Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the amendment filed 12/11/2025. Claims 1-20 are pending. Claims 1 (a machine), 12 (a non-transitory CRM), and 14 (a method) are independent.
Response to Arguments
Applicant’s arguments, see page 11, filed 12/11/2025, with respect to the rejection(s) of claim(s) 1, 2, 4-9, 11-15, and 17-20 under Jakobsson (US 2018/0091453) have been fully considered and are persuasive. Jakokbsson does not disclose determining user to provide increased permissions/access. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Jakobsson, US 2018/0091453 (published 2018), in view of Schmitlin et al., US 2010/0083374 (published 2010).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 2, 4-9, 11-15, and 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson, US 2018/0091453 (published 2018), in view of Schmitlin et al., US 2010/0083374 (published 2010).
As to claim 1, 12, and 14, Jakobsson discloses an appliance/CRM/method comprising:
One or more processors;
A memory storing instructions that, whene executed by the one or more processors, implement:
(regarding the hardware elements see Jakobsson ¶ 20)
A cyber security appliance to protect an email system, comprising:
a user importance scoring module configured to calculate an importance score of a user of the email system based on a number of new inbound senders (“the message is identified as suspicious if a recipient identified in the message has not previously sent a message to the sender of the message.” Jacobsson ¶ 128. Also ¶ 132) associated with one or more inbound emails having the user as a recipient over a set period of time and 1) one or more enhancing factors each of which increases the importance score of the user, 2) one or more dampening factors each of which reduces the importance score of the user, or 3) a combination thereof, wherein a greater number of the new inbound senders corresponds to a higher importance score that corresponds to a higher level of importance of the user; (“The first user is exposed to a large amount of dangerous email due to having a public profile within the organization…. The first user, correspondingly, is protected by screening for traffic” See Jakobsson ¶¶ 55-56)
a very important person (vip) determination module communicatively coupled to the user importance scoring module, where the vip determination module is configured to determine whether the user is a vip user based on the calculated importance score of the user, wherein the user is characterized to be the vip user when the calculated importance score of the user is greater than a threshold amount, and the user is determined not to be the vip user when the calculated importance score of the user is less than the threshold amount; (“The personalized treatment is adaptive—as a user performs an action that is indicative of greater or lesser risk, the user's risk classification is updated. If, as a result, the risk classification of a user changes from one class to another, then email sent to the user will be processed in a different way onwards.” Jakobsson ¶ 55)
one or more machine learning models configured to analyze the one or more inbound emails having the user as the recipient and then output results to detect malicious emails; and (“the measure of global reputation indicates a general measure that a sender is likely to send a message that is of value to a recipient of the message…. machine learning or another automated process is utilized to determine the measure of global reputation based on gathered/generated information about the sender of the global reputation.” Jakobsson ¶ 80. “The historical analysis may be performed using machine learning.” Jakobsson ¶ 84. See also ¶ 89 and 96)
an autonomous response module communicatively coupled to the vip determination module, where the autonomous response module is configured to cause one or more autonomous actions to be taken to mitigate emails deemed malicious by the one or more machine learning models when a threat risk parameter from an assessment module cooperating with the one or more machine learning models is equal to or above an actionable threshold, (“a determined trust score is above a corresponding threshold value but a determined authenticity score is below a corresponding threshold value; a determined reputation score is above a corresponding threshold value but a determined authenticity score is below a corresponding threshold value” Jakobsson ¶ 45. see also Jakobsson ¶ 75)
(“FIG. 5 is a flowchart illustrating an embodiment of a process for determining information about a message sender to be utilized to assess a risk of a message. …. The process of FIG. 5 are performed during the initial analysis and/or secondary analysis in the process of FIG. 2….. machine learning or another automated process is utilized to determine the measure of global reputation based on gathered/generated information” Jakobsson ¶¶ 78-80)
wherein the one or more autonomous actions are based on one or more vip-specific rules if the user is characterized to be the vip user, and the one or more autonomous actions are based on one or more non-vip-specific rules if the user is determined not to be a vip user, (“a high risk user is not allowed to open an attachment until a low-risk user having been sent the same email or the same attachment first opens it. The user risk profile-based security protection also applies to other actions: e.g., a high-risk user replying to an email may have the response being temporarily quarantined while the system determines the risk score associated with the addressee of the response, and the response may be blocked, bounced, or modified as a result of the risk score.” Jakobsson ¶ 56)
Jakobsson does not disclose:
wherein the one or more vip-specific rules specify less disruptive measures than the one or more non-vip-specific rules.
Schmitlin discloses:
wherein the one or more vip-specific rules specify less disruptive measures than the one or more non-vip-specific rules.
(“The security settings 330 may define the accessibility of the file 320 based on a location of the user accessing the file in the organizational chart. For example, the file 320 may only be accessible to a particular project group. In other examples, the file 320 may only be accessible to individuals higher in the hierarchy than a defined reference position.” Schmitlin ¶ 53. “FIG. 3 illustrates an implementation of a security component 150. The security component 150 controls the accessibility of files based upon the hierarchical relationships between members displayed in the organizational chart 260.” Schmitlin ¶ 52)
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Jakobsson with Schmitlin by utilizing the org-chart permissions of Schmitlin to provide increased access in lieu of the alternative restricted access based on role (“particular project group” of Schmitlin and ‘a public profile’ of Jakobsson). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Jakobsson with Schmitlin in order to provide increased access to more authoritative members of an organization while accommodating complex organizational charts to ensure accuracy and confidentiality of data, Schmitlin ¶ 2.
As to claims 2, 13, and 15, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
further comprising a communication module configured to notify a human administrator when the user is characterized to be the vip user and the one or more autonomous actions based on the one or more vip-specific rules have been taken.
(“ if it is determined during the second risk analysis that the message is potentially hazardous to a specified recipient of the message, the message is automatically deleted or quarantined to prevent access by the specified recipient to the entire message. In some embodiments, a notification is provided to an administrator. For example, the administrator is provided a warning about the message failing the second risk analysis.” Jakobsson ¶ 151).
As to claims 4 and 17, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more enhancing factors, the importance score of the user is increased in response to each of the one or more inbound emails being deemed malicious by the one or more machine learning models. (“The first user is exposed to a large amount of dangerous email due to having a public profile within the organization…. A third person is not exposed to many attacks and is not reacting in a risky manner…. the network access of users may also be restricted for users in high-risk classes.” See Jakobsson ¶¶ 55-56).
As to claims 5 and 18, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more dampening factors, the importance score of the user is decreased in response to a frequency with which the user sends one or more outbound emails being greater than a first threshold over the set period of time. (“the trust score can be set to 1 if each of the two parties has sent the other at least three messages over a course of no shorter than one month; and otherwise to 0.” Jakobsson ¶ 37. “if a threshold number of messages has been sent to and from a contact for a user, the contact is identified as a trusted contact” Jakobsson ¶ 75).
As to claims 6 and 19, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more dampening factors, the importance score of the user is decreased in response to each batch of outbound emails sent by the user with a high frequency amount over the set period of time. (“The second user is not exposed to a lot of attacks, but reacts to emails very quickly by clicking on URLs, opening attachments, and by responding to them regardless of whether the emails are identified as secure or not…. The second person is protected in a slightly different way:” Jackobsson ¶ 55).
As to claims 7 and 20, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more dampening factors, the importance score of the user is decreased in response to the user sending fewer than a first threshold number of outbound emails over the set period of time. (“the trust score can be set to 1 if each of the two parties has sent the other at least three messages over a course of no shorter than one month; and otherwise to 0.” Jakobsson ¶ 37. “if a threshold number of messages has been sent to and from a contact for a user, the contact is identified as a trusted contact” Jakobsson ¶ 75).
As to claim 8, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more dampening factors, the importance score of the user is decreased in response to a frequency with which the user sends one or more outbound emails to one or more freemail addresses (“Thus, domains correspond to a very low degree of control by the domain owner. In contrast, the typical enterprise or government entity has high control over account creation, allowing only employees and affiliates to create accounts, where these have to satisfy some common criteria related to the real-life identity of the user. When the message is identified as having high authenticity but low domain control, then the display name is to be scrutinized” Jakobsson ¶ 120. Gmail is free.) being greater than a first threshold over the set period of time. (“the trust score can be set to 1 if each of the two parties has sent the other at least three messages over a course of no shorter than one month; and otherwise to 0.” Jakobsson ¶ 37. “if a threshold number of messages has been sent to and from a contact for a user, the contact is identified as a trusted contact” Jakobsson ¶ 75).
As to claim 9, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more dampening factors, the importance score of the user is decreased in response to a frequency with which the user is included in one or more email threads with external participants initiated (“a plurality of recipients of a message from the sender while a measure of local reputation of the sender is specific to a particular recipient domain” Jakobsson ¶ 79) by other user (“if the sender is associated with the same domain as the recipient, then the sender is classified as a colleague classification.” Jakobsson ¶ 156) of the email system being less than a first threshold over the set period of time. (“the trust score can be set to 1 if each of the two parties has sent the other at least three messages over a course of no shorter than one month; and otherwise to 0.” Jakobsson ¶ 37. “if a threshold number of messages has been sent to and from a contact for a user, the contact is identified as a trusted contact” Jakobsson ¶ 75).
As to claim 11, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein the user importance scoring module configured to periodically recalculate the importance score of the user, (“The personalized treatment is adaptive—as a user performs an action that is indicative of greater or lesser risk, the user's risk classification is updated.” Jakobsson ¶ 55) and the vip determination module is configured to periodically redetermine whether the user is a vip user. (“The first user is exposed to a large amount of dangerous email due to having a public profile within the organization…. The first user, correspondingly, is protected by screening for traffic” See Jakobsson ¶¶ 55-56)
Claim(s) 3 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson, US 2018/0091453 (published 2018), in view of Schmitlin et al., US 2010/0083374 (published 2010), and in view of Smarr et la., US 10,084,732 (published 2018).
As to claims 3 and 16, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more enhancing factors, …
where the new inbound senders are new to the email system. (“the factor value is based at least in part on a length of time since registration of a domain of the sender, an amount of time between registration of the domain and a first use of the domain to send a message” Jakobsson ¶ 92, new domain meaning new email address.)
Jakobsson does not explicitly disclose: the importance score of the user is increased in response to each of the one or more inbound emails being associated with fewer than a first threshold number of recipients, and
Smarr discloses: the importance score of the user is increased in response to each of the one or more inbound emails being associated with fewer than a first threshold number of recipients, and (“sender information may be based on how long a sender spent trying to add a particular recipient and/or the velocity of sender adds (e.g., whether the sender added a large number of recipient users in a short time period)” Smarr col. 12, ln. 6. “In step 306, a social affinity score is calculated to determine the social affinity that exists between a particular sender and a particular recipient.” Smarr col. 12, ln. 34.)
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Jakobsson in view of Schmitlin with Smarr by including the user affinity calculation of Smarr to determine how suspect communications between users are based on the affinity. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Jakobsson with Smarr in order to anticipate communications the user may be interested in, Smarr col. 4, ln 35.
Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson, US 2018/0091453 (published 2018), in view of Schmitlin et al., US 2010/0083374 (published 2010), in view of Sites et la., US 2021/0400077 (published 2021).
As to claim 10, Jakobsson in view of Schmitlin discloses the system/CRM/method of claims 1, 12, and 14 and further discloses:
wherein according to one of the one or more dampening factors, the importance score of the user is decreased in response to a frequency with which the user is included in one or more email threads that …. (“a relationship classification/category of the sender with respect to the specified recipient of the message is automatically determined based on a property of an identifier of the sender (e.g., domain), previous message history between the sender and recipient,” Jakobsson ¶ 155. Relationships being groups such as coworkers etc, Jakobsson ¶ 156).
Jakobsson does not explicitly disclose:
do not include any high importance user of the email system being greater than a first threshold over the set period of time
Sites discloses:
do not include any high importance user of the email system being greater than a first threshold over the set period of time
(“A group risk score determined by the system may take into account the user risk scores of the users which are members of the group. The system, when determining a user risk score, may take into account one or more dimensional scores. For example, a user risk score may incorporate or be determined by the system based on one or more of a frequency score, a propensity score, a severity score, and a job score.” Sites ¶ 83)
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Jakobsson in view of Schmitlin with Sites by including group based risk score incorporating the risks of all of the members of the group. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Jakobsson with Sites in order to determine a risk posed by organizational groups of users, thereby allowing mitigation of organizational threats, Sites ¶¶ 16-20 and Jakobsson ¶ 55.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Grossman-Avraham, US 2022/0394052, discloses collecting user security information to determine a user’s risk.
Lee et al., US 2021/0336983, discloses determining an organizational chart based on historical emails.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL W CHAO/ Primary Examiner, Art Unit 2492