DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
Claims 2, 6-8, 16, and 20 have been canceled. Claim 1, 15, 21 have been amended. Claims 22-23 are newly added.. The following claims 1, 3-5, 9-15, 17-19 and 21-23 have been examined and are pending.
Response to Arguments
Applicant' s Amendments necessitated a new ground of rejection; accordingly, Applicant's arguments see pages 7-8 of remarks, filed 02/03/2026, with respect to amended independent claims 1, 15, and 21 (Goutal, US PG Publication 2018/0007066 A1) have been considered but are moot in view of the new ground of rejections (Amaya Calvo et al, hereinafter (“Amaya”), US PG Publication 20130212658 A1, in view of Goutal, US PG Publication 2018/0007066 A1) applied below.
Acknowledgement to Applicant' s amendment to claim 8 has been noted. The claim has been reviewed, entered and found obviating to previously raised objection for minor informalities. Objection to the claims is hereby withdrawn.
Applicants’ arguments in the instant Amendment, filed on 02/03/2026, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “Claims 1, 3-5, 9-15, 17-19, and 21 stand rejected under 35 U.S.C. §102 as being anticipated by Goutal (U.S. Pub. No. 2018/0007066). The remaining claims stand rejected under 35 U.S.C. § 103 based on Goutal as combined with one or more other references. The rejections are respectfully traversed.
Independent Claims 1, 17, and 21 each recite taking a remedial action with respect to a suspected credential phishing web page. In particular, and as amended, independent Claims 1, 17, and 21 each recite that an artificial credential is provided that is "associated with a fictitious employee having a fictitious employee record that was previously created in an authentication server." As amended, independent Claims 1, 17, and 21 also recite that "an attempted authentication of the fictitious employee against the authentication server was performed" and that in response, the remedial action is taken. Support for the amendments may be found, without exception, in the Specification at [0035]-[0038]. No new subject matter has been added. The cited prior art does not disclose detecting a credential phishing page in such a manner, accordingly, independent Claims 1, 17, and 21 are believed to be allowable.”
Examiner disagrees with the Applicant’s argument. While Goutal also teaches in par 0056: "Fig. 4 shows an example of a login page 400 for a fictitious business online banking service called NetDirect." Examiner respectfully submits that Goutal does disclose the limitation for which it was applied; specifically the first limitation of the independent claims 1, 15, and 21: “receive a URL that is associated with a suspected credential phishing web page, wherein the suspected credential phishing web page includes at least one element soliciting at least one credential, and wherein the URL was included in a message having at least one intended recipient.” As such, the Goutal has been maintained and after conducting an updated search on the amended language; Goutal has been further combined with Amaya Calvo et al, hereinafter (“Amaya”), US PG Publication 20130212658 A1, now as a 35 USC 103 rejection below.
Applicant’s arguments: “The remaining claims depend from one of the aforementioned independent claims and are therefore believed to be allowable for the same reasons described above…”
Examiner disagrees with the Applicant’s argument. Examiner respectfully submits that the remaining dependent claims are also not allowable as the current independent claims 1, 15, and 21 have been amended.
Specification
The use of the term Windows-based, Ubuntu Linux, Mac OS X in para 0019, which is a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.
Claim Objections
Claim 9 is objected to because of the following informalities:
Claim 9, line 2: intentional use term - being; claim limitation should positively recite.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1, 3-5, 7, and 9-23 are rejected under 35 U.S.C. 103 as being unpatentable over Amaya Calvo et al, hereinafter (“Amaya”), US PG Publication 20130212658 A1, in view of Goutal, US PG Publication 2018/0007066 A1.
Regarding currently amended claims 1, 15, and 21, Amaya teaches a system, comprising; a method, comprising; and a computer program product embodied in a non-transitory tangible computer readable storage medium and comprising computer instructions for: a processor configured to: [Amaya ¶0091 processing module 340 includes a processor]; a memory coupled to the processor and configured to provide the processor with instructions. [Amaya ¶0090 RAM and some persistent storage memory];
provide an artificial credential, associated with a fictitious employee having a fictitious employee record that was previously created in an authentication server, to the suspected credential phishing web page, wherein the artificial credential comprises a generated password, and wherein the artificial credential, when supplied during a request to access a resource, indicates that the attempted access to the resource is unauthorized; [Amaya ¶¶0029 0038 0064-0065 propagate a previously generated database of false data; a fake credential distributor for automatic creating a set of valid but fake credentials to access such website of the service provider and for distributing such set of fake credentials to a plurality of predefined websites. A fake user database including at least said set of fake credentials;]
receive an indication that, subsequent to providing the artificial credential to the suspected credential phishing web page, an attempted authentication of the fictitious employee against the authentication server was performed ¶0083 module 100 of fake users DB 400 automatically populates with an indication of which phishing site(s) were propagated to whenever it poison a new phishing site. ¶0084 inline monitor 300 analyzes and automatically detects any login attempts to service provider's web service using fake user credentials. Specification states in para 0034: If an attempt at using the artificial credentials is made, this indicates both that the URL to which the credential(s) was submitted is a phishing page, and also that the submitter of the credentials is an attacker. ] and
in response to receiving the indication that the attempted use of the artificial credential to access the resource has been made, take at least one remedial action with respect to the suspected credential phishing web page; [Amaya ¶¶0077-0078 and 0080 page analysis of poisoned site; list of fake users provided to each phishing site. ¶¶0095-0096 if the fake credential are found on the fake user database 400 and the username is fake, then 303a the connection is internally marked as tainted —a tainted connection is a connection used to commit fraud.].
While Amaya teaches receive a URL that is associated with a suspected credential phishing web page, wherein the suspected credential phishing web page includes at least one element soliciting at least one credential, [Amaya ¶¶0043 if there is any other login attempt of a user from an origin network location in said list of tainted connections, said user access request]; however, Amaya fails to explicitly teach but However, Amaya fails to explicitly teach but Goutal teaches receive a URL that is associated with a suspected credential phishing web page, wherein the suspected credential phishing web page includes at least one element soliciting at least one credential, and wherein the URL was included in a message having at least one intended recipient; [Goutal ¶0015 “The phisher sends out a phishing campaign using a selected electronic communication modality (email, text message . . . etc.). The phishing message at the heart of the phishing campaign may comprise text, graphics and/or other content that is intended to fool the user into believing that the originator of the phishing message is legitimate, to induce and prompt the victim to click on a fraudulent Universal Resource Locator (URL) that leads the victim not to a legitimate website but to a look-alike, fraudulent website.” ¶0016 “The victim receives the phishing message, and clicks on the fraudulent URL. The user's browser opens the fraudulent website and the victim, believing that the fraudulent website is actually legitimate, submits the requested credentials, usually login credentials or banking details. As shown in FIG. 1, the victim John Doe may be induced to provide his login credentials 102, 104 (in this case, an email address and a password) on a counterfeit webpage that may look identical to the intended legitimate webpage.”)]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not receive a URL that is associated with a suspected credential phishing web page, wherein the suspected credential phishing web page includes at least one element soliciting at least one credential, and wherein the URL was included in a message having at least one intended recipient. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding claims 3 and 17, the combination of Amaya and Goutal teach claim 1 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the processor is further configured to identify a set of additional recipients that received the URL. [Goutal ¶0015-0016 victims receives phishing message and clicks on fraudulent URL via phishing campaign]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the processor is further configured to identify a set of additional recipients that received the URL. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to identify additional recipients [Goutal ¶¶0015-0016].
Regarding claims 4 and 18, the combination of Amaya and Goutal teach claim 3 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the processor is further configured to identify the set of additional recipients at least in part by tracking email addresses to which the URL was sent. [Goutal ¶0021 method of deterring and interdicting phishers includes the detection of these phishing dropboxes. Such identification enables the identification of the victim ]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the processor is further configured to identify the set of additional recipients at least in part by tracking email addresses to which the URL was sent. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding currently amended claims 5 and 19, the combination of Amaya and Goutal teach claim 1 as described above.
Amaya teaches wherein the processor is further configured to generate the fictious employee record ¶¶0029 0037-0038 a fake credential distributor…a fake user database including at least said set of fake credentials]
Regarding claim 6, the combination of Amaya and Goutal teach claim 1 as described above.
Amaya teaches wherein the processor is configured to generate the artificial credential by using a randomizer. [Amaya 0022 Using the Browser's Password Database: choosing random passwords; method similar to password mangler.]
Regarding claims 7 and 20, the combination of Amaya and Goutal teach claim 1 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the processor is configured to generate an artificial login by selecting from a common username directory. [Goutal ¶0066-0067 selected generic scenario or a brand; programmatically inputting the generated fake user credentials into the input field(s) of the login page(s)].
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the processor is configured to generate an artificial login by selecting from a common username directory. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding claim 9, the combination of Amaya and Goutal teach claim 1 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the at least one remedial action includes preventing the URL from being transmitted to legitimate users. [Goutal ¶0021-0023 prevent phishers from continuing their use of the free webmail service in furtherance of their crimes; shut down phishing dropboxes]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the at least one remedial action includes preventing the URL from being transmitted to legitimate users. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding claim 10, the combination of Amaya and Goutal teach claim 1 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the at least one remedial action includes blacklisting the URL. [Goutal ¶0037-0038 and 0046-0047 corrective action include downloading and inclusion of the IP address associated with identified fraudulent website ]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the at least one remedial action includes blacklisting the URL. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding claim 11, the combination of Amaya and Goutal teach claim 1 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the processor is further configured to determine whether any recipients of the URL accessed the suspected credential phishing web page web page. [See Goutal ¶0069 ]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the processor is further configured to determine whether any recipients of the URL accessed the suspected credential phishing web page web page. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding claim 12, the combination of Amaya and Goutal teach claim 11 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the at least one remedial action includes preventing any recipients of the URL that accessed the suspected credential phishing web page from accessing the resource. [See Goutal ¶0037]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the at least one remedial action includes preventing any recipients of the URL that accessed the suspected credential phishing web page from accessing the resource. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding claim 13, the combination of Amaya and Goutal teach claim 11 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the at least one remedial action includes requiring at least one recipient of the URL to change a password. [Goutal ¶0037 user may change his or her login information, now that their previous login information has been compromised.]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the at least one remedial action includes requiring at least one recipient of the URL to change a password. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding claim 14, the combination of Amaya and Goutal teach claim 11 as described above.
However, Amaya fails to explicitly teach but Goutal teaches wherein the at least one remedial action includes flagging a server hosting the suspected credential phishing web page as compromised. [Goutal ¶0037-0038 compromised or fraudulent websites can be flagged indicating still online]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not wherein the at least one remedial action includes flagging a server hosting the suspected credential phishing web page as compromised. Amaya teaches a system for automated prevention of fraud. Goutal teaches a detection of phishing dropboxes. Because both Amaya and Goutal are both from the same field of endeavor of countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing; it would have been obvious to try to one skilled in the art before the effective filing date of the claimed invention to use the phisher functionality to receive suspected credential phishing web pages [Goutal ¶¶0015-0016].
Regarding new claim 22, the combination of Amaya and Goutal teach claim 1 as described above.
Amaya teaches wherein the processor is further configured to poll the authentication server to determine whether an attempt to authenticate the fictitious employee has been attempted. [Amaya ¶¶0080 site analyzer and DB populates 130].
Regarding new claim 23, the combination of Amaya and Goutal teach claim 1 as described above.
Amaya teaches wherein the processor is further configured to receive an alert from the authentication server in the event an attempt to authenticate the fictitious employee has occurred. [Amaya ¶0083 along with an indication of which phishing site or sites they were propagated to]
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Amaya Calvo et al, hereinafter (“Amaya”), US PG Publication 20130212658 A1, in view of Goutal, US PG Publication 2018/0007066 A1, in view of Weidman, US PG Publication 20170318046 A1
Regarding claim 8, the combination of Amaya and Goutal teach claim 1 as described above.
However, the combination of Amaya and Goutal fail to explicitly teach but Weidman teaches wherein the processor is further configured to quarantine any messages including the received URL from reaching legitimate users until a determination is made about whether the suspected credential phishing web page should be confirmed as the confirmed credential phishing web page. [Weidman ¶0019 may attempt to gain access to any that it finds. The on-device agent may, for example, test to see if sandboxed data can be read. Examiner interprets sandboxing as analogous to quarantine]
However, Amaya fails to explicitly teach but Goutal teaches all the features of claims 1, 15, and 21 not quarantine any messages including the received URL from reaching legitimate users until a determination is made about whether the suspected credential phishing web page should be confirmed as the confirmed credential phishing web page. Weidman teaches a system for assessing data security. Because Amaya, Goutal and Weidman teach mitigating phishing attacks, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use the system to isolate corporate or other organizational applications and data from other applications together as taught by Weidman to sandbox applications for security [Weidman ¶0019].
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682. The examiner can normally be reached Monday-Friday, 10:45a-3:45p, 7p-10p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CATHERINE THIAW can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SAKINAH WHITE-TAYLOR
Primary Examiner
Art Unit 2407
/Sakinah White-Taylor/Primary Examiner, Art Unit 2407