of claim 1,
The combination of HAWTHORN and Thomas disclose all the limitations as recited above, but do not explicitly disclose wherein the controller is further adapted to intervene in an interaction of the user with the computing device based on at least one of: a violation of a security policy, information received, information about to be sent, a user's profile and a user's score.
However, in an analogous art, Lieblich discloses risk management system/method that includes:
wherein the controller is further adapted to intervene in an interaction of the user with the computing device based on at least one of: a violation of a security policy, information received, information about to be sent, a user's profile and a user's score (Lieblich: par 0146; Security Violation Handling; par 0148; ZIntrcpt is constantly monitoring both his e-mail and word processing software. ZIntrcpt traps on the end user's mouse click action triggering the sending of the suspect e-mail, and immediately places descriptive information in the Queue).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Lieblich with the method/system of HAWTHORN and Thomas to include wherein the controller is further adapted to intervene in an interaction of the user with the computing device based on at least one of: a violation of a security policy, information received, information about to be sent, a user's profile and a user's score. One would have been motivated to dynamically monitor its end user, without regard to network connectivity, in order to calculate a risk score and to ensure that the end user's behavior does not put corporate information or other assets at risk (Lieblich: abstract).

Regarding Claim 19;
This Claim recites a method that perform the same steps as system of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  






Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham  can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/C.W./Examiner, Art Unit 2439 



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439