RESPONSE TO AMENDMENT
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims Status
Claims 1–9, 12, 15, 17 and 18 are pending.
Claims 10, 11, 13, 14 and 16 are canceled.
Claims 1–9, 12, 15, 17 and 18 are rejected.
Procedural Notes
Pre-Appeal Brief Request for Review filed May 11th, 2022 was held by Kevin Bates, Jason Recek and Dae Kim. The panel decided reopen prosecution. The previous rejection is withdrawn and new Non-final office action is hereby mailed.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 9, 12, 17 and 18 are rejected under 35 U.S.C. § 103 as being unpatentable over Jiang et al. (2015/0033343) in view of Teksecurityblog.com Reference ("How to derail a Business Gmail spam bomb", Teksecurityblog.com, February 11, 2016), and further in view of Shinde et al. (2008/0114843).
Regarding claims 1 and 15, Jiang teaches Method for processing a plurality of electronic messages, the method comprising:
Obtaining the plurality of electronic messages (¶¶3-5, for purposes of detecting an e-mail bomb, e-mail traffic can be received by the e-mail server which can be analyzed for said detection afterwards; see also Figs. 4 and 9),
Selecting at least a subset of electronic messages of the plurality of electronic messages directed to a single recipient based on a list of a plurality of suspicious electronic message sender identifiers (Fig. 3, detection of an e-mail bomb directed to a singular recipient as well as the ability to identify exactly which IP address is causing the bombing attack is shown; specifically, e-mail bombs directed to a single recipient based on thresholded detection period can be detected via step 306, and the plurality of suspicious electronic message sender identifiers [IP address] can be identified via step 308, but Jiang does not identify that the identification of the e-mail bomb directed to the recipient is "based on a list of a plurality of suspicious electronic message sender identifiers"; see also ¶¶67-82),
wherein an electronic message is selected if a sender identifier of the electronic message is same as one of the plurality of suspicious electronic message sender identifiers in the list (Fig. 3; ¶¶77-82, determination of sender IP addresses associated with an e-mail attack associated with a singular e-mail recipient can be made and thresholding applied to predetermined detection periods; however, Jiang does not precondition the selection of the messages based on the "plurality of suspicious electronic message sender identifiers in the list");
Determining whether a number of electronic messages of the subset of electronic messages directed to the single recipient and obtained within a pre-defined time interval exceeds a threshold (Fig. 3, thresholding against message received for a particular recipient within a detection period of time for a detection of e-mail bomb attack against a singular recipient is disclosed), and
Discarding the electronic messages of the subset of electronic messages if the number of electronic messages of the subset of electronic messages directed to the single recipient and obtained within the pre-defined time interval exceeds the threshold (Fig. 3; however, Jiang does not identify that the e-mails must be discarded but only identifies that the incoming traffic be limited preventatively. Shinde teaches the ability to discard messages).
However, Jiang does not explicitly teach Selecting at least a subset of electronic messages of the plurality of electronic messages directed to a single recipient based on a list of a plurality of suspicious electronic message sender identifiers, wherein an electronic message is selected if a sender identifier of the electronic message is same as one of the plurality of suspicious electronic message sender identifiers in the list; and the ability to discard messages.
Teksecurityblog reference from the same field of endeavor teaches Selecting at least a subset of electronic messages of the plurality of electronic messages directed to a single recipient based on a list of a plurality of suspicious electronic message sender identifiers (pp. 7-9, ability to block sender IPs based on particular known IP addresses of bad e-mail message senders is disclosed),
wherein an electronic message is selected if a sender identifier of the electronic message is same as one of the plurality of suspicious electronic message sender identifiers in the list (pp. 7-9, ability to block sender IPs based on particular known IP addresses of bad e-mail message senders is disclosed);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Jiang using Teksecurityblog reference to shorten the time needed to identify and reject e-mail bomb attacks. By using previously known/identified list of bad actors having IP addresses/blocks as shown in Teksecurityblog, Jiang would have eliminated the time needed to further identify bad actors having particular IP addresses and thus take actions against said bad actors earlier.
However, the teachings do not explicitly teach Discarding the electronic messages of the subset of electronic messages.
Shinde from the same field of endeavor teaches Discarding the electronic messages of the subset of electronic messages (¶29).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Jiang using Shinde to in fact prevent an e-mail bomb attack directed against a singular recipient by not delivering the attack messages thereby not flooding the recipient's inbox with deluge of emails.

Regarding claim 2, Jiang, Teksecurityblog reference and Shinde teach the limitations of claim 1. Jiang further teaches wherein the plurality of electronic messages are a plurality of e-mail messages (¶3).

Regarding claim 3, Jiang, Teksecurityblog reference and Shinde teach the limitations of claim 1. Shinde further teaches wherein the method comprises delivering the electronic messages of the subset of electronic messages if the number of electronic messages of the subset of electronic messages obtained within the pre-defined time interval is at most the number defined by the threshold (Fig. 1, step 106, threshold must be exceeded before spam filtering triggers).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Jiang using Shinde to deliver e-mails not known to be part of an e-mail bomb attack so that the users can use e-mails for communications.

Regarding claim 9, Jiang, Teksecurityblog reference and Shinde teach the limitations of claim 1. Jiang further teaches wherein the method comprises delivering the electronic messages of the plurality of electronic messages that are omitted from the subset of electronic messages (Fig. 3, any e-mail that are not determined to be part of the attack can be delivered as normal).

Regarding claim 12, Jiang, Teksecurityblog reference and Shinde teach the limitations of claim 1. Jiang further teaches wherein the method is executed by an apparatus of an e-mail server, and/or wherein the subset of electronic messages are electronic messages of e-mail notification services (Fig. 4).

Regarding claim 17, Jiang, Teksecurityblog reference and Shinde teach the limitations of claim 1. Jiang further teaches wherein the pre-defined time interval is defined relative to a current time or relative to a time of an event (¶3, e-mail bomb attack can be detected for attacks that are "continuously sending an e-mail spam to a target e-mail box within a short time"; Figs. 1-3, e-mail bomb attacks can be detected continuously within "each detection period within a predetermined number of detection periods").

Regarding claim 18, Jiang, Teksecurityblog reference and Shinde teach the limitations of claim 17. Jiang further teaches wherein the subset of electronic messages is continually updated based on the pre-defined time interval that is defined relative to the current time or relative to the time of the event (¶3, e-mail bomb attack can be detected for attacks that are "continuously sending an e-mail spam to a target e-mail box within a short time"; Figs. 1-3, e-mail bomb attacks can be detected continuously within "each detection period within a predetermined number of detection periods").

Claims 4, 6, 7 and 8 are rejected under 35 U.S.C. § 103 as being unpatentable over Jiang et al. (2015/0033343) in view of Teksecurityblog.com Reference ("How to derail a Business Gmail spam bomb", Teksecurityblog.com, February 11, 2016), further in view of Shinde et al. (2008/0114843), and further in view of Lu et al. (2016/0072749).
Regarding claim 4, Jiang, Teksecurityblog reference and Shinde teach the limitations of claim 1. However, the teachings do not explicitly teach wherein an electronic message of the plurality of electronic messages is omitted from the subset of electronic messages if a plurality of unsuspicious electronic message sender identifiers comprises a sender identifier of the electronic message.
Lu from the same field of endeavor teaches wherein an electronic message of the plurality of electronic messages is omitted from the subset of electronic messages if a plurality of unsuspicious electronic message sender identifiers comprises a sender identifier of the electronic message (¶5, whitelist of email addresses for purposes of spam/junk control).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon the teachings using Lu to more effectively solve problems such as reducing e-mail SPAM by recognizing that messages sent from expected site/domain based on online activities is validated (¶7).

Regarding claim 6, Jiang, Teksecurityblog reference, Shinde and Lu teach the limitations of claim 4. Lu further teaches wherein the plurality of unsuspicious electronic message sender identifiers comprises a first subset of unsuspicious electronic message sender identifiers that is based on previously obtained electronic messages (¶5; ¶42, usage of "whitelists" for controlling undesired SPAM is disclosed), and
a second subset of unsuspicious electronic message sender identifiers that is based on a web browsing history of a user associated with the electronic message recipient (Figs. 3-5; ¶46, a user's browsing history can be tracked; ¶48, a "rule-based criteria" during such tracked browsing history can enable features such as whitelisting a matched incoming email that has a particular domain, or sub-domain).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon the teachings using Lu to more effectively solve problems such as reducing e-mail SPAM by recognizing that messages sent from expected site/domain based on online activities is validated (¶7).

Regarding claim 7, Jiang, Teksecurityblog reference, Shinde and Lu teach the limitations of claim 6. Lu further teaches wherein the method further comprises obtaining information related to the web browsing history of the user associated with the electronic message recipient (Figs. 4 and 5; ¶¶48-50, user browsing history can be tracked for a particular client inbox), and
determining at least a part of the plurality of unsuspicious electronic message sender identifiers based on the information related to the web browsing history of the user associated with the electronic message recipient (Figs. 3-5; ¶46, a user's browsing history can be tracked; ¶48, a "rule-based criteria" during such tracked browsing history can enable features such as whitelisting a matched incoming email that has a particular domain, or sub-domain),
wherein the information related to the web browsing history are obtained from a web proxy server or from a web browser extension (¶46, browser plug-in).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon the teachings using Lu to more effectively solve problems such as reducing e-mail SPAM by recognizing that messages sent from expected site/domain based on online activities is validated (¶7).

Regarding claim 8, Jiang, Teksecurityblog reference, Shinde and Lu teach the limitations of claim 4. Lu further teaches wherein the plurality of unsuspicious electronic message sender identifiers constitutes a whitelist of unsuspicious electronic message sender identifiers (¶¶5-6),
wherein the whitelist is specific to said electronic message recipient (¶51, implementation of the whitelisting system based on user tracked activities can be limited in a "local (client-side)" implementation where a user's machine determines if email is SPAM based on its own full set of tracked websites for matching against detected emails).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon the teachings using Lu to more effectively solve problems such as reducing e-mail SPAM by recognizing that messages sent from expected site/domain based on online activities is validated (¶7).

Claims 5 are rejected under 35 U.S.C. § 103 as being unpatentable over Jiang et al. (2015/0033343) in view of Teksecurityblog.com Reference ("How to derail a Business Gmail spam bomb", Teksecurityblog.com, February 11, 2016), further in view of Shinde et al. (2008/0114843), further in view of Lu et al. (2016/0072749), and further in view of Cai et al. (2006/0168033).
Regarding claim 5, Jiang, Teksecurityblog reference, Shinde and Lu teach the limitations of claim 4. However, the teachings do not explicitly teach wherein the method comprises adding one of more electronic message sender identifiers of the subset of electronic messages to a plurality of unsuspicious electronic message sender identifiers if the number of electronic messages of the subset of electronic messages obtained within the pre-defined time interval is at most the number defined by the threshold.
Cai from the same field of endeavor teaches wherein the method comprises adding one of more electronic message sender identifiers of the subset of electronic messages to a plurality of unsuspicious electronic message sender identifiers if the number of electronic messages of the subset of electronic messages obtained within the pre-defined time interval is at most the number defined by the threshold (Figs. 2 and 3; Abstract, white list for purposes of SPAM message filtering is disclosed; ¶10, SPAM disclosure with respect to e-mail messages is disclosed; ¶29, traffic ability to determine "frequency of messages sent from a particular source" during a specific time interval regarding traffic data block is disclosed; ¶¶32-34, trustworthiness level of a source can be determined based on, for example, total number of message from one source given a particular time period, where decrease of such trustworthiness would determine its inclusion or exclusion from a white list, see also ¶35).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon the combined teachings using Cai to more effectively reduce SPAM messages so that people are not inundated by message that are of no value, which can be up to 90% of all e-mail messages (¶11).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Jakobsson et al. (9,847,973).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAE KIM whose telephone number is (571)270-0621. The examiner can normally be reached Monday-Friday 8AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on (571) 272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAE KIM/
Examiner, Art Unit 2458                                                                                                                                                                                                        

/KEVIN T BATES/
Supervisory Patent Examiner, Art Unit 2458