Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Application Status
Present office action is in response to application filed 11/10/2021. Claims 1-9 are currently pending in the application.
Claim Rejections - 35 USC § 101
	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more.
	In regard to independent Claim 14, analyzed as representative claim:
	Step 1: Statutory Category?
	Independent Claim 14 recites “A method, comprising:”. Independent Claim 14 falls within the “process” category of 35 U.S.C. § 101.
	Step 2A – Prong 1: Judicial Exception Recited?
	The Revised 2019 Memorandum is applied as shown in the Independent Claim 14/Revised 2019 Guidance Table below to identify in italics the specific claim limitations found to recite an abstract idea and in bold the additional (non-abstract) claim limitations.
Independent Claim 14
Revised 2019 Guidance
A method, comprising: at a method, comprising: at a computing platform comprising at least one processor, a communication interface, and memory::
A method is a statutory subject matter class. See 35 U.S.C. § 101 (“Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.”).
The computing platform comprising at least one processor, a communication interface, and memory is an additional non-abstract limitation.
[a] generating, by the at least one processor, a simulated attack message, the simulated attack message including a plurality of elements
Abstract: generating a simulated attack message, the simulated attack message including a plurality of elements could be performed alternatively as a mental process, i.e., concept performed in the human mind or using pencil and paper (including an observation, evaluation, judgment, opinion) and a “[c]ertain method[] of organizing human activity. . . managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions).”. See January 2019 Memorandum, 84 Fed. Reg. at 52.

The at least one processor is an additional non-abstract limitation.
[b] sending, by the at least one processor, via the communication interface, the simulated attack message to an enterprise user device
Sending the simulated attack message is insignificant extra-solution activity (i.e., data transmission). 2019 Revised Guidance; see also MPEP § 2106.05(g).
The at least one processor, communication interface and enterprise user device are additional non-abstract limitations.
[c] receiving, by the at least one processor, from the enterprise user device, user selections annotating selected elements of the plurality of elements of the simulated attack message
Receiving data is insignificant extra-solution activity (i.e., data gathering). 2019 Revised Guidance; see also MPEP § 2106.05(g).

Abstract: annotating selected elements of the plurality of elements of the simulated attack message could be performed alternatively as a mental process, i.e., concept performed in the human mind or using pencil and paper (including an observation, evaluation, judgment, opinion) and a “[c]ertain method[] of organizing human activity. . . managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions).”. See January 2019 Memorandum, 84 Fed. Reg. at 52.
The at least one processor and enterprise user device are additional non-abstract limitations.
[d] identifying, by the at least one processor, one or more training areas for the user based on the user selections received from the enterprise user device
Abstract Idea: identifying one or more training areas for the user based on the user selections could be performed alternatively as a mental process, i.e., concept performed in the human mind or using pencil and paper (including an observation, evaluation, judgment, opinion) and a “[c]ertain method[] of organizing human activity. . . managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions).”. See January 2019 Memorandum, 84 Fed. Reg. at 52.
The at least one processor and enterprise user device are additional non-abstract limitations.
[e] generating, by the at least one processor, a customized training module specific to the identified one or more training areas
Abstract Idea: generating a customized training module specific to the identified one or more training areas could be performed alternatively as a mental process, i.e., concept performed in the human mind or using pencil and paper (including an observation, evaluation, judgment, opinion) and a “[c]ertain method[] of organizing human activity. . . managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions).”. See January 2019 Memorandum, 84 Fed. Reg. at 52.
The at least one processor is an additional non-abstract limitation.
[f] and sending, by the at least one processor, the customized training module to the enterprise user device, wherein sending the customized training module to the enterprise user device causes the enterprise user device to display the customized training module
Sending the customized training module to display the customized training module is insignificant extra-solution activity (i.e., data transmission and presentation). 2019 Revised Guidance; see also MPEP § 2106.05(g).
The at least one processor and enterprise user device are additional non-abstract limitations.


	It is apparent that, other than reciting the additional non-abstract limitations noted in the Independent Claim 14/Revised 2019 Guidance Table above, nothing in the claim precludes the steps from practically being performed by a human as a certain method of organizing human activity. . . managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions), in the mind, and/or using pen and paper. The mere nominal recitation of the additional elements and automation of a manual process does not take the claim out of the certain method of organizing human activity and mental processes groupings. Accordingly, the claim recites an abstract idea under Step 2A: Prong 1.
	Step 2A – Prong 2: Integrated into a Practical Application?
	The body of the claim, as noted in the Independent Claim 14/Revised 2019 Guidance Table above, recites the additional limitation of the computing platform comprising at least one processor, a communication interface, and memory, and enterprise user device at a high level of generality. The originally filed Specification provides supporting exemplary, non-limiting descriptions of generic computer components, for example at: ¶ 33:… Referring to FIG. 1A, computing environment 100 may include various computer systems, computing devices, networks, and/or other operating infrastructure. For example, computing environment 100 may include a cybersecurity training computing platform 110, a first enterprise user device 120, a second enterprise user device 130, an administrator computing device 140, and a network 190…; ¶ 34: Network 190 may include one or more wired networks and/or one or more wireless networks that interconnect cybersecurity training computing platform 110, first enterprise user device 120, second enterprise user device 130, administrator computing device 140, and/or other computer systems and/or devices. In addition, each of cybersecurity training computing platform 110, first enterprise user device 120, second enterprise user device 130, and administrator computing device 140 may be special purpose computing devices configured to perform specific functions, as illustrated in greater detail below, and may include specific computing components such as processors, memories, communication interfaces, and/or the like. The lack of details about the additional element indicates that the above-mentioned additional elements are generic computer components, performing generic functions. See Intellectual Ventures I LLC v. Erie Indem. Co., 850 F.3d 1315, 1331 (Fed. Cir. 2017) (“The claimed mobile interface is so lacking in implementation details that it amounts to merely a generic component (software, hardware, or firmware) that permits the performance of the abstract idea, i.e., to retrieve the user-specific resources.”). The use of the additional limitation of the computing platform comprising at least one processor, a communication interface, and memory, and enterprise user device, as noted in the Independent Claim 14/Revised 2019 Guidance Table above, to perform the abstract idea is no more than a generic computer implementation of a mental process/method of organizing human activity which is insufficient to take the invention out of the realm of abstract ideas. The instant claim as a whole merely uses computer instructions to implement the abstract idea on a computer or, alternatively, merely uses a computer as a tool to perform the abstract idea. The “‘mere automation of manual processes using generic computers’ . . . ‘does not constitute a patentable improvement in computer technology,’” Trading Techs. Int’l v. IBG LLC, 921 F.3d 1378, 1384 (Fed. Cir. 2019) (quoting Credit Acceptance Corp. v. Westlake Servs., 859 F.3d 1044, 1055 (Fed. Cir. 2017). Any improvements provided by the claim are in the abstract realm, and they are insufficient to integrate the recited abstract idea into a practical application. See Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66, 90 (2012) (holding that a novel and nonobvious claim directed to a purely abstract idea is, nonetheless patent-ineligible). See also Synopsys, 839 F.3d at 1151 (“[A] claim for a new abstract idea is still an abstract idea.”) (Emphasis omitted). Hence, the claim does not recite an improvement to the functionality of a computer or other technology or technical field. See MPEP § 2106.05(a). The claim only recites use of generic, or part of generic devices (generic computer hardware or software), performing their generic functions and as such do not apply the judicial exception with a particular machine. See MPEP §2106.05(b). The end result of predicting a learning effect by filtering does not effect a transformation or reduction of a particular article to a different state or thing, e.g., a process that transforms raw, uncured synthetic rubber into precision-molded synthetic rubber products, as discussed in Diehr, 450 U.S. at 184, 209 USPQ at 21. See MPEP § 2106.05(c). The claim fails to add meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment, namely a computing device, to transform the judicial exception into patent-eligible subject matter. See MPEP § 2106.05(e). The claim as a whole merely describes how to generally “apply” the concept of managing innovation challenges. See MPEP § 2106.05(f). The claim limitation amounts to merely indicating a field of use or technological environment (a computer) in which to apply a judicial exception and, as such, cannot integrate the judicial exception into a practical application. See MPEP § 2106.05(h). The instant claim as a whole merely uses computer instructions to implement the abstract idea on a computer or, alternatively, merely uses a computer as a tool to perform the abstract idea. Any improvements provided by the claim are in the abstract realm, and they are insufficient to integrate the recited abstract idea into a practical application. See Elec. Power Grp. LLC v. Alstom, 830 F.3d 1350, 1353 (Fed. Cir. 2016) (pointing out “that merely presenting the results of abstract processes of collecting and analyzing information, without more (such as identifying a particular tool for presentation), is abstract as an ancillary part of such collection and analysis”). Hence, as per MPEP §§ 2106.05(a)–(c), (e)–(h), Claim 14 recites an abstract idea as identified in Step 2A (Prong 1), above, and none of the limitations integrates the judicial exception into a practical application. Because the abstract idea is not integrated into a practical application, the claim is directed to the judicial exception.
	Step 2B: Claim provides an Inventive Concept?
	As discussed with respect to Step 2A Prong Two, the additional elements in the claim amount to no more than mere instructions to apply the exception using generic computer components. The same analysis applies here in Step 2B, i.e., mere instructions to apply an exception using generic computer components cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. Because the Specification describes the additional limitations in general terms, without describing the particulars, the additional claim limitations may be broadly but reasonably construed as reciting conventional computer components and techniques, particularly in light of the instant Specification, as noted above.
The claim limitations do not recite any technical or technological implementations details for any of the claim steps, but rather functional results to be achieved by any and all means. The details provided do not add any meaningful limitations to the abstract idea. 

For example, the limitation “…sending, by the at least one processor, via the communication interface, the simulated attack message to an enterprise user device” simply describes using “the communication interface” which does not change the fact that receiving or transmitting data over a network is a basic computer function considered under Berkheimer as “well-understood, routine and conventional”. See MPEP 2106.05(d). Furthermore, the Berkheimer Memorandum, Section III (A)(1) explains that a specification that describes additional elements “in a manner that indicates that the additional elements are sufficiently well-known that the specification does not need to describe the particulars of such additional elements to satisfy 35 U.S.C. § 112(a)” can show that the elements are well understood, routine, and conventional); Intellectual Ventures I LLC v. Erie Indem. Co., 850 F.3d 1315, 1331 (Fed. Cir. 2017) (“The claimed mobile interface is so lacking in implementation details that it amounts to merely a generic component (software, hardware, or firmware) that permits the performance of the abstract idea, i.e., to retrieve the user-specific resources.” The Specification does not provide additional details about the computing platform comprising at least one processor, a communication interface, and memory, and enterprise user device that would distinguish the recited components from conventional components, and from generic implementation and as such supports a finding that the operations of the computing platform comprising at least one processor, a communication interface, and memory, and enterprise user device are well-understood, routine, or conventional, as there is nothing in the Specification to indicate that the operations recited in representative Claim 14 require any specialized hardware or inventive computer components or that the claimed invention is implemented using other than generic computer components to perform generic computer functions, e.g., obtaining, deriving and generating information. Indeed, the Federal Circuit, in accordance with Alice, has “repeatedly recognized the absence of a genuine dispute as to eligibility” where claims have been defended as involving an inventive concept based “merely on the idea of using existing computers or the Internet to carry out conventional processes, with no alteration of computer functionality.” Berkheimer v. HP, Inc., 890 F.3d 1369, 1373 (Fed. Cir. 2018) (Moore, J., concurring) (citations omitted); see also BSG Tech, 899 F.3d at 1291 (“BSG Tech does not argue that other, non-abstract features of the claimed inventions, alone or in combination, are not well understood, routine and conventional computer structures and activities. Accordingly, the district court did not err in determining that the asserted claims lack an inventive concept.”). Hence, as per Berkheimer, the claim computer functions of sending (Step [b]), receiving (Step [c]), and sending and displaying (Step [f]) represent insignificant extra-solution activity (i.e., data gathering, transmission and presentation), well-understood, routine, and conventional functions they are claimed in a merely generic manner.
	Taking the claim elements separately, the functions performed by the computing platform comprising at least one processor, a communication interface, and memory, and enterprise user device are expressed purely in terms of results, devoid of technical/technological implementation details. Steps [b], [c] and [f] represent insignificant extra solution activities that the courts have recognized as well-understood, routine, conventional activity in particular fields. Steps [b], [c] and [f] recite generic computer processing expressed in terms of results desired by any and all possible means and so present no more than conceptual advice. All possible inventive aspects reside in how the data is interpreted and the results desired, and not in how the process physically enforces such a data interpretation or in how the processing technologically achieves those results. All of these computer functions are generic, routine, conventional computer activities that are performed only for their conventional uses. See Elec. Power Grp. v. Alstom S.A., 830 F.3d 1350, 1353 (Fed. Cir. 2016). Also see In re Katz Interactive Call Processing Patent Litig., 639 F.3d 1303, 1316 (Fed. Cir. 2011) ("Absent a possible narrower construction of the terms 'processing,' 'receiving,' and 'storing,' ... those functions can be achieved by any general purpose computer without special programming"). None of the claim activities are used in some unconventional manner nor do any produce some unexpected result. Each step does no more than require a generic computer to perform generic computer functions. As to the data operated upon, "even if a process of collecting and analyzing information is 'limited to particular content' or a particular 'source,' that limitation does not make the collection and analysis other than abstract." SAP America, Inc. v. InvestPic LLC, 898 F.3d 1161, 1168 (Fed. Cir. 2018). 
	As stated earlier, any improvements provided by the claim are to a process that is itself abstract. Thus, even when viewed as a whole, nothing in the claim adds significantly more (i.e., an inventive concept) to the abstract idea. The sequence of generating, sending, receiving, identifying, comparing, generating, sending and causing display (displaying) is equally generic and conventional or otherwise held to be abstract. See Ultramercial, 772 F.3d at 715 (sequence of receiving, selecting, offering for exchange, display, allowing access, and receiving payment recited an abstraction), Inventor Holdings, LLC v. Bed Bath & Beyond, Inc., 876 F.3d 1372, 1378 (Fed. Cir. 2017) (holding that sequence of data retrieval, analysis, modification, generation, display, and transmission was abstract), Two-Way Media Ltd. v. Comcast Cable Commc’ns, LLC, 874 F.3d 1329, 1339 (Fed. Cir. 2017) (holding sequence of processing, routing, controlling, and monitoring was abstract). The ordering of the steps is, therefore, ordinary and conventional. The claims recite functions to be performed by any and all possible means, absent any technological details. See Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350, 1351 (Fed. Cir. 2016) (The claims thus do not go beyond "stating [the relevant] functions in general terms, without limiting them to technical means for performing the functions that are arguably an advance over conventional computer and network technology."). For these reasons, there is no inventive concept in the claim, and thus it is ineligible.
In regard to independent Claim 1:
	Independent claim 1 is a computing platform, which falls within the “machine” category of 35 U.S.C. § 101. The computing platform, as in representative independent Claim 14, comprises at least one processor, a communication interface, and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to perform steps comparable to those of representative independent Claim 14. As a result, independent claim 1 is rejected similarly to representative independent Claim 14.
In regard to independent Claim 20:
	Independent claim 20 is one or more non-transitory computer-readable media, which falls within the “machine” category of 35 U.S.C. § 101. The one or more non-transitory computer-readable media storing instructions that, when executed by a computing platform, as in representative independent Claim 14, comprising at least one processor, a communication interface, and memory, cause the computing platform to perform steps comparable to those of representative independent Claim 14. As a result, independent claim 1 is rejected similarly to representative independent Claim 14.
	In regard to the dependent claims:
	Dependent claims 2-13 and 15-19 include all the limitations of independent claim 1 from which they depend and, as such, recite the same abstract idea(s) noted above for claim 1. Dependent claims 2-13 and 15-19 only provide more detailed limitations of the abstract idea, which do not make the abstract idea(s) any less abstract. Each of the additional claim elements, e.g., the email client application (claim 4), the cloud based on-demand educational growth platform (claim 3), the enterprise user device (claims 4-6 and 9) and machine learning model (claims 13 and 18) is recited as being used according to its conventional purpose in a conventional manner. All of the additional claim elements associated computer functions are generic, routine, conventional computer activities that are performed only for their conventional uses. None of the additional claim activities (e.g., displaying data (claim 4, 5, 8 and 19), transmit data (claim 9)) is used in some unconventional manner nor does any produce some unexpected result. An invocation to use known technology in the manner it is intended to be used for its ordinary purpose is both generic and conventional. As per MPEP §§ 2106.05(a)–(c), (e)–(h), none of the limitations of claims 2-13 and 15-19 integrates the judicial exception into a practical application. While dependent claims 2-13 and 15-19 may have a narrower scope than the representative claim, no claim contains an “inventive concept” that transforms the corresponding claim into a patent-eligible application of the otherwise ineligible abstract idea(s). Therefore, dependent claims 2-13 and 15-19 are not drawn to patent eligible subject matter as they are directed to (an) abstract idea(s) without significantly more.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2-6, 8-10, 14-15 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Sadeh-Koniecpol et al. (US 20170103674 A) (Sadeh-Koniecpol) in view of Rajan et al. (US 20080319932 A1) (Rajan).
Re claims 1, 14 and 20:
	[Claim 14]  Sadeh-Koniecpol teaches or at least suggests a method, comprising: at a computing platform comprising at least one processor, a communication interface, and memory (at least Figure 2 and associated text): generating, by the at least one processor, a simulated attack message, the simulated attack message including a plurality of elements; sending, by the at least one processor, via the communication interface, the simulated attack message to an enterprise user device (at least ¶¶ 49-60: Examples of mock attack situations that the system may select and help deliver…); receiving, by the at least one processor, from the enterprise user device, user selected elements of the plurality of elements of the simulated attack message; identifying, by the at least one processor, one or more training areas for the user based on the user selections received from the enterprise user device; generating, by the at least one processor, a customized training module specific to the identified one or more training areas; and sending, by the at least one processor, the customized training module to the enterprise user device, wherein sending the customized training module to the enterprise user device causes the enterprise user device to display the customized training module (at least ¶ 11: selecting the training intervention may include using the sensed action to identify a threat scenario for which the user is at risk; identifying a collection of available training interventions that are relevant to the threat scenario; and selecting from the collection, based on the identified threat scenario, the training intervention to be delivered to the user; ¶ 31: systems and methods may selectively prioritize those areas where the learner needs to be trained and selectively identify conditions where delivery of the training is likely to be most effective; ¶ 32:…methods and systems…sense user behavior and activity, such as a user response to mock attacks to determine user susceptibility to different types of cybersecurity threats and selectively identify training interventions that will be presented to individual users. The ability to tailor the cybersecurity training interventions presented to different users based on their susceptibility to different threats makes it possible to make better use of users' limited attention span when it comes to receiving cybersecurity training…; ¶ 34: training intervention can take many different forms, such as an interactive software training module, a training video, training games or other multimedia training content delivered to the content through one or more output devices…).
Sadeh-Koniecpol appears to be silent on user selections annotating selected elements of the plurality of elements of the simulated attack message. However, the concept and advantages of prompting a user to label a message was old and well-known to one of ordinary skill in the art before the effective filing date of the invention, as evidenced by Rajan (¶ 9: indication of spam is typically achieved by asking the user to press a button to mark an incoming message as spam, but can be accomplished using a variety of techniques). Rajan appears to be silent on annotating selected elements of the plurality of elements of the simulated attack message. However, claiming a plurality of prior art elements (i.e., a message containing a plurality of messages) is not an unobvious distinction over the prior art of record, because using plural elements would have produced a predictable result under § 103. “A mere duplication of parts is not invention.” In re Marcum, 47 F.2d 377, 378 (CCPA 1931); see also In re Harza, 274 F.2d 669, 671 (CCPA 1960)(“It is well settled that the mere duplication of parts has no patentable significance unless a new and unexpected result is produced.”). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, when faced with the issue of assessing the susceptibility of an electronic device user to a cybersecurity threat, to have used the well-known technique of Rajan and modified Sadeh-Koniecpol as claimed to predictably provide enhanced assessments via one or more mock malicious attacks.
	[Claim 1]  The claim is a computing platform which, as in representative independent Claim 14, comprises at least one processor, a communication interface, and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to perform steps comparable to those of representative independent Claim 14. As a result, independent claim 1 is rejected similarly to representative independent Claim 14.
	[Claim 20]  The claim is one or more non-transitory computer-readable media storing instructions that, when executed by a computing platform, as in representative independent Claim 14, comprising at least one processor, a communication interface, and memory, cause the computing platform to perform steps comparable to those of representative independent Claim 14. As a result, independent claim 1 is rejected similarly to representative independent Claim 14.
Re claims 2 and 3:
	[Claims 2 and 3]  Sadeh-Koniecpol in view of Rajan teaches or at least suggests wherein identifying one or more training areas for the user includes calculating a user performance based on the user, wherein the user performance includes a first component based on portions of the simulated attack message correctly selected and a second components based on portions of the simulated attack message correctly not selected (at least Sadeh-Koniecpol: ¶ 32:…tailor the cybersecurity training interventions presented to different users based on their susceptibility to different threats makes it possible to make better use of users' limited attention span when it comes to receiving cybersecurity training; ¶ 44:…the system administrator may review results of the analysis conducted by the policy manager 19 and select one or more training interventions to address those training needs for which one or more users are at a particularly high risk. In that embodiment, the system administrator could launch a training campaign based on a special purpose cartoon to train all those employees who are scheduled to take their corporate laptops out of the country in the next two weeks because, based on the system's training needs model, those employees have been identified as being at a particularly high risk for laptop-related threat scenarios by the analysis conducted by the policy manager 19; ¶ 62: behavior or activity sensors 14 in the cybersecurity training domain include sensors that detect attachments in emails sent or received by a user, sensors to determine whether one or more users access different services over secure connections, sensors to identify the number, type and/or identity of applications installed on a user's mobile phone, sensors to track the physical locations that a user visits, sensors to keep track of the URLs that a user visits. Some sensors 14 can also include, for instance, sensors to detect USB key usage, record browsing history, identify Bluetooth headset use, sensors that detect the number or types of emails received, sensors that inspect the content of emails, and sensors that track the physical location of users…; ¶ 64:…system may sense whether or not the user took an unsafe action by monitoring for a communication from the website operator, the phone number operator, or the user device itself indicating that the user accessed the website, called the phone number, or downloaded and executed the attachment; ¶ 66:…recorded instances where the user failed to conform to expected best practices or apply relevant knowledge covered by the training system; ¶ 67:if a mock attack involved luring the user with a USB memory device that contained fake malware, the system may include in the historical training user data the information on whether or not the user used that memory device within a period of time. Similarly, if the training intervention involved a fake malicious SMS message, the system may include in the historical user training data an indicator of whether or not the user acted upon the message, such as by calling a mock malicious phone number provided with the SMS message or clicking on a mock malicious hyperlink in the SMS message. The operator of the website to which the user links or the phone number that the user calls may serve as a sensor who will then provide information about the user, such as the user's phone number or electronic device identifier, to the training system for inclusion in the historical user training data and/or analysis by a policy manager).
Sadeh-Koniecpol as modified by Rajan appears to be silent on but the calculated performance being a score, as claimed. The Examiner takes OFFICIAL NOTICE That the concept and advantages of performance scoring were old and well known to one of ordinary skill in the art before the effective filing date of the invention. In particular, performance scoring is used in numerous fields. For example, students/trainees are generally evaluated using test. Tests are made of questions which may be made of one or more parts that are each scored. Hence, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, when faced with the issue of providing cybersecurity training based on mock attacks, to have incorporated the old and well-known concept of performance scoring within the teachings of Sadeh-Koniecpol as modified by Rajan to calculate a user performance score as claimed in order to predictably allow rating users and make it easier to communicate performance and determine whether a user should receive a training intervention
Re claims 4-6:
[Claims 4-6]  Sadeh-Koniecpol appears to be silent on wherein the user selections annotating selected elements of the plurality of elements of the simulated attack message are received responsive to displaying the simulated attack message in an email client application, and wherein an initial user selection includes an interaction with the simulated attack message indicating that the simulated attack message has been marked as potentially suspicious or indicating that a user at the enterprise user device fell for the simulated attacked message, (Claim 5) wherein the user selections annotating selected elements of the plurality of elements of the simulated attack message are received responsive to displaying a prompt at the enterprise user device to identify one or more potentially malicious elements of the simulated attack message, (Claim 6) wherein the user selections annotating selected elements of the plurality of elements of the simulated attack message are received responsive to providing, at the enterprise user device, one or more annotation tools to allow user selections of elements of the simulated attack message. However, the concept and advantages of prompting a user to label a message was old and well-known to one of ordinary skill in the art before the effective filing date of the invention, as evidenced by Rajan (¶ 9: indication of spam is typically achieved by asking the user to press a button to mark an incoming message as spam, but can be accomplished using a variety of techniques). Rajan appears to be silent on annotating selected elements of the plurality of elements of the simulated attack message. However, claiming a plurality of prior art elements (i.e., a message containing a plurality of messages) is not an unobvious distinction over the prior art of record, because using plural elements would have produced a predictable result under § 103. “A mere duplication of parts is not invention.” In re Marcum, 47 F.2d 377, 378 (CCPA 1931); see also In re Harza, 274 F.2d 669, 671 (CCPA 1960)(“It is well settled that the mere duplication of parts has no patentable significance unless a new and unexpected result is produced.”). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, when faced with the issue of assessing the susceptibility of an electronic device user to a cybersecurity threat, to have used the well-known technique of Rajan and modified Sadeh-Koniecpol as claimed to predictably provide enhanced assessments via one or more mock malicious attacks.
Re claims 8 and 19:
	[Claims 8 and 19]  Sadeh-Koniecpol as modified by Rajan teaches or at least suggests wherein the user selections annotating selected elements of the plurality of elements of the simulated attack message are received responsive to displaying the simulated attack message in a cybersecurity training application (at least Sadeh-Koniecpol: ¶ 4: context-aware cybersecurity training and…training systems, apparatuses, and methods that select and provide cybersecurity training to a user based on action of a user).
Re claim 9:
	[Claim 9]  Sadeh-Koniecpol discloses as modified by Rajan teaches or at least suggests wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: aggregate user selections received from a plurality of enterprise user devices; and transmit the aggregated user selections to an administrator computing device (at least Sadeh-Koniecpol: ¶ 44: a system administrator (e.g. a security analyst, a member of human resources in charge of training, or some other role in an organization) uses an administrator client 1014 to interact with the policy manager; ¶ 47: Sensed data may also be provided by a system administrator via an administrator client, or retrieved from a data set containing profile and/or sensed activity or behavior data about the user…Sensed data may also include historical user training data or data obtained from other sources of information such as a corporate system with information about the scheduled deployment of smart phones in the enterprise).
Re claims 10 and 15:
[Claims 10 and 15]  Sadeh-Koniecpol in view of Rajan teaches or at least suggests computing, by the at least one processor, a frequency with which elements are correctly selected by users (at least Sadeh-Koniecpol: ¶ 39:…relevant statistics may include, for example, frequency of certain activities, frequency of certain behaviors, deviations from relevant baselines, and relevant trends; ¶ 65: User behavior data 15 can be captured and recorded in one or more locations and may include relevant statistics, such as frequency associated with different types of events or situations, trends, and comparisons against relevant baselines. Such user behavior data 15 may help create a unique profile for each individual user that captures this user's activities and behaviors at a particular point in time or over different periods of time; ¶ 112: a phishing sensor, such as a monitor that receives data indicating whether (and optionally how frequently) a user visits or attempts to visit one or more blacklisted web sites, or a sensor looking at the number of emails received by a user and flagged as phishing emails by an email filter; ¶ 123:…established frequency thresholds 4050 above or below which the user may be considered at risk or likely not at risk for a particular threat scenario 4060).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Sadeh-Koniecpol in view of Rajan, as applied to claim 1, further in view of Cosoi (US 8572184 B1).
Re claim 7:
[Claim 7]  Sadeh-Koniecpol as modified by Rajan appears to be silent on wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: receive, from the enterprise user device, additional user selections categorizing the selected elements from a list of types of malicious elements. However, the concept and advantages of this feature is old and well-known, as evidenced by Cosoi (col 8, lines 5-19: …message classifier 30 may request a user input 50 to confirm class label 46 (e.g., "yes, this is spam") or to change class label 46 in case of misclassification ("no, this is not spam")). Hence, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, when faced with the issue of providing cybersecurity training based on mock attacks, to have incorporated the old and well-known technique of requesting a user input to confirm class label within the teachings of Sadeh-Koniecpol in view of Rajan as claimed to predictably allow assessing the accuracy of message classification.
Claims 11-13 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Sadeh-Koniecpol in view of Rajan, as applied to claims 10 and 15, further in view of Adderly et al. (US 20160140858 A1) (Adderly).
Re claims 11-13 and 16-18:
	[Claims 11-13]  Sadeh-Koniecpol as modified by Rajan appears to be silent on wherein generating the simulated attack message includes assigning a baseline score weighting to each element of the plurality of elements, and wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: assign an adjusted score weighting for each element of the plurality of elements based on the computed frequency with which elements are correctly selected by users (¶ 95: for these sub-links and hypothetical ontological links, collaboration of evidence, grading of sources, certainty of statements in the evidence, and the like, may be evaluated to adjust the weightings and relative scorings of evidence in support of or against a candidate answer being correct and/or the scoring of a particular sub-link and/or the hypothetical ontological link as a whole; ¶ 127: characteristics of the link comprise at least one of a location associated with the link, a time of day associated with the link, a frequency of action associated with the link, or a direction of action associated with the link. Determining the weight value based on the link type and one or more characteristics of at least one of the link or information concept entities associated with the link may comprise correlating a characteristic of the link with a link type characteristic associated with a link type of the link based on a data structure correlating characteristics with types of links, retrieving an adjustment value associated with the link type characteristic, and adjusting the weight value based on the retrieved adjustment value), (Claim 13) wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: update a machine learning model used in generating the simulated attack message based on the computed frequency with which elements are correctly selected by users (¶ 118: aggregation of these scores may further be based on a weighting of the various sub-links based on the sub-link type and pre-determined weights generated through machine learning or user specification in configuration parameters for the link scoring and analyzer engine 440; ¶ 228: a weighted function of the confidence scores of the answers to the various questions, as well as the scores of the sub-links, may be utilized in which the weights for the various components of the calculation may be learned through training and machine learning…). Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, when faced with the issue of assessing the susceptibility of an electronic device user to a cybersecurity threat, to have incorporated the well-known concept of weighted scoring and machine learning of Adderly within the teachings of Sadeh-Koniecpol in view of Rajan as claimed to predictably provide enhanced assessment and evaluation via one or more mock malicious attacks.
	Sadeh-Koniecpol as modified by Rajan and Adderly (Claim 12) additionally appears to be silent on wherein identifying one or more training areas for the user includes calculating a user performance score based on the user selections and the adjusted score weighting for each element. The Examiner takes OFFICIAL NOTICE That the concept and advantages of performance scoring/weighted scoring were old and well known to one of ordinary skill in the art before the effective filing date of the invention. In particular, performance scoring is used in numerous fields. For example, students/trainees are generally evaluated using test. Tests are made of questions which may be made of one or more parts that are each scored. Additionally, any or all of the scoring can be weighted, either by presetting the weighted values of items to be scored, and/or by permitting an instructor/educator to set weights at his or her discretion. Hence, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, when faced with the issue of providing cybersecurity training based on mock attacks, to have incorporated the old and well-known concept of performance scoring within the teachings of Sadeh-Koniecpol as modified by Rajan and Adderly to calculate a user performance score as claimed in order to predictably allow rating users and make it easier to communicate performance and determine whether a user should receive a training intervention.
	[Claims 16-18]  The claims recite limitations similar to those of claims 11-13 and  are, as a result, rejected similarly to claims 11-13.
Conclusion
The prior art made of record and not relied upon is listed in the attached PTO
Form 892 and is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDDY SAINT-VIL whose telephone number is (571)272-9845.  The examiner can normally be reached on Mon-Fri 6:30 AM -6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PETER VASAT can be reached on (571) 270-7625.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/EDDY SAINT-VIL/Primary Examiner, Art Unit 3715