Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments

Applicant's arguments filed 7/5/22 have been fully considered but they are not persuasive. 

Applicant argues as per claims 1, and 10 that the prior art fails to teach “the visual presentation comprises one or more of a font, a color, a text block….”   
Examiner notes that the claims state that “shared attributes comprise at least one of a semantic relation…language of intent….a visual presentation”    Examiner asserts that the rejection uses semantic relations, and therefore does not need to meet visual presentation limitations.  
However, Examiner also notes that Higbee teaches that a phishing message, or simulated phishing message may contain specific fonts, font colors and images. [0037][0038]

Applicant’s argument with regard to claims 5, and 14 is persuasive, because it uses both attributes based on semantic relations and visual presentation.  Cosoi US 8,695,100 has been incorporated to meet the claims as amended.





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-13, 15-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Higbee US 2018/0191754 in view of Kaushansky US 2008/0215607
As per claim 1 Higbee teaches A system for providing cyber security, the system comprising a server arrangement communicatively coupled to a plurality of user devices, the server arrangement configured to: receive a communication from one or more communication sources; forward the received communications to the plurality of user devices; receive a feedback, associated with the forwarded communications from one or more user devices of the plurality of user devices, to identify at least one potential threat communication; analyze each feedback to generate a plurality of clusters based on one or more shared attributes associated with the received communications; identify one or more clusters, from the plurality of clusters as potential threat clusters, including the at least one potential threat communication; analyze at least one threat indicator communication, selected from each of the identified one or more potential threat clusters, to determine a threat level associated therewith; classify the one or more potential threat clusters as threat clusters, if the threat level of the at least one threat indicator communication is above a threshold threat level; and perform one or more corrective actions for managing communications associated with the threat clusters.  [0032] [0055][0095][0131] [0136][0137][0138][0139][0142] [0159][0160]   (mail server forwards messages to recipients, receives feedback from user devices, clusters both feedback and messages to identify threats, determine threat level,  and performs corrective actions)
Higbee teaches the visual presentation comprises one or more of a font a color a text block a label a text box a list box, a line, an image window, a dialog box, a frame, a panel, a menu, a button and an icon. [0038][0042] (company images, fonts, colors, etc)

Kaushansky teaches the attributes comprise at least one of a sematic relation of textual content between the received communications, a language intent of the received communications and a visual  presentation of the received communications [0075] (teaches semantic analysis on text between messages and clustering similar messages)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the clustering method of Kaushansky with the clustering of Hibee because it provides improved and efficient message analysis.As per claim 2.  Higbee teaches A system according to claim 1, wherein the one or more corrective actions comprise at least one of: firewall configuration, port configuration, disable reception of communications from one or more communication channels, remove the communications associated with threat clusters from each of the plurality of user devices, trigger an alert for each of the plurality of user devices. [0131] [0160] (remove/quarantine message; block)As per claim 3. Higbee teaches A system according to claim 1, wherein each of the plurality of user devices comprises a plugin, in the form of a user interface element, to provide feedbacks in response to the forwarded communications. [0055] (reporting plugin with user interface)As per claim 4. Higbee teaches A system according to claim 1, wherein the one or more shared attributes comprise at least one of: a semantic relation of textual content between the received communications, a visual presentation of the received communications, a language intent of the received communications, an origin information of the received communications, a format of the received communications, an embedded information in the received communications. [0101] [0102][0103][0116]  [0136] (teaches shared attributes may be the message, content of message, source of message)
As per claim 6. Higbee teaches A system according to claim 1, wherein the server arrangement is configured to determine the threat level of at least one threat indicator communication by: comparing the at least one threat indicator communication with pre-examined communications, each having a threat score associated therewith; determining a resemblance score of the at least one threat indicator communication with respect to each of the pre-examined communications; selecting a pre-examined communication having a highest resemblance score; assigning the threat score of the pre-examined communication, having the highest resemblance score, to the at least one threat indicator communication; and determining the threat level of the at least one threat indicator communication based on the assigned threat score.  [0095][0138][0142] (teaches assigning rules with threat scores, and teaches comparing communications by score to determine a cluster and grouping, and therefore assigning a threat label and score based on predetermined rules)As per claim 7. Higbee teaches A system according to claim 6, wherein the server arrangement is configured to access the pre-examined communications from a cyber security database.  [0127][0128][0110][0069][0147]  (teaches a plurality of rules databases, and external databases based on categorization of messages)As per claim 8. Higbee teaches A system according to claim 2, wherein the server arrangement is configured to perform the one or more corrective actions in real-time. [0131][0132] (teaches corrective action in real time)As per claim 9. Higbee teaches A system according to claim 2, wherein the server arrangement is configured to perform the one or more corrective actions based on the threat level, and wherein the threat level is further categorized based on the assigned threat score into at least one of: a low threat level, a moderate threat level and a high threat level. [0095][0161] (teaches taking action based on priority/threat level, teaches a low threat, moderate threat, and high threat)As per claim 10. Higbee teaches A method for providing cyber security, the method being implemented by a system comprising a server arrangement communicatively coupled to a plurality of user devices comprising: receiving a communication from one or more communication sources; forwarding the received communications to the plurality of user devices; receiving a feedback, associated with the forwarded communications from one or more user devices of the plurality of user devices, to identify potential threat communications; analyzing each of the received feedback to generate a plurality of clusters based on one or more shared attributes associated with the received communications; identifying one or more clusters, from the plurality of clusters as potential threat clusters, including the at least one potential threat communication; analyzing at least one threat indicator communication, selected from each of the identified one or more potential threat clusters, to determine a threat level associated therewith; classifying the one or more potential threat clusters as threat clusters, if the threat level of the at least one threat indicator communication is above a threshold threat level; and performing one or more corrective actions for managing communications associated with the threat clusters. [0032] [0055][0095][0131] [0136][0137][0138][0139][0142] [0159][0160]   (mail server forwards messages to recipients, receives feedback from user devices, clusters both feedback and messages to identify threats, determine threat level,  and performs corrective actions)
Kaushansky teaches the attributes comprise at least one of a sematic relation of textual content between the received communications, a language intent of the received communications and a visual  presentation of the received communications [0075] (teaches semantic analysis on text between messages and clustering similar messages)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the clustering method of Kaushansky with the clustering of Hibee because it provides improved and efficient message analysis.As per claim 11. Higbee teaches A method according to claim 10, wherein the one or more corrective actions comprise at least one of: firewall configuration, port configuration, disable reception of communications from one or more communication channels, remove the communications associated with threat clusters from each of the plurality of user devices, trigger an alert for each of the plurality of user devices. [0131] [0160]  (remove/quarantine message; block)As per claim 12. Higbee teaches A method according to claim 10, wherein the feedbacks are received from the one or more user devices of the plurality of user devices in response to the forwarded communications via a plugin, provided in the form of a user interface element. [0055] (reporting plugin with user interface)As per claim 13. Higbee teaches A method according to claim 10, wherein the one or more shared attributes comprise at least one of: a semantic relation of textual content between the received communications, a visual presentation of the received communications, a language intent of the received communications, an origin information of the received communications, a format of the received communications, an embedded information in the received communications. [0101] [0102][0103][0116]  [0136] (teaches shared attributes may be the message, content of message, source of message)
As per claim 15. Higbee teaches A method according to claim 10, wherein determining the threat level of at least one threat indicator communication comprises: comparing the at least one threat indicator communication, with pre-examined communications each having a threat score associated therewith; determining a resemblance score of the at least one threat indicator communication with respect to each of the pre-examined communications; selecting a pre-examined communication having a highest resemblance score; assigning the threat score of the pre-examined communication, having the highest resemblance score, to the at least one threat indicator communication; and determining the threat level of the at least one threat indicator communication based on the assigned threat score. [0095][0138][0142] (teaches assigning rules with threat scores, and teaches comparing communications by score to determine a cluster and grouping, and therefore assigning a threat label and score based on predetermined rules)As per claim 16. Higbee teaches A method according to claim 15, wherein the pre-examined communications are accessed from a cyber security database. [0127][0128][0110][0069][0147]  (teaches a plurality of rules databases, and external databases based on categorization of messages)As per claim 17. Higbee teaches A method according to claim 13, wherein the one or more corrective actions are performed in real-time. [0131][0132] (teaches corrective action in real time)As per claim 18. Higbee teaches A method according to claim 13, wherein performing the one or more corrective actions based on the threat level, and wherein the threat level is further categorized based on the assigned threat score into at least one of: a low threat level, a moderate threat level and a high threat level. [0095][0161] (teaches taking action based on priority/threat level, teaches a low threat, moderate threat, and high threat)

Claims 5, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Higbee US 2018/0191754 in view of Kaushansky US 2008/0215607 in view of Cosoi US 8,695,100

As per claim 5. Higbee teaches A system according to claim 1, wherein the server arrangement is configured to generate the plurality of clusters by: identifying one or more shared attributes of a first received communication and a second received communication; determining a similarity score for the identified one or more shared attributes; and generating a cluster, including the first received communication and the second received communication, if the determined similarity score is above a threshold similarity score. [0136][0137][0138][0139][0142]  (teaches comparing messages based on a similarity threshold to generate a cluster)
Kaushansky generating a semantic representation and establishing sematic relations between a first received communication and a second received communication and identifiying attributes based on semantic relations [0075] (teaches semantic analysis on text between messages and clustering similar messages)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the clustering method of Kaushansky with the clustering of Hibee because it provides improved and efficient message analysis.
Cosoi teaches determining semantic relations including visual presentation of the first an second received communication, and wherein the communication comprise one or more of a size and position of visual elements, a margin and a spacing. (Column 8 lines 30-55)  (Cosoi teaches determining a webpage is a phishing webpage in part on semantics but also on positions of words, visual appearance, including color, font, font size, and relative positions of graphical layouts)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the visual attributes of Cosoi with the previous art combination because it promotes efficient detection of phishing sites.

As per claim 14. Higbee teaches A method according to claim 10, wherein generating the plurality of clusters comprises: identifying one or more shared attributes of a first received communication and a second received communication; determining a similarity score for the identified one or more shared attributes; and generating a cluster, including the first received communication and the second received communication, if the determined similarity score is above a threshold similarity score. [0136][0137][0138][0139][0142]  (teaches comparing messages based on a similarity threshold to generate a cluster)Kaushansky generating a semantic representation and establishing sematic relations between a first received communication and a second received communication and identifiying attributes based on semantic relations [0075] (teaches semantic analysis on text between messages and clustering similar messages)


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439