The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office action is in response to communications filed on 4/3/2020.
Claims 1-18 are pending.
DETAILED ACTION
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/29/2022 is being considered by the examiner.
Claim Objections
Claims 1, 3, 10, and 14 objected to because of the following informalities:  
In claim 1, the phrase “A computer system for detecting anomalies in incoming electronic communication” should be - - A computer system for detecting anomalies in an incoming electronic communication - -.
In claim 3, the term “relationship-based” should be - - relationship based - - for consistency with prior instances of the term.
In claim 10, the phrase “A method for detecting anomalies in incoming electronic communication” should be - - A method for detecting anomalies in an incoming electronic communication - -.
In claim 14, the phrase “A non-transitory computer readable storage medium embodied thereon a program executable” should be - - A non-transitory computer readable storage medium having embodied thereon a program executable - -.
In claim 14, the phrase “the method for detecting anomalies in incoming communication” should be - - the method for detecting anomalies in an incoming communication - -.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13, 15, and 17-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1, the limitations recite “based on sender the receivers organizational indications”. There is insufficient antecedent basis for “the receivers organizational indications” in the claims. For examination purposes, the examiner interprets the limitation as - - based on organizational indications of the sender and the receiver - -.
Claim 1 further recites “combine the identified sets of defensive actions”. There is insufficient antecedent basis for “the identified sets of defensive actions”. For examination purposes, the examiner interprets the limitation as - - the sets of defensive actions - -.
The examiner further notes that claim 1 recites “combining sets of defensive actions associated with the at least one anomaly detection into a single sequence of defensive actions; and combine the identified sets of defensive actions into a single sequence of defensive actions”. It’s unclear if the recited action is performed twice, or, consistent with all other claims, performed only once and the second instance of the action is a typo.
Regarding claims 2-9, the claims invoke, by reference, all of the limitations of claim 1. Therefore, claims 2-9 are rejected for the same reasons as set forth in the rejection of claim 1, above.
Additionally, claim 2 recites “the received incoming electronic communication”. There is insufficient antecedent basis for the limitation in the claims. For examination purposes, the examiner interprets the limitation as - - the incoming electronic communication - -.
Additionally, claim 2 recites “the neural network that includes deep learning algorithms” There is insufficient antecedent basis for the limitation in the claims. For examination purposes, the examiner interprets the limitation as - - a neural network that includes deep learning algorithms - -.
Additionally, claim 2 recites “the relationship based communication classification”. There is insufficient antecedent basis for the limitation in the claims. For examination purposes, the examiner interprets the limitation as - - a relationship based communication classification - -.
Regarding claim 10, the limitations recite “based on sender and the receivers organizational indications”. There is insufficient antecedent basis for “the receivers organizational indications” in the claims. For examination purposes, the examiner interprets the limitation as - - based on organizational indications of the sender and the receiver - -.
Regarding claims 11-13, the limitations invoke, by reference, all of the limitations of claim 10. Therefore, claims 11-13 are rejected for the same reasons as set forth in claim 10, above.
Regarding claim  15, the limitations recite “wherein each detected deliverable anomaly”. There is insufficient antecedent basis for a detected deliverable anomaly in the claims. For examination purposes, the examiner interprets the limitation as - - wherein each detected anomaly - -.
Regarding claim 17, the limitations recite “the received incoming communication”. There is insufficient antecedent basis for a received incoming communication in the claims. For examination purposes, the examiner interprets the limitation as - - the incoming communication - -.
Claim 17 further recites “the neural network that includes deep learning algorithms”. There is insufficient antecedent basis for a “neural network that includes deep learning algorithms”. For examination purposes, the examiner interprets the limitation as - - a neural network that includes deep learning algorithms - -.
Regarding claim 18, the claim invokes, by reference, all of the limitations of claim 17. Therefore, claim 18 is rejected for the same reasons as set forth in the rejection of claim 17, above.
Allowable Subject Matter
Claims 14 and 16 are allowed.
Claims 1-13, 15, and 17-18 would be allowable by overcoming all of the above recited rejections without significant modification of the scope of the claims. 
The closest prior art of record includes:
Gagnon et al. (US 9177293 B1), which discloses a computer system for detecting anomalies in incoming electronic communication from a sender to a receiver (col. 7, lines 33-35 a method and system for use in a computing environment to implement a filter to restrict normal delivery of e-mail messages to a recipient; from Fig. 1, it can be deduced that the email originates from a sender (e.g. see block 106-110, and 118)), comprising: 
an input interface configured to accept a human relationship structure defining a trained association model between the sender and the receiver, and the incoming electronic communication (col. 8, lines 1-8, the rules are applied by simple string matching between email fields and entries found in of the following 5 lists that are maintained jointly by the user and SpamMonster: -The Friends list -The Pre-Approved subjects list -The Undesireable senders list -The Undesireables subjects list -The Auto Senders list"); 
a memory configured to store instructions"A first test determines whether a filter is to be applied to the email, and a second test applies that filter. A first exemplary test is to determine whether an email is from an autosender 106, which if implemented, checks the email against known autosenders or for characteristics common to autosenders 108. If the email is from an authorized autosender, the remainder of the process is bypassed (Done 150), and the next email message is processed. A second exemplary test is to determine whether an email is from a blacklisted sender 110. A third exemplary test is to determine whether the email represents a system message 112 (other than a registration message), that is, a message intended for the system itself, and not for the user. If the message is not a system message, it is then optionally tested for size 114. A fourth exemplary test is whether the message is large, e.g., greater than 25 kB. A large message is rarely from a spammer, a large message may be delivered with low risk. A fifth exemplary test determines whether it contains a black-listed subject word 116. A sixth test determines if the email is from a friend 118. If the email is from an email address on the “Friends” list (whitelist), it is delivered 120"), 
subject to correspondence between content of the incoming electronic communication and the trained association model between the sender and the receiver (col. 8, lines 1-8, the rules are applied by simple string matching between email fields and entries found in of the following 5 lists that are maintained jointly by the user and SpamMonster: -The Friends list -The Pre-Approved subjects list -The Undesireable senders list -The Undesireables subjects list -The Auto Senders list"), 
such that each type of detected anomaly is associated with a set of defensive actions (col. 8, lines 21-50, "A first test determines whether a filter is to be applied to the email, and a second test applies that filter. A first exemplary test is to determine whether an email is from an autosender 106, which if implemented, checks the email against known autosenders or for characteristics common to autosenders 108. If the email is from an authorized autosender, the remainder of the process is bypassed (Done 150), and the next email message is processed. A second exemplary test is to determine whether an email is from a blacklisted sender 110. A third exemplary test is to determine whether the email represents a system message 112 (other than a registration message), that is, a message intended for the system itself, and not for the user. If the message is not a system message, it is then optionally tested for size 114. A fourth exemplary test is whether the message is large, e.g., greater than 25 kB. A large message is rarely from a spammer, a large message may be delivered with low risk. A fifth exemplary test determines whether it contains a black-listed subject word 116. A sixth test determines if the email is from a friend 118. If the email is from an email address on the “Friends” list (whitelist), it is delivered 120"); 
a processor configured to compute an updated association model between the sender and the receiver, based on sender and the receivers organizational indications using the content of the incoming electronic communication (col. 8, lines 65-67, "adding the sender to the blacklist, producing a system warning, producing a lockout (temporary or manually resettable) to impede an attack, or the like"; col. 9, lines 33-41, "The Undesirable senders list is a list of senders that are “black listed”, and thus are bounced no matter what. Entries in that list could include specific political organizations, likely phishing threats, e.g., PayPal, on-line banks, etc., with which the recipient has no established relationship. Further, even if there is a relationship, the email could be scrutinized for the existence of hyperlinks to third party sites or IP addresses, different from the domain of the apparent email sender").
Jeyakumar et al. (US 20200204572 A1), which discloses “threat detection platforms designed to collect and examine emails in order to identify security threats to an enterprise” (¶[0017]), where by “establishing what constitutes normal behavior traits and/or normal email content, the enterprise can be protected against new, sophisticated attacks such as employee impersonation, vendor impersonation, fraudulent invoices” (¶[0018]). It leverages “machine learning, heuristics, rules, human-in-the-loop feedback and labeling, or some other technique for detecting an attack (e.g., in real time or near real time) based on features extracted from a communication (e.g., an email), attributes of the communication (e.g., recipient, sender, content, etc.), and/or datasets/information unrelated to communications” (¶[0046]).
Hall (US 11258811 B2), which discloses “analysis modules” that “can be configured to parse, process, or otherwise interpret predetermined atomic components of the header 210 and the body 220” of a message (col. 9, lines 56-62). It further teaches classifying parsed data into threat levels (see col. 10, lines 25-46). 
However, none of the references teach, singly or in combination, the claimed limitations of “compute an updated association model between the sender and the receiver, based on sender and the receivers organizational indications using the content of the incoming electronic communication; execute the one or more neural network by submitting to the one or more neural network the incoming electronic communication and the updated association model to produce a result of at least one anomaly detection and anomaly classification type, and then, combining sets of defensive actions associated with the at least one anomaly detection into a single sequence of defensive actions; and combine the identified sets of defensive actions into a single sequence of defensive actions” as recited by claim 1, and similarly stated in claims 10 and 14.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BORIS D GRIJALVA LOBOS whose telephone number is (571)272-0767. The examiner can normally be reached M-F 10:30AM to 6:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BORIS D GRIJALVA LOBOS/Primary Patent Examiner, Art Unit 2446