Office Action Predictor
Last updated: April 17, 2026
Application No. 18/360,124

AI-BASED HONEYPOT TO MITIGATE SOCIAL ENGINEERING CYBERATTACK

Final Rejection §103
Filed
Jul 27, 2023
Examiner
HUANG, KAYLEE J
Art Unit
2447
Tech Center
2400 — Computer Networks
Assignee
cisco technology Inc.
OA Round
2 (Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
2y 8m
To Grant
99%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allow Rate
262 granted / 349 resolved
+17.1% vs TC avg
Strong +51% interview lift
Without
With
+51.2%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
32 currently pending
Career history
381
Total Applications
across all art units

Statute-Specific Performance

§101
5.2%
-34.8% vs TC avg
§103
47.8%
+7.8% vs TC avg
§102
9.0%
-31.0% vs TC avg
§112
30.2%
-9.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 349 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The amendment filed on 01/09/2026 has been entered. Applicant amended claims 1-4, 6-10, and 17-20 in the amendment. Claims 1-20 remain pending. Response to Arguments Applicant’s arguments with respect to claims 1-20 filed on 01/09/2026 have been considered but they are deemed to be moot in view of new grounds of rejection. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 10-13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson et al. (US 11,102,244 B1), in view of Peltier et al. (US 2020/0252365 A1), hereinafter Peltier. Regarding claim 10, Jakobsson discloses A non-transitory computer readable medium comprising instructions that, when executed by one or more processors, are configured to cause the one or more processors to perform operations comprising: creating a generic virtualized human personality (Col. 9, lines 20-26: the account may be one from a large collection of honeypot accounts used by the system, and may simply be configured by setting the display name to match the intended victim; alternatively, it may be a different display name altogether, but the subject line or thread information is the same as that in the initial attack email (e.g., initial received message)); creating a specific virtualized human personality associated with a human user (Col. 8, lines 57-63: a honeypot account is generated or configured based on the identity of the attacked party); receiving a cyberattack message (Col. 5, lines 62-63: information about a received message (e.g., message to be delivered to an intended recipient) is received); determining whether the cyberattack message is targeted to the human user (Col. 6, lines 16-17: a security risk associated with the received message is determined; & Col. 5, lines 4-11: if it is determined with sufficient certainty that a received message to be delivered to an intended recipient is a malicious message that meets one or more criteria); responding to the cyberattack message using the specific virtualized human personality in response to determining the cyberattack message is targeted to the human user (Col. 8, lines 57-63: a message is sent to the attacker (e.g., sender of the initial received message) from this honeypot account, potentially referring to the initial message sent by the attacker to the intended victim). Jakobsson does not explicitly disclose selecting a mood as a basis for generating response messages; responding to the cyberattack message and in accordance with the mood. However, Peltier discloses selecting a mood as a basis for generating response messages ([0042]: determining semantics, sentiments and or mood, user engagement); responding to the cyberattack message and in accordance with the mood ([0054]: the natural language processing can be used by the system to generate new messages on behalf of the client, which closely track and mimic a client’s tone, idioms, axioms, and other personality-specific traits related to the client). It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate feature of Peltier to Jakobsson, because Jakobsson discloses message is automatically generated and sent by server (Col. 5, lines 12-15) and Peltier further suggests generate new messages on behalf of the client, which closely track and mimic a client’s tone ([0054]). One of ordinary skill in the art would be motivated to utilize the teachings of Peltier in the Jakobsson system in order to provide convenient system. Regarding claim 11, Jakobsson and Peltier disclose the non-transitory computer readable medium as described in claim 10. Jakobsson further discloses responding to the cyberattack message using the generic virtualized human personality in response to determining the cyberattack message is not targeted to the human user (Col. 9, lines 3-20: the initial message from the honeypot account to the attacker could simply contain information that is likely to encourage the attacker to continue the conversation, such as a request for additional information or a request for clarification; & Col. 8, lines 57-63: a message is sent to the attacker (e.g., sender of the initial received message) from this honeypot account, potentially referring to the initial message sent by the attacker to the intended victim). Regarding claim 12, Jakobsson and Peltier disclose the non-transitory computer readable medium as described in claim 10. Jakobsson further discloses identifying information related to the human user from a social media platform (Col. 9, lines 7-23: the identity information of the honeypot account may be configured to match the identity information of the intended victim to some extent, e.g., by using the same or similar display names; & Col. 21, lines 53-56: honey-tokens are generated based on an entity’s public and private information, social network information available online, and based on operation patterns); and creating the specific virtualized human personality based on the information (Col. 9, lines 7-23: the identity information of the honeypot account may be configured to match the identity information of the intended victim to some extent, e.g., by using the same or similar display names; & Col. 21, lines 53-56: honey-tokens are generated based on an entity’s public and private information, social network information available online, and based on operation patterns). Regarding claim 13, Jakobsson and Peltier disclose the non-transitory computer readable medium as described in claim 12. Jakobsson further discloses respond to the cyberattack message using the specific virtualized human personality by sending a response message containing the information related to the human user (Col. 8, lines 57-63: a message is sent to the attacker (e.g., sender of the initial received message) from this honeypot account, potentially referring to the initial message sent by the attacker to the intended victim; & Col. 9, lines 7-23: the identity information of the honeypot account may be configured to match the identity information of the intended victim to some extent, e.g., by using the same or similar display names). Claim(s) 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson in view of Peltier, and further in view of Caldwell (US 2016/0036801 A1). Regarding claim 14, Jakobsson and Peltier disclose the non-transitory computer readable medium as described in claim 10. Jakobsson and Peltier do not explicitly disclose determining information related to the human user is unavailable; and creating the specific virtualized human personality based on default information. However, Caldwell discloses determining information related to the human user is unavailable ([0071]: failing to find information associated with the user); and creating the specific virtualized human personality based on default information ([0071]: create a new record comprising default data, predefined data, or the like). It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate feature of Caldwell to Jakobsson and Peltier, because Jakobsson and Peltier disclose create honeypot account based on identity of the attacked party (Jakobsson: Col. 8, lines 57-59) and Caldwell further suggests failing to find information associated with the user and create a new record ([0071]). One of ordinary skill in the art would be motivated to utilize the teachings of Caldwell in the Jakobsson and Peltier system in order to provide efficient system. Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson in view of Peltier, and further in view of Abraham et al. (US 2024/0428008 A1), hereinafter Abraham. Regarding claim 3, Jakobsson and Peltier disclose the method as described in claim 2. Jakobsson and Peltier further disclose respond to the response using the specific virtualized human personality and outputting the response message (Col. 8, lines 57-63: a message is sent to the attacker (e.g., sender of the initial received message) from this honeypot account, potentially referring to the initial message sent by the attacker to the intended victim). Jakobsson and Peltier do not explicitly disclose generating a response message using a plurality of large language models (LLMs). However, Abraham discloses the response is generated using the virtualized human personality and a plurality of large language models ([0028]: the LLM generates different types of responses for different intents). It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate feature of Abraham to Jakobsson and Peltier, because Jakobsson and Peltier disclose message is automatically generated and sent by server (Jakobsson: Col. 5, lines 12-15) and Abraham further suggests LLM generates responses ([0028]). One of ordinary skill in the art would be motivated to utilize the teachings of Abraham in the Jakobsson and Peltier system in order to increase efficiency and reduce costs. Claim(s) 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson in view of Peltier, in view of Abraham, and further in view of Jonnalagadda et al. (US 2020/0143247 A1), hereinafter Jonnalagadda. Regarding claim 16, Jakobsson, Peltier, and Abraham disclose the non-transitory computer readable medium as described in claim 15. Jakobsson, Peltier, and Abraham do not explicitly disclose determining an additional cyberattack message is not received within a threshold duration of time since output of the response message; and adjusting generation of a subsequent response message using the plurality of LLMs in response to determining the additional cyberattack message is not received within the threshold duration of time since the output of the response message. However, Jonnalagadda discloses determining an additional cyberattack message is not received within a threshold duration of time since output of the response message ([0140]: after the message has been output, the process waits for a response; once sufficient time has passed without a response); and adjusting generation of a subsequent response message using the plurality of LLMs in response to determining the additional cyberattack message is not received within the threshold duration of time since the output of the response message ([0140]: once sufficient time has passed without a response, it may be desirous to return to the delay period and send a follow-up message). It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate feature of Jonnalagadda to Jakobsson, Peltier, and Abraham, because Jakobsson, Peltier, and Abraham disclose message is automatically generated and sent by server (Jakobsson: Col. 5, lines 12-15) and Jonnalagadda further suggests once sufficient time has passed without a response and send a follow-up message ([0140]). One of ordinary skill in the art would be motivated to utilize the teachings of Jonnalagadda in the Jakobsson, Peltier, and Abraham system in order to increase efficiency and better engagement. Claim(s) 17, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson in view of Chapman (US 2016/0308897 A1). Regarding claim 17, Jakobsson discloses An apparatus comprising: a memory (Col. 2, lines 44-46) configured to store instructions; a processor (Col. 2, lines 44-46) configured to execute the instructions stored on the memory to perform operations comprising: generating a specific virtualized human personality associated with a human user (Col. 8, lines 57-63: a honeypot account is generated or configured based on the identity of the attacked party); receiving a cyberattack message from a source (Col. 5, lines 62-63: information about a received message (e.g., message to be delivered to an intended recipient) is received); determining the cyberattack message is targeted to the human user (Col. 6, lines 16-17: a security risk associated with the received message is determined; & Col. 5, lines 4-11: if it is determined with sufficient certainty that a received message to be delivered to an intended recipient is a malicious message that meets one or more criteria); generating a response message using the specific virtualized human personality associated with the human user in response to determining the cyberattack message is targeted to the human user (Col. 8, lines 57-63: a message is sent to the attacker (e.g., sender of the initial received message) from this honeypot account, potentially referring to the initial message sent by the attacker to the intended victim); sending the response message to the source (Col. 8, lines 57-63: a message is sent to the attacker (e.g., sender of the initial received message) from this honeypot account, potentially referring to the initial message sent by the attacker to the intended victim). Jakobsson does not explicitly disclose a message to contain a company status associated with the human user. However, Chapman discloses a message to contain a company status associated with the human user ([0026]: a template may be used, for example, by a processor such as an e-mail generator to create personalized phish communications to be sent to various members of an organization, the template includes personal information indicators, the indicators indicate the type of personal information to be included in the communication created based on the template and where to locate the personal information in the template; & [0049]: the phishing message generator has access to information regarding members of an organization, in the illustrated embodiment an organization address book, including personal information (e.g., name, department, number of years of service with the company, title within the company, etc.) and contact information (e.g., e-mail address, mobile telephone number, social media contact information, etc.) of members of the organization). It would have been obvious to a person with ordinary skill in the art before the effective filing date of the claimed invention to incorporate feature of Chapman to Jakobsson, because Jakobsson discloses message is automatically generated and sent by server (Col. 5, lines 12-15) and Chapman further suggests generate communications to includes personal information ([0026] & [0049]]). One of ordinary skill in the art would be motivated to utilize the teachings of Chapman in the Jakobsson system in order to provide personalized message by using personal information. Regarding claim 19, Jakobsson and Chapman disclose the apparatus as described in claim 17. Jakobsson and Chapman further disclose determining the company status associated with the human user (Chapman: [0026]: a template may be used, for example, by a processor such as an e-mail generator to create personalized phish communications to be sent to various members of an organization, the template includes personal information indicators, the indicators indicate the type of personal information to be included in the communication created based on the template and where to locate the personal information in the template); and generating the specific virtualized human personality associated with the human user based on the company status (Chapman: [0026]: a template may be used, for example, by a processor such as an e-mail generator to create personalized phish communications to be sent to various members of an organization, the template includes personal information indicators, the indicators indicate the type of personal information to be included in the communication created based on the template and where to locate the personal information in the template: & [0049]: the phishing message generator has access to information regarding members of an organization, in the illustrated embodiment an organization address book, including personal information (e.g., name, department, number of years of service with the company, title within the company, etc.) and contact information (e.g., e-mail address, mobile telephone number, social media contact information, etc.) of members of the organization). Regarding claim 20, Jakobsson and Chapman disclose the apparatus as described in claim 19. Jakobsson and Chapman further disclose determining the company status associated with the human user via publicly available information, a user input, or both (Jakobsson: Col. 9, lines 7-23: the identity information of the honeypot account may be configured to match the identity information of the intended victim to some extent, e.g., by using the same or similar display names; & Col. 21, lines 53-56: honey-tokens are generated based on an entity’s public and private information, social network information available online, and based on operation patterns; & Chapman: [0049]: the phishing message generator has access to information regarding members of an organization, in the illustrated embodiment an organization address book, including personal information (e.g., name, department, number of years of service with the company, title within the company, etc.) and contact information (e.g., e-mail address, mobile telephone number, social media contact information, etc.) of members of the organization). Allowable Subject Matter Claims 1-9 are allowed. Claim 18 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Schemers et a. (US 11,481,735 B1). A prioritization data response may thus be generated comprising, for example, group-based communication system user profile data that comprises a “CEO of Company ABC” job title field. Miretsky et al. (US 11,818,172 B1). Attack response service will generate data using machine learning/artificial intelligence (ML/AI) algorithm according to a user profile of the computing device to which the electronic file was transferred; the attack response service may update data using the ML/AI algorithm for simulating real user work according to his personal profile. Anderson et al. (US 2019/0140986 A1). After transmission of the chat messages by the user computer, appropriate responses generated by the master chatbot and modular chatbots are transmitted back to the user computer for display within the chat module, allowing a further conversation to take place between the user computer and master chatbot or modular chatbot which responded to the chat message ([0016]). Hazony et al. (US 2021/0240836 A1). Bot creates and updates user profiles based on analyzing correspondences; bot examines or analyzes text in emails or other correspondence and use techniques to identify language descriptors of personality; bot may classify or score users; profiling of a user is based on a presence of a user in a social network; bot analyzes content in social networks to characterize a user and updates the user’s profile based on identified fields of interest, personality traits and the like. Bennett et al. (US 2025/0315148 A1). Upon receiving a message at the LLM, the LLM will generate a follow up question ([0087]). Weissenberger et al. (US 2024/0144192 A1). A response to the query can be generated based on LLM output that is generated after processing of the query ([0004]). Stoops et al. (US 10,645,225 B1). Different chat bots may be created to have different profiles; the profile of a particular chat bot may be used to select a chat bot with expertise for helping a customer on a particular subject control. Eriksson et al. (US 10,381,006 B1). Communicates with the worker bot that was selected by the dispatcher bot for handling the query, to provide an answer or solution to the query. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAYLEE J HUANG whose telephone number is (571)272-0080. The examiner can normally be reached Monday-Friday 9AM-5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon H Hwang can be reached at 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Kaylee Huang 02/10/2026 /KAYLEE J HUANG/Primary Examiner, Art Unit 2447
Read full office action

Prosecution Timeline

Jul 27, 2023
Application Filed
Oct 12, 2025
Non-Final Rejection — §103
Dec 11, 2025
Examiner Interview Summary
Dec 11, 2025
Applicant Interview (Telephonic)
Jan 09, 2026
Response Filed
Feb 12, 2026
Final Rejection — §103
Apr 13, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12603902
APPARATUS AND METHOD FOR CONSTRUCTING INTRUSION DETECTION SYSTEM APPLIED TO CAN COMMUNICATION USING DETECTION POLICY RULE
2y 5m to grant Granted Apr 14, 2026
Patent 12568038
DYNAMIC ANYCAST CLIENT ROUTING AND HEALTH MANAGEMENT
2y 5m to grant Granted Mar 03, 2026
Patent 12562933
Limited Communications Threads Associated with Construction Based Data Objects
2y 5m to grant Granted Feb 24, 2026
Patent 12556574
USING CROSS WORKLOADS SIGNALS TO REMEDIATE PASSWORD SPRAYING ATTACKS
2y 5m to grant Granted Feb 17, 2026
Patent 12554878
PHONE NUMBER OBFUSCATION IN SOCIAL MEDIA PLATFORMS
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
99%
With Interview (+51.2%)
2y 8m
Median Time to Grant
Moderate
PTA Risk
Based on 349 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month