Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Arguments
In communications filed on 9/2/2025, claims 1-20 are presented for examination. Claims 1 and 11 are independent.
Amended claims: 1, 11.
Applicants’ arguments, see Applicant Arguments/Remarks filed 9/2/2025, with respect to claim(s) rejected under prior art have been fully considered but are not persuasive. Contrary to Applicant’s arguments, Chrapo in combination with Patwa and Hawthorn teaches the claimed invention. Charpo et al in combination with Hawthorn teaches: generating, by the one or more servers, one or more simulated phishing communications created and personalized to the candidate using the information about the candidate received from the job application system; (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶6, ¶33-¶42, ¶94-¶97, i.e., candidate applying for a job through an application system and ¶70-¶71, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, network/online/email usage behavior of the user and so forth. See also, Hawthorn: Fig 7, item 708; Fig 9; ¶52-¶53, i.e., user behavior response is received in response to a simulated phishing campaign; ¶108]-¶111; ¶115 provides for the security system to obtain employee profiles, etc., from client businesses, Fig 17-18, Fig 20, step 2010; ¶237 provides for calculating a risk score; ¶226-¶230 provides for communicating risk assessment reports to the business client including user-specific risk scores).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-5, 8-15, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20170293873 A1 (hereinafter ‘Chrapo’) in view of US 20130046704 A1 (hereinafter ‘Patwa’) in view of US 20170244746 A1 (hereinafter ‘Hawthorn’).
As regards claim 1, Chrapo (US 20170293873 A1) in combination with Patwa (US 20130046704 A1) teaches: A method comprising: receiving, by one or more servers via one or more application programming interfaces (APIs), information about a candidate from a job application system; (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶68-¶77, ¶94-¶97, ¶134-¶137, i.e., candidate applying for a job through an application system and ¶68-¶80, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, messages, internet browsing etc, wherein the information is calculated using software i.e., API). Although, Chrapo does not explicitly teach the use of common software building blocks like API, Patwa, in analogous art, teaches using APIs to send/receive a job candidate related information from multiple sources. See Patwa, ¶95-¶108).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Charpo to include using basic software building blocks such as APIs to send/receive a job candidate related information from sources as taught by Patwa with the motivation to improve the efficiency and quality of the recruitment process (Patwa: ¶12)
Charpo et al in combination with Hawthorn (US 20170244746 A1) further teaches: generating, by the one or more servers, one or more simulated phishing communications created and personalized to the candidate using the information about the candidate received from the job application system; (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶6, ¶33-¶42, ¶94-¶97, i.e., candidate applying for a job through an application system and ¶70-¶71, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, network/online/email usage behavior of the user and so forth. See also, Hawthorn: Fig 7, item 708; Fig 9; ¶108]-¶111; ¶115 provides for the security system to obtain employee profiles, etc., from client businesses, Fig 17-18, Fig 20, step 2010; ¶237 provides for calculating a risk score; ¶226-¶230 provides for communicating risk assessment reports to the business client including user-specific risk scores)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chrapo to include responses to a simulated phishing campaign to a user as taught by Hawthorn with the motivation to calculate trustworthiness of an individual (Hawthorn: ¶37)
communicating, by the one or more servers, one or more simulated phishing communications to one or more devices of the candidate; (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶6, ¶33-¶42, ¶94-¶97, i.e., candidate applying for a job through an application system and ¶70-¶71, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, network/online/email usage behavior of the user and so forth. See also, Hawthorn: Fig 7, item 708; Fig 9; ¶108]-¶111; ¶115 provides for the security system to obtain employee profiles, etc., from client businesses, Fig 17-18, Fig 20, step 2010; ¶237 provides for calculating a risk score; ¶226-¶230 provides for communicating risk assessment reports to the business client including user-specific risk scores)
receiving, by the one or more servers, one or more responses from the one or more devices of the candidate, the one or more responses identifying one or more failure actions in the candidate's interaction with the one or more simulated phishing communications; (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶6, ¶33-¶42, ¶94-¶97, i.e., candidate applying for a job through an application system and ¶70-¶71, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, network/online/email usage behavior of the user and so forth. See also, Hawthorn: Fig 7, item 708; Fig 9; ¶52-¶53, i.e., user behavior response is received in response to a simulated phishing campaign; ¶108-¶111; ¶115 provides for the security system to obtain employee profiles, etc., from client businesses, Fig 17-18, Fig 20, step 2010; ¶237 provides for calculating a risk score; ¶226-¶230 provides for communicating risk assessment reports to the business client including user-specific risk scores)
determining, by the one or more servers responsive to receiving one or more responses to the one or more simulated phishing communications from the one or more devices of the candidate, a risk score of the candidate based at least on the one or more failure actions of the one or more responses; and (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶94-¶97, i.e., candidate applying for a job through an application system and ¶70-¶71, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, network/online/email usage behavior of the user and so forth. See also, Hawthorn: Fig 7, item 708; Fig 9; ¶108]-¶111; ¶115 provides for the security system to obtain employee profiles, etc., from client businesses, Fig 17-18, Fig 20, step 2010; ¶237 provides for calculating a risk score; ¶226-¶230 provides for communicating risk assessment reports to the business client including user-specific risk scores)
communicating, by the one or more servers via the one or more APIs, the risk score to the job application system to use in a job application process. (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, ¶134-¶137, i.e., hiring decision determination based on calculating risk scores regarding a potential candidate. Hawthorn: Fig 7, item 708; Fig 9; ¶108]-¶111; ¶115 provides for the security system to obtain employee profiles, etc., from client businesses, Fig 17-18, Fig 20, step 2010; ¶237 provides for calculating a risk score; ¶226-¶230 provides for communicating risk assessment reports to the business client including user-specific risk scores)
Claim 11 recites substantially the same features recited in claim 1 above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 2, Chrapo et al combination teaches the method of claim 1, further comprising receiving, by the one or more servers, the information about the candidate during the job application process. (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, ¶134-¶137, i.e., the job application process)
Claim 12 recites substantially the same features recited in claim 2 above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 3, Chrapo et al combination teaches the method of claim 1, further comprising generating, by the one or more servers, the one or more simulated phishing communications to include content personalized by the one or more servers based at least on the information about the candidate. (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶94-¶97, i.e., candidate applying for a job through an application system and ¶70-¶71, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, network/online/email usage behavior of the user and so forth. See also, Hawthorn: ¶64-¶65, i.e., generating trustworthiness level of an individual based on the response to the results of one or more simulated phishing campaigns received from the individual’s device)
Claim 13 recites substantially the same features recited in claim 3 above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 4, Chrapo et al combination teaches the method of claim 1, further comprising receiving, by the one or more servers, authentication information used by the candidate for the job application system. (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶68, ¶94-¶97, ¶134-¶137, i.e., candidate applying for a job through an application system and ¶68-¶80, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, network/online/email usage behavior of the user, internet browsing etc, wherein the information is calculated using software i.e., API)
Claim 14 recites substantially the same features recited in claim 4 above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 5, Chrapo et al combination teaches the method of claim 4, further comprising determining, by the one or more servers, the risk score using the authentication information. (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶68, ¶94-¶97, ¶134-¶137, i.e., candidate applying for a job through an application system and ¶68-¶80, ¶97, ¶101-¶102, i.e., risk scores are calculated using multiple different sets of information regarding a user including ID information such as facial recognition i.e., authentication information, messages, internet browsing etc, wherein the information is calculated using software i.e., API)
Claim 15 recites substantially the same features recited in claim 5 above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 8, Chrapo et al combination teaches the method of claim 1, further comprising determining, by the one or more servers, the risk score using the one or more responses to the simulated phishing communications. (Chrapo: Figs. 4-7, and ¶3-¶4, ¶33-¶42, ¶94-¶97, ¶160-¶161)
Claim 18 recites substantially the same features recited in claim 8 above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 9, Chrapo et al combination teaches the method of claim 1, wherein the job application system uses the risk score in making a hiring decision on the candidate. (Chrapo: Figs. 1-2, 4-7, and ¶3-¶4, ¶68-¶77, ¶94-¶97, ¶134-¶137
Claim 19 recites substantially the same features recited in claim 9 above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 10, Chrapo et al combination teaches the method of claim 1, wherein the job application system executes on a second one or more servers. (Chrapo: Figs. 1-2, 4-7. Patwa: Fig. 1, ¶37)
Claim 20 recites substantially the same features recited in claim 10 above and is rejected based on the aforementioned rationale discussed in the rejection.
Claim(s) 6-7, 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chrapo in view of Patwa in view of Hawthorn in view of US 20110047608 A1 (hereinafter ‘Leven’).
As regards claim 6, Chrapo et al combination teaches the method of claim 4. However, Chrapo et al do not but in analogous art, Leven (US 20110047608 A1) teaches: wherein the authentication information includes at least one of strength of password or type of authentication. (Leven: ¶57-¶58, i.e., authentication based on the strength of the authentication password and/or multifactor authentications)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chrapo to include authentication information to include strength of the authentication password and/or multifactor authentication as taught by Leven with the motivation to make the authentication stronger (Leven: ¶14)
As regards claim 7, Chrapo et al combination teaches the method of claim 6, wherein the type of authentication comprises one-factor authentication or two-factor authentication. (Leven: ¶57-¶58, i.e., authentication based on the strength of the authentication password and/or multifactor authentications)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chrapo to include authentication information to include strength of the authentication password and/or multifactor authentication as taught by Leven with the motivation to make the authentication stronger (Leven: ¶14)
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED A ZAIDI/Primary Examiner, Art Unit 2432
Prosecution Insights