Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
Applicant’s election without traverse of claims 1-6 in the reply filed on 8/24/2022 is acknowledged. The examiner further notes that in view of the canceled, amended, and newly added claims, claims 1-6, 10, 12, and 14-24 will be examined on the merits below.

Response to Amendment
This is in response to the amendments filed on 8/24/2022 Claims 10, 12, and 14-16 have been amended. Claims 7-9, 11, and 13 have been canceled. Claims 1-6, 10, 12, and 14-24 are currently pending and have been considered below.  

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 14-17 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Specifically, claim 14 was amended to recite the term “acquiring an additional email” with respect to the functions carried out by claim 14 and subsequent claims 15-17. However claim 14 was amended to depend upon claim 1 which discloses subject matter that is not disclosed as being used in conjunction with the subject matter of claim 14. Specifically, claim 1 recites the limitation “acquire an incoming email” and then recites further limitations involving the acquired incoming email, while claim 14 recites “acquire an additional incoming email” in addition to further limitations involving the additional incoming email, however this acquired additional incoming email does not appear supported by Applicant’s Disclosure when considered in view of claim 1’s limitations. Furthermore, when claim 14 is interpreted, there are now two, separate emails being acquired (i.e., “an incoming email” and “an additional incoming email”), with each email being directed towards distinct limitations (see Requirement for Restriction/Election mailed on 6/28/2022) and thus also do not appear supported by Applicant’s Disclosure as a combination of limitations.
 In order to sufficiently overcome the above, Applicant should amend and/or cancel any of the claims at issue, or refer to specific sections within Applicant’s Disclosure that directly supports the above contended claim limitations.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3-6, 12, and 18-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Srivastava” (US 2017/0324767) in view of “Scott-Cowley” (US 2012/0233662).

Regarding Claim 1:
Srivastava teaches:
A system (Fig. 1), comprising: 
a processor configured to: 
	…
acquire an incoming email addressed to the employee (¶0032, “The email transfer agent 118 operates to interact with sending email transfer agents from outside the enterprise to receive email messages destined for email users having an email address within the enterprise”); 
extract a primary attribute from the incoming email by parsing content of the incoming email and/or metadata associated with the incoming email (Fig. 6, step 602; ¶0089, “In some embodiments… email security unit 120, when processing the incoming email, extracts a predetermined set of properties of the incoming email message. An example set of properties may include … all header fields, attachments and attachment types, message content. At least some of the extracted properties … is then provided to the predictive analyzer 148 …”); 
derive a secondary attribute based on the primary attribute (Fig. 6, step 604; ¶0090, “Based upon properties of the incoming email message, at operation 604, predictive analyzer 148 queries email relationship graph 146 … The querying may request information from email relationship graph 146 related to the sender, recipient, and/or message corresponding to the incoming email. For example, the querying may include one or more queries based upon the sender, recipient, sender domain, sender MTA, an attachment, an embedded content, selected header fields …”; ¶0092, “At operation 608 results are obtained for the queries performed at operations 604 and 606”; i.e., query for secondary results based upon the extracted information from the received email); and 
determine whether the incoming email deviates from past email activity (¶0010, “ … the recipient interaction profile may further include information regarding, for respective email senders from the plurality of email senders from whom email messages have previously been received for the first email account holder, one or more summary attributes characterizing messages sent by the respective email sender to the first account holder”) by comparing the primary and secondary attributes to a communication profile associated with the employee (¶0093, “At operation 610, the results obtained … are analyzed to determine whether the incoming email message poses a threat. This operation may include assigning a score to the incoming email message … The scoring may include determining … a recipient interaction score based upon the recipient interaction profile”; ¶0081, “Each email recipient in an enterprise may have a respective recipient interaction profile 502…”; ¶0082 details that each recipient profile contains information identifying the recipient and a plurality of attributes that characterize past email activity associated with the recipient); and 
a memory coupled to the processor and configured to provide the processor with instructions.
Srivastava does not disclose:
receive input indicative of an approval to access emails delivered to an employee of an enterprise; 
Scott-Cowley teaches:
receive input indicative of an approval to access emails delivered to an employee of an enterprise (¶0027, “… all of the elements shown in FIG. 1A are under the control of a single organization or enterprise, such as a corporation”; ¶0055, “If the authorized user 112 decides to grant access, he can respond to the access permission request 510 by sending 512 to the email server 106 an access permission authorization 514 granting access to the access-restricted email”; i.e., receive input from an user that grants access to the user’s emails to another entity); 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Srivastava’s system for detecting email-based attacks by enhancing Srivastava’s system to receive authorization that another entity may access an enterprise user’s email, as taught by Scott-Cowley, in order to prevent unauthorized entities from obtaining the user’s emails.
	The motivation is to enable a user to determine whether they wish to participate in a system that requires the user’s emails being forwarded to the system by giving the user authorization control. This prevents unknown or unauthorized systems from obtaining the user’s emails without the user’s knowledge.

Regarding Claim 3:
The system of claim 1, wherein Srivastava in view of Scott-Cowley further teaches the communication profile includes primary and secondary attributes of past emails delivered to the employee determined to be representative of safe communications (Srivastava, Fig. 5A; ¶0082, “Example recipient interaction profile 502 as shown in FIG. 5A includes information (e.g., a unique identification, full email address) identifying the recipient 504, and a plurality of attributes 506. The plurality of attributes 506 may include… senders from whom recipient has received emails…”; ¶0025, “An email message may be considered to pose a threat if the system determines that email message to be likely, for example, to contain a phishing attack, to be part of a slow-and-low social engineering attack, to include malicious weblinks, to contain malicious active content, to be an email from a known suspicious or malicious sender/actor, to include another type of email-based attack, or the like. The analysis may be based upon one or both of a recipient interaction profile”; ¶0093, “At operation 610, the results obtained … are analyzed to determine whether the incoming email message poses a threat”; i.e., the recipient interaction profile contains attributes that are used to determine whether an email is deemed safe or a threat). 

Regarding Claim 4:
The system of claim 3, wherein Srivastava in view of Scott-Cowley further teaches said determining includes discovering whether the primary attribute, the secondary attribute, or the combination of the primary and secondary attributes is included in the communication profile (Srivastava, ¶0025, “An email message may be considered to pose a threat if the system determines that email message to be likely, for example, to contain a phishing attack, to be part of a slow-and-low social engineering attack, to include malicious weblinks, to contain malicious active content, to be an email from a known suspicious or malicious sender/actor, to include another type of email-based attack, or the like. The analysis may be based upon one or both of a recipient interaction profile…”; i.e., determine, by using the attributes within the recipient interaction profile, whether an email is a threat).

Regarding Claim 5:
The system of claim 1, wherein Srivastava in view of Scott-Cowley further teaches the primary attribute is sender display name, sender username, Sender Policy Framework (SPF) status, DomainKeys Identified Mail (DKIM) status, number of attachments, number of links in a body of the incoming email, country of origin, information in a header of the incoming email, or an identifier embedded in metadata associated with the incoming email (Srivastava, Fig. 5A; ¶0082, “Example recipient interaction profile 502 as shown in FIG. 5A includes information (e.g., a unique identification, full email address) identifying the recipient 504”).

Regarding Claim 6:
The system of claim 1, wherein Srivastava in view of Scott-Cowley further teaches the processor is further configured to: 
establish that the incoming email does not represent a security risk (Srivastava, ¶0094, “If it is determined at operation 610, that the incoming email does not pose a threat (e.g., categorized with a trust rating of safe)…”); and 
update the communication profile by creating an entry that programmatically associates the first and second attributes (Srivastava, ¶0094, “… then at operation 612, some processing action may be performed that does not consider the incoming email as a threat, and the email relationship graph 146 is updated to reflect that a message, with the parameters of the present message's parameters, was found not to pose a threat.”).

Regarding Claim 12:
The system of claim 6, wherein Srivastava in view of Scott-Cowley further teaches said establishing comprises employing a crawling algorithm to extract information regarding a secondary link that is embedded in an attachment to the incoming email or accessible via a website linked to by a primary link in the incoming email (Srivastava, ¶0037, “In some example embodiments, crawler 112 “crawls” email store 116 to access respective stored emails and, for respective stored emails, extract information such as… web links …”).

Regarding Claims 18 and 19:
Method claim 18 and computer program product claim 19 each correspond to system claim 1 and contain no further limitations. Thus claims 18 and 19 are each rejected by applying the same rationale used to reject claim 1 above.

Regarding Claim 20:
The system of claim 1, wherein Srivastava in view of Scott-Cowley further teaches the processor is further configured to perform an action with respect to the incoming email based at least in part on the determination (Srivastava, ¶0094, “If it is determined at operation 610, that the incoming email does not pose a threat (e.g., categorized with a trust rating of safe), then at operation 612, some processing action may be performed that does not consider the incoming email as a threat”).

Regarding Claim 21:
The system of claim 20, wherein Srivastava in view of Scott-Cowley further teaches performing the action comprises forwarding the incoming email to an inbox of the employee (Srivastava, ¶0102, “At operation 710, the action taken by the recipient in response to receiving the message is determined, and this action information is stored in the graph 146 in association with the message. For example, when an email is received by a recipient, the recipient can take following actions in response; open the email”).

Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Srivastava” (US 2017/0324767) in view of “Scott-Cowley” (US 2012/0233662) in further view of “Campbell” (US 2004/0117450).

Regarding Claim 2:
Srivastava in view of Scott-Cowley teaches:
The system of claim 1, …
Srivastava in view of Scott-Cowley does not disclose:
… wherein the processor is further configured to establish, via an application programming interface, a connection with an email system employed by the enterprise. 
Campbell teaches:
… wherein the processor is further configured to establish, via an application programming interface, a connection with an email system employed by the enterprise (¶0027, “Email concentrator 112 can also optionally include application programming interface (API) 314. API 314 provides external access to the email store 306. In one implementation, a filter or virus scanning application, implemented either on the residential gateway device 110 or as a service in a client computer system 106, accesses email stored in the email store 306 through API 314”). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Srivastava in view of Scott-Cowley’s system for detecting email-based attacks by enhancing Srivastava in view of Scott-Cowley’s incoming mail system to connect to other email systems via an application programming interface, as taught by Campbell, in order to establish a standardized means for email systems to communicate with each other.
	The motivation is to incorporate an email-based application programming interface that standardizes connections across email systems in order to homogenize communications between various email platforms and thus making the systems easier to communicate with. 

Claim(s) 10 and 22-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Srivastava” (US 2017/0324767) in view of “Scott-Cowley” (US 2012/0233662) in further view of “Bruss” (US 10397272).

Regarding Claim 10:
Srivastava in view of Scott-Cowley teaches:
The system of claim 6, …
Srivastava in view of Scott-Cowley does not disclose:
… wherein said establishing comprises applying a deep learning model to understand content, sentiment, and/or tone of the incoming email (Col. 3, lines 56-60, “… a plurality of meta-features associated with the email; feed the text-embedded text and the plurality of meta-features into a neural network classifier; and based on an output of the neural network classify, determine whether the email is suspicious”).
Bruss teaches:
… wherein said establishing comprises applying a deep learning model to understand content, sentiment, and/or tone of the incoming email (Col. 3, lines 56-60, “… a plurality of meta-features associated with the email; feed the text-embedded text and the plurality of meta-features into a neural network classifier; and based on an output of the neural network classify, determine whether the email is suspicious”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Srivastava in view of Scott-Cowley’s system for detecting email-based attacks by enhancing Srivastava in view of Scott-Cowley’s detection method to utilize a neural network classifier, as taught by Bruss, in order to implement established artificial intelligence means to detect whether emails are malicious.
	The motivation is to utilize advance modeling to more accurately detect whether emails are malicious which results in fewer false negatives and thus gives a system for detecting email-based attacks a greater likelihood in catching malicious emails.

Regarding Claim 22:
Srivastava in view of Scott-Cowley teaches:
The system of claim 1, …
Srivastava in view of Scott-Cowley does not disclose:
… wherein performing the action further comprises applying a model to the incoming email.
Bruss teaches:
… wherein performing the action further comprises applying a model to the incoming email (Col. 4, lines 61-67 & Col. 5, lines 1-3, “… email server 110 may receive emails … MTA filter 120 may transmit the remaining emails to attack-detection server 140 … attack-detection 140 may analyze all emails sent from MTA filter 120”; Col. 5, lines 26-30, “An analyst may access the analyst device 150 and determine whether the emails are malicious. The determination may be sent back to attack-detection server 140, which may then refine its analysis models”; Col. 7, lines 1-10, “The inventors found a surprising benefit in segmenting email data and utilizing different models for different types of data”; i.e., further processing emails at an attack-detection server that applies different malicious models to determine whether the emails are malicious).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Srivastava in view of Scott-Cowley’s system for detecting email-based attacks by enhancing Srivastava in view of Scott-Cowley’s detection method to multiple models for different types of malicious emails, as taught by Bruss, in order to benefit the system in locating malicious emails more accurately.
	The motivation is more accurately detect whether an email is malicious by utilizing multiple models that are tailored towards specific types of email data. This has the benefit of reducing false detections and enhancing the security of the system.

Regarding Claim 23:
The system of claim 22, wherein Srivastava in view of Scott-Cowley in further view of Bruss teaches the model is one of multiple models applied to the incoming email responsive to determining that the incoming email may be a malicious email (Bruss, Col. 7, lines 1-10).
The motivation to reject claim 23 under Bruss is the same motivation used to combine Bruss to Srivastava in view of Scott-Cowley for claim 22 above.

Regarding Claim 24:
The system of claim 23, wherein Srivastava in view of Scott-Cowley in further view of Bruss teaches each model of the multiple models is associated with a different type of malicious email (Bruss, Col. 7, lines 1-10).
The motivation to reject claim 23 under Bruss is the same motivation used to combine Bruss to Srivastava in view of Scott-Cowley for claim 22 above.


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491