Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Examiner has incorporated Lee US 2021/0234882 to meet the claims as amended, which include APT attacks and a focus on an adversary.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10, 12-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Segal US 2018/0219903 in view of in view of Dhakshinamoorthy US 2019/0109872 in view of Lee US 20210234882
As per claim 1. Segal teaches A method for verifying a target system against one or more security threats, the method comprising: instantiating a user interface for communicating with an attack vector infrastructure configured to generate attack vectors in a controlled environment; receiving, via the user interface, a selection of a threat type; receiving, via the user interface, a selection of one or more selectable parameters for delivery of the threat type to the target system; communicating, by the user interface to the attack vector infrastructure, data indicative of the selected threat type and the selected parameters; in response to receiving the data: accessing by the attack vector infrastructure a base binary executable and a library comprising functions for generating by the attack vector infrastructure attack vectors; adding by the attack vector infrastructure to the base binary executable, one or more functions from the library based on the selected threat type and the selected parameters; and generating a payload that implements the selected threat type and the selected parameters in a delivery format based on the selected parameters.  [0026][0027][0041][0095] [0164]-[0166][0180]-[0186]
(Segal teaches a penetration testing system which iteratively generates attack vectors, and or uses selectable parameters as configured by a user by using an interface.  Segal teaches a library of scenarios that may be created and or predefined and used in the penetration test system and executed by the system.  Segal teaches the attack includes an attack agent execution module which is loaded in the target node and serves as a payload)
Although Examiner believes the attack methods of Segal constitute attack vectors, Examiner has included Dhakshinamoorthy to explicitly teach said features.

Dhakshinamoorthy explicitly teaches vectors and payloads [0030][0031][0033] (applications tested for different attack vectors, injection attacks, files)
It would have been obvious to use the different attack vectors of Dhakshinamoorthy with the system of Segal because it increases the changes of improving network security.

Lee teaches the selected parameters define techniques for an advanced persistent threat group and wherein the selected parameters are usable to configure the attack vectors to be focused on a selected adversary. [0035][0070][0071][0073][0075] (Lee teaches techniques to simulate attacks and defense including recording and simulating attacks of adversaries including APT methods)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the method of Lee with the previous combination because it provides a more focused and efficient method to test defenses against specific malicious actors.

As per claim 2. Segal teaches The method of claim 1, wherein the selected threat type and the selected parameters are defined using JavaScript Object Notation (JSON). [0230][0231] (javascript)As per claim 3. Segal teaches The method of claim 1, wherein the selectable parameters comprise templates defining predetermined attack scenarios. [0181][0182]

As per claim 4, Dhakshinamoorthy teaches  The method of claim 1, further comprising generating fuzzed payloads that are variants of the generated payload. [0098]  (fuzz attack vectors)As per claim 5. Dhakshinamoorthy teaches  The method of claim 4, wherein the fuzzed payloads are generated by randomly varying the selectable parameters.  [0033] (random)As per claim 6. Dhakshinamoorthy teaches  The method of claim 4, wherein the fuzzed payloads are generated by deterministically varying the selectable parameters. [0078][0082] (receiving new inputs for more targeted attacks using a feedback loop) As per claim 7. Dhakshinamoorthy teaches  The method of claim 4, wherein the fuzzed payloads are generated based on machine learning.  [0040] (machine learning)
As per claim 8. Segal teaches A computing device configured to detect unauthorized use of user credentials in a network implementing an authentication protocol, the computing device comprising: a processor; a storage device coupled to the processor; an application stored in the storage device, wherein execution of the application by the processor configures the computing device to perform acts comprising: receiving, via a user interface, a selection of a threat type for an attack vector for verifying defensive capabilities of a target system; receiving, via the user interface, a selection of one or more selectable parameters for delivery of the threat type to the target system; in response to selection of the threat type and the selected parameters: accessing a base binary executable and a library comprising functions for generating attack vectors; adding, to the base binary executable, one or more functions from the library based on the selected threat type and the selected parameters; and generating a payload that implements the selected threat type and the selected parameters in a delivery format based on the selected parameters. [0026][0027][0041][0095] [0164]-[0166][0180]-[0186]
(Segal teaches a penetration testing system which iteratively generates attack vectors, and or uses selectable parameters as configured by a user by using an interface.  Segal teaches a library of scenarios that may be created and or predefined and used in the penetration test system and executed by the system.  Segal teaches the attack includes an attack agent execution module which is loaded in the target node and serves as a payload)
Although Examiner believes the attack methods of Segal constitute attack vectors, Examiner has included Dhakshinamoorthy to explicitly teach said features.

Dhakshinamoorthy explicitly teaches vectors and payloads [0030][0031][0033] (applications tested for different attack vectors, injection attacks, files)
It would have been obvious to use the different attack vectors of Dhakshinamoorthy with the system of Segal because it increases the changes of improving network security.

Lee teaches the selected parameters define techniques for an advanced persistent threat group and wherein the selected parameters are usable to configure the attack vectors to be focused on a selected adversary. [0035][0070][0071][0073][0075] (Lee teaches techniques to simulate attacks and defense including recording and simulating attacks of adversaries including APT methods)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the method of Lee with the previous combination because it provides a more focused and efficient method to test defenses against specific malicious actors.
As per claim 9.  Segal teaches The computing device of claim 8, wherein the user interface is a graphical user interface comprising an interactive area configured to enable selection of the selectable parameters.  [0130][0135] (GUI selection of parameters)As per claim 10.  Segal teaches The computing device of claim 8, wherein the selectable parameters comprise tags or labels that identify one or more properties for generating samples or attack simulations. [0181]-[0186] (templates, attack labels, goals, targets, strategy)As per claim 12. Segal teaches The computing device of claim 8, wherein the selectable parameters comprise templates defining predetermined attack scenarios. [0181][0182] (predefined scenarios)As per claim 13. Dhakshinamoorthy teaches  The computing device of claim 8, wherein the acts comprise generating fuzzed payloads that are variants of the generated payload. [0098]  (fuzz attack vectors)As per claim 14. Dhakshinamoorthy teaches  The computing device of claim 13, wherein the fuzzed payloads are generated by randomly varying the selectable parameters. [0033] (random)As per claim 15. Dhakshinamoorthy teaches  The computing device of claim 13, wherein the fuzzed payloads are generated by deterministically varying the selectable parameters. [0078][0082] (receiving new inputs for more targeted attacks using a feedback loop) As per claim 16. Dhakshinamoorthy teaches   The computing device of claim 13, wherein the fuzzed payloads are generated based on machine learning. [0040] (machine learning)As per claim 17.  Segal teaches A computer-readable medium having stored thereon a plurality of sequences of instructions which, when executed by a processor, cause the processor to perform a method comprising: receiving, via a user interface, a selection of a threat type for an attack vector for verifying defensive capabilities of a target system; receiving, via the user interface, a selection of one or more selectable parameters for delivery of the threat type to the target system; in response to selection of the threat type and the selected parameters: accessing a base binary executable and a library comprising functions for generating attack vectors; adding, to the base binary executable, one or more functions from the library based on the selected threat type and the selected parameters; and generating a payload that implements the selected threat type and the selected parameters in a delivery format based on the selected parameters. [0026][0027][0041][0095] [0164]-[0166][0180]-[0186]
(Segal teaches a penetration testing system which iteratively generates attack vectors, and or uses selectable parameters as configured by a user by using an interface.  Segal teaches a library of scenarios that may be created and or predefined and used in the penetration test system and executed by the system.  Segal teaches the attack includes an attack agent execution module which is loaded in the target node and serves as a payload)
Although Examiner believes the attack methods of Segal constitute attack vectors, Examiner has included Dhakshinamoorthy to explicitly teach said features.

Dhakshinamoorthy explicitly teaches vectors and payloads [0030][0031][0033] (applications tested for different attack vectors, injection attacks, files)
It would have been obvious to use the different attack vectors of Dhakshinamoorthy with the system of Segal because it increases the changes of improving network security.
        Lee teaches the selected parameters define techniques for an advanced persistent threat group and wherein the selected parameters are usable to configure the attack vectors to be focused on a selected adversary. [0035][0070][0071][0073][0075] (Lee teaches techniques to simulate attacks and defense including recording and simulating attacks of adversaries including APT methods)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the method of Lee with the previous combination because it provides a more focused and efficient method to test defenses against specific malicious actors.
As per claim 18. Segal teaches The computer-readable medium of claim 17, wherein the selectable parameters comprise templates defining predetermined attack scenarios. [0181][0182] (predefined scenarios)As per claim 19. Dhakshinamoorthy teaches The computer-readable medium of claim 17, further comprising a plurality of sequences of instructions which, when executed by a processor, cause the processor to perform a method comprising generating fuzzed payloads that are variants of the generated payload. [0098]  (fuzz attack vectors)As per claim 20. Dhakshinamoorthy teaches The computer-readable medium of claim 19, wherein the fuzzed payloads are generated based on machine learning. [0040] (machine learning)


Claim  11  is/are rejected under 35 U.S.C. 103 as being unpatentable over Segal US 2018/0219903 in view of Dhakshinamoorthy US 2019/0109872 in view of Lee US 20210234882 in view of Sites US 2019/0356679

As per claim 11. Sites teaches The computing device of claim 8, wherein the delivery format comprises one or more of a macro, zip file, or email. [0063] (email)
It would have been obvious to one of ordinary skill in the art to include the delivery format of email with the prior art because it is a well known delivery system for vulnerability detection of phishing.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439