DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The following is a Non-Final Office Action in response to applicant’s filing on May 30, 2024. Claims 1-20 are pending, of which claims 1, 11, and 20 are in independent form.
Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc. In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because it had more than 150 words. Correction is required. See MPEP § 608.01 (b).
Examiner Note
Claim 20 recites that “a non-transitory storage medium”. The non-transitory storage medium has been described on Paragraph [0251] as: at least in part, by one or more processing components with any portions of software stored in an executable format on a computer readable medium. Thus, any portions of the method, apparatus and system implemented as software can be stored in one or more non-transitory storage mediums in an executable format to be executed by one or more processors. The computer readable storage mediums may be non-transitory and does not include radio or other carrier waves. The computer readable storage mediums could be, for example, a physical computer readable medium such as semiconductor memory or solid-state memory, magnetic tape, a removable computer diskette, a random-access memory (RAM), a read-only memory (ROM), a rigid magnetic disc, and an optical disk, such as a CD-ROM, CD-R/W or DVD. The various methods described above may also be implemented by a computer program product. The computer program product may include computer code arranged to instruct a computer to perform the functions of one or more of the various methods described above. The computer program and/or the code for performing such methods may be provided to an apparatus, such as a computer, on a computer readable medium or computer program product. For the computer program product, a transitory computer readable medium may include radio or other carrier waves.
CLAIM INTERPRETATION
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a cyber security training tool is configured to have a natural language processor and a large language model to be able to analyze” in claim 1,” where the cyber security training tool is configured to” in claims 2-10.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph limitation: [Paragraph 0255] Note, portions of this design implemented in software 644, 645, 646 are stored in the one or more memories 630-632 and are executed by the one or more processors 620. The processing unit 620 may have one or more processing cores, which couples to a system bus 621 that couples various system components including the system memory 630. The system bus 621 may be any of several types of bus structures selected from a memory bus, an interconnect fabric, a peripheral bus, and a local bus using any of a variety of bus architectures.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) are: “a cyber security training tool is configured to have a natural language processor and a large language model to be able to analyze” in claim 1,” where the cyber security training tool is configured to” in claims 2-10.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
“a cyber security training tool is configured to have a natural language processor and a large language model to be able to analyze” in claim 1,” where the cyber security training tool is configured to” in claims 2-10.
invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Claims 2-10 do not cure the deficiency of claim 1 and are rejected under 35 USC 112, 2nd paragraph, for their dependency upon claim 1.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 8, 10-11, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over GOUTAL et al. (US 2024/0403792 A1), hereinafter GOUTAL in view of Hebbagodi et al. (US 2023/0396641 A1), hereinafter Hebbagodi.
Regarding claim 1, GOUTAL discloses an apparatus, comprising:
both i) a synthetic cyberattack in a mimic network corresponding to a real world network as well as (GOUTAL, Para. 0044, an example of text generated and returned by the large language model 210 is shown in FIG. 16 at 162. Note that the generated text 162 mimics the writing style of the sample text provided) ii) a real cyberattack in the real world network (GOUTAL, Para. 0049, the training samples may then be used to educate the user (in this case, a William Smith) against, in this example, the specific risk of CEO fraud. As shown in FIG. 19, William Smith may be invited to view and evaluate this training sample and to provide feedback by clicking the ‘Legitimate’ or ‘Suspicious’ buttons, depending upon whether William Smith believes the training sample to be a legitimate request from the company's CEO John Doe ), and then to provide analysis and an explanation as to why machine learning identified the synthetic cyberattack and/or the real cyberattack as a cyber threat for a purpose of providing cyber security training to at least one of i) an end user of the real world network (GOUTAL, Para. 0049) and ii) a cyber security team member for the real world network (GOUTAL, Para. 0049, the training samples may then be used to educate the user (in this case, a William Smith) against, in this example, the specific risk of CEO fraud. As shown in FIG. 19, William Smith may be invited to view and evaluate this training sample and to provide feedback by clicking the ‘Legitimate’ or ‘Suspicious’ buttons, depending upon whether William Smith believes the training sample to be a legitimate request from the company's CEO John Doe ),
where the cyber security training tool further has a user interface component configured to display security awareness training for the synthetic cyberattack and/or the real cyberattack (GOUTAL, Para. 0044, the communication with the large language model may be carried out through an API (Application Programming Interface). The large language model 210 processes the prompt, and then returns the text it has generated responsive to the submission of the specialized large language model prompt S604. An example of text generated and returned by the large language model 210 is shown in FIG. 16 at 162. Note that the generated text 162 mimics the writing style of the sample text provided), and to show the end user and/or the cyber security team member an understanding of the machine learning of the synthetic cyberattack and/or the real cyberattack displayed in the user interface component (GOUTAL, Para. 0051, for instance, the CEO fraud training sample may be sent directly to the user inbox, without informing the recipient that the received email constitutes part of a training exercise. If the user fails to identify the email as suspicious and does not carry out the expected action (such as reporting the email to an administrator of the organization), then an explanation similar to that shown in FIG. 20 may be provided to educate the user against the risk of CEO fraud and similar scams); and
where instructions for the cyber security training tool are configured to be stored in one or more non-transitory machine readable mediums to be executed by one or more processing units (GOUTAL, Para. 0047, as shown, the generated electronic message (in this case, a CEO fraud email shown FIG. 17) includes both the specialized electronic message template S606 as well as the text 162 generated by the large language model 210 responsive to receipt of the specialized prompt template S604 and received by the security awareness training samples generator 202. The generated electronic message or messages or training samples (an exemplar of which is shown in FIG. 17) may then be stored in the training samples database 212, as shown at B188).
GOUTAL does not explicitly disclose a cyber security training tool is configured to have a natural language processor and a large language model to be able to analyze,
However, Hebbagodi teaches a cyber security training tool is configured to have a natural language processor and a large language model to be able to analyze (Hebbagodi, Para. 0291, wherein the system is configured to utilize large language models in the user's preferred language to generate the reasoning and threat hunting steps in natural language).
Cyber-attack training tool to inform and train a user interface component and demonstrate security awareness training for a synthetic cyberattack and a real cyberattack.
GOUTAL, and Hebbagodi are both considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL to incorporate the teaching of Hebbagodi to include a cyber security training tool is configured to have a natural language processor and a large language model to be able to analyze (Hebbagodi, Para. 0291). Doing so would aid to identify threat indicators or setting up methodologies for detection. The processing results can include improvements to precision and depth of detection, optimizations of existing policies, detection of ineffective rules, creation of new policies, creation of new detection mechanisms, and the like (Hebbagodi, Para. 0077).
Regarding claim 8, the combination of GOUTAL in view of Hebbagodi teaches the apparatus of claim 1, where the cyber security training tool is configured to use the large language model trained to deduce a level of cyber security sophistication of the end user and/or cyber security team member out of multiple different levels of sophistication, and then tailor training and a way that the cyber security training tool is explaining things to the deduced level of sophistication of the end user or the cyber security team member (GOUTAL, Para. 0025, however, these large language models may also be leveraged to generate security awareness training content that can be used to educate stakeholders of the organization (such as employees, but also actors up and down the organization's supply chain such as customers, suppliers, and partners of the organization) against the risk of cyberattacks. Indeed, with the increasing sophistication of targeted cyberattacks and the inherent limits of security technology, security awareness training has been playing a major role in hardening organizations against cyberattacks, where people are the last line of defense).
Regarding claim 10, the combination of GOUTAL in view of Hebbagodi teaches the apparatus of claim 1, where the cyber security training tool is configured to have an add-in extension configured to be installed in a software application, where the software application is at least one of i) an email application, ii) a cyber security application, and iii) a browser application such that the end user can activate the add-in extension to query whether something is malicious and then have the user interface display what the understanding of the machine learning considered malicious or not malicious (GOUTAL, Para. 0039-0041, according to one embodiment, a first type of action may include adding one or more extended headers to the email to indicate and to alert the email recipient that the textual content of the received email contains synthetic text. Extended headers are non-standard headers that are used to store additional information regarding the email. Extended headers are used by email filtering technologies to store the result of the analysis. Let's consider the example of FIG. 10 where the textual content is detected as being synthetic text generated by GPT-4 with a confidence score of 0.967 (where confidence scores closer to 1 indicate strong probability that the received email contains synthetic text and where confidence scores closer to 0 indicate a weak probability that the received email contains synthetic text). In this case, the following extended headers may be added to the email: X-SyntheticEmail-Status: synthetic X-SyntheticEmail-Detection: model=GPT-4; score=0.967).
In regard to claim 11, the method of claim 11 relates to the apparatus claim 1. Therefore, claim 11 is rejected for the same reason.
In regard to claim 18, the method of claim 18 relates to the apparatus claim 8. Therefore, claim 18 is rejected for the same reason.
In regard to claim 20, the non-transitory storage medium of claim 20 relates to the apparatus claim 1 and the method claim 11. Therefore, claim 20 is rejected for the same reason.
Claims 2-6, 9, 12-16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over GOUTAL et al. (US 2024/0403792 A1), hereinafter GOUTAL in view of Hebbagodi et al. (US 2023/0396641 A1), hereinafter Hebbagodi, and further in view of Goutal et al. (US 2024/0354403 A1), hereinafter Goutal.
Regarding claim 2, the combination of GOUTAL in view of Hebbagodi does not explicitly teach the apparatus of claim 1, where the cyber security training tool is configured to use the large language model, which is trained to output a color coded visualization of i) an inducement email with a malicious inducement portion directed to an email user identified ii) a phishing email impersonating a style of another email user with differences from the style of the other email user identified, or iii) a combination of both i) and ii).
However, Goutal (US 2024/0354403 A1) teaches where the cyber security training tool is configured to use the large language model, which is trained to output a color coded visualization (Goutal (US 2024/0354403 A1), Para. 0060, several large language models that generated the synthetic textual content; an indication of one or more synthetic text detection scores; an indication of one or more score thresholds, and/or an indication of whether the synthetic textual content was detected using a watermark-based method or a classifier-based method. In addition, the performed action, according to embodiments, may further include highlighting the detected textual content in the received email; highlighting any watermarks found in the detected synthetic textual content)of i) an inducement email with a malicious inducement portion directed to an email user identified (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046, the first two paragraphs were detected as being synthetic and are highlighted, while the third paragraph was not detected as being synthetic and was left as is) ii) a phishing email impersonating a style of another email user with differences from the style of the other email user identified (Goutal (US 2024/0354403 A1), Para. 0022, if an email is detected as being spam, phishing, or malware, then the MTA may delete the email, or alternatively move it to a specific folder), or iii) a combination of both i) and ii).
GOUTAL, Hebbagodi and Goutal (US 2024/0354403 A1) are all considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL and Hebbagodi to incorporate the teaching of Goutal (US 2024/0354403 A1) to include where the cyber security training tool is configured to use the large language model, which is trained to output a color coded visualization (Goutal (US 2024/0354403 A1), Para. 0060 )of i) an inducement email with a malicious inducement portion directed to an email user identified (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046) ii) a phishing email impersonating a style of another email user with differences from the style of the other email user identified (Goutal (US 2024/0354403 A1), Para. 0022). Doing so would aid to improve the functioning of computers by enabling the detection of synthetic text in emails received by individuals, enterprises and other organizations. Such computer-implemented methods are not capable of being effectively carried out by the mental processes of humans (Goutal (US 2024/0354403 A1), Para. 0063).
Regarding claim 3, the combination of GOUTAL in view of Hebbagodi does not explicitly teach the apparatus of claim 1, where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool to analyze malicious emails based upon historical information about one or more malicious inducements as well as one or more phishing emails impersonating a style of another email user in order to provide training to the end user upon detecting the one or more malicious inducements and/or emails impersonating the style of the other email user.
However, Goutal (US 2024/0354403 A1) teaches where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool to analyze malicious emails based upon historical information about one or more malicious inducements as well as one or more phishing emails impersonating a style of another email user in order to provide training to the end user upon detecting the one or more malicious inducements and/or emails impersonating the style of the other email user (Goutal (US 2024/0354403 A1), Para. 0034, the synthetic email detection engine 502 may then determine the size of the extracted textual content and compare the determined size to a configured size threshold) and (Goutal (US 2024/0354403 A1), Para. 0038, as shown at B620, if at least one score is greater than or equal to the associated configured score threshold, then the synthetic email detection engine may carry out, or may cause to be carried out, one or several actions to indicate or otherwise alert the recipient that the email contains synthetic text. There are different types of actions, and the list of actions performed may be configured at will). GOUTAL, Hebbagodi and Goutal (US 2024/0354403 A1) are all considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL and Hebbagodi to incorporate the teaching of Goutal (US 2024/0354403 A1) to include where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool to analyze malicious emails based upon historical information about one or more malicious inducements as well as one or more phishing emails impersonating a style of another email user in order to provide training to the end user upon detecting the one or more malicious inducements and/or emails impersonating the style of the other email user (Goutal (US 2024/0354403 A1), Para. 0034) and (Goutal (US 2024/0354403 A1), Para. 0038). Doing so would aid to improve the functioning of computers by enabling the detection of synthetic text in emails received by individuals, enterprises and other organizations. Such computer-implemented methods are not capable of being effectively carried out by the mental processes of humans (Goutal (US 2024/0354403 A1), Para. 0063).
Regarding claim 4, the combination of GOUTAL in view of Hebbagodi does not explicitly teach the apparatus of claim 1, where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a user interface to visualize through highlighting identified malicious portions of an email under analysis for a purpose of providing training to the end user, where the user interface is configured to explain and display why this email under analysis is malicious because the email under analysis is attempting to induce the end user to do a harmful act.
However, Goutal (US 2024/0354403 A1) teaches the apparatus of claim 1, where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a user interface to visualize through highlighting identified malicious portions of an email under analysis for a purpose of providing training to the end user (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046, the first two paragraphs were detected as being synthetic and are highlighted, while the third paragraph was not detected as being synthetic and was left as is), where the user interface is configured to explain and display why this email under analysis is malicious because the email under analysis is attempting to induce the end user to do a harmful act (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046). GOUTAL, Hebbagodi and Goutal (US 2024/0354403 A1) are all considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL and Hebbagodi to incorporate the teaching of Goutal (US 2024/0354403 A1) to include where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a user interface to visualize through highlighting identified malicious portions of an email under analysis for a purpose of providing training to the end user (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046), where the user interface is configured to explain and display why this email under analysis is malicious because the email under analysis is attempting to induce the end user to do a harmful act (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046). Doing so would aid to improve the functioning of computers by enabling the detection of synthetic text in emails received by individuals, enterprises and other organizations. Such computer-implemented methods are not capable of being effectively carried out by the mental processes of humans (Goutal (US 2024/0354403 A1), Para. 0063).
Regarding claim 5, the combination of GOUTAL in view of Hebbagodi does not explicitly teach the apparatus of claim 1, where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a user interface to provide immediate on the spot feedback on a display screen to the end user during their routine work activity within a software application that the end user is using on why machine learning believes that this email, under analysis, is malicious versus generating a long form written and printed report days later on why the machine learning believes that this email, under analysis, is malicious.
However, Goutal teaches where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a user interface to provide immediate on the spot feedback on a display screen to the end user during their routine work activity within a software application that the end user is using on why machine learning believes that this email, under analysis, is malicious versus generating a long form written and printed report days later on why the machine learning believes that this email, under analysis, is malicious (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046, the first two paragraphs were detected as being synthetic).
GOUTAL, Hebbagodi and Goutal (US 2024/0354403 A1) are all considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL and Hebbagodi to incorporate the teaching of Goutal (US 2024/0354403 A1) to include where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a user interface to provide immediate on the spot feedback on a display screen to the end user during their routine work activity within a software application that the end user is using on why machine learning believes that this email, under analysis, is malicious versus generating a long form written and printed report days later on why the machine learning believes that this email, under analysis, is malicious (Goutal (US 2024/0354403 A1), Fig. 11, Paras. 0045-0046). Doing so would aid to improve the functioning of computers by enabling the detection of synthetic text in emails received by individuals, enterprises and other organizations. Such computer-implemented methods are not capable of being effectively carried out by the mental processes of humans (Goutal (US 2024/0354403 A1), Para. 0063).
Regarding claim 6, the combination of GOUTAL in view of Hebbagodi teaches the apparatus of claim 1, and ii) apply natural language processing in order to turn data about the machine learning analysis, the model breaches, and the log data from the synthetic cyberattack into information in a natural language format in order for the end user and/or the cyber security team member to understand the analysis and the explanation as to why the machine learning identified the synthetic cyberattack and/or the real cyberattack as the cyber threat in order to train the end user and/or the cyber security team member (Hebbagodi, Para. 0317, wherein the system is configured to utilize large language models in the user's preferred language to generate the reasoning and threat hunting steps in natural language).
The combination of GOUTAL in view of Hebbagodi does not explicitly teach where the cyber security training tool is configured to use a large language model trained as i) a data transformation tool to understand and transform the machine learning analysis, model breaches, and log data in their natural formats from the synthetic cyberattack.
However, Goutal (US 2024/0354403 A1) teaches where the cyber security training tool is configured to use a large language model trained as i) a data transformation tool to understand and transform the machine learning analysis, model breaches, and log data in their natural formats from the synthetic cyberattack (Goutal (US 2024/0354403 A1), Para. 0056, the input signals may be either inline input signals (e.g., real time-based information) of offline input signals (e.g., information regarding trends or patterns over time). The input signals may be correlated into a common data repository or set of repositories and can correspond to tiered or processed data provided by multiple third-party service providers. For example, input signals can correspond to log files, performance metrics, alarms, notifications, memory contents, and the like. As will be described in detail below, one or more aspects of the present application can correspond to feedback or configuration of the input signals by the network service 110),
GOUTAL, Hebbagodi and Goutal (US 2024/0354403 A1) are all considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL and Hebbagodi to incorporate the teaching of Goutal (US 2024/0354403 A1) to include where the cyber security training tool is configured to use a large language model trained as i) a data transformation tool to understand and transform the machine learning analysis, model breaches, and log data in their natural formats from the synthetic cyberattack (Goutal (US 2024/0354403 A1), Para. 0056). Doing so would aid to improve the functioning of computers by enabling the detection of synthetic text in emails received by individuals, enterprises and other organizations. Such computer-implemented methods are not capable of being effectively carried out by the mental processes of humans (Goutal (US 2024/0354403 A1), Para. 0063).
Regarding claim 9, the combination of GOUTAL in view of Hebbagodi does not explicitly teach the apparatus of claim 1, where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a natural language processor and a transformer model trained on different types of malicious inducements, where the natural language processor is configured to take in text and a structure of the fields of an email to understand the text in the email, and feed them to the transformer model to understand an intent of the text in the email, under analysis, and then for the email inducement text highlighting tool to highlight words and phrases which correspond to different types of malicious inducements.
However, Goutal (US 2024/0354403 A1) teaches where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a natural language processor and a transformer model trained on different types of malicious inducements, where the natural language processor is configured to take in text and a structure of the fields of an email to understand the text in the email, and feed them to the transformer model to understand an intent of the text in the email, under analysis, and then for the email inducement text highlighting tool to highlight words and phrases which correspond to different types of malicious inducements (Goutal (US 2024/0354403 A1), Fig. 10, Para. 0043, the ‘Subject’ header may be prefixed with ‘[Synthetic]’. The ‘Subject’ header is then transformed into: Subject: [Synthetic] Outstanding invoice) and (Goutal (US 2024/0354403 A1), Fig. 10, Para. 0048, the email in which synthetic textual content has been detected may be moved to a folder named ‘Synthetic’. The email may also be moved to ‘Spam’ or ‘Junk’ folder).
GOUTAL, Hebbagodi and Goutal (US 2024/0354403 A1) are all considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL and Hebbagodi to incorporate the teaching of Goutal (US 2024/0354403 A1) to include where the cyber security training tool is configured to cooperate with an email inducement text highlighting tool, where the email inducement text highlighting tool has a natural language processor and a transformer model trained on different types of malicious inducements, where the natural language processor is configured to take in text and a structure of the fields of an email to understand the text in the email, and feed them to the transformer model to understand an intent of the text in the email, under analysis, and then for the email inducement text highlighting tool to highlight words and phrases which correspond to different types of malicious inducements (Goutal (US 2024/0354403 A1), Fig. 10, Para. 0043, the ‘Subject’ header may be prefixed with ‘[Synthetic]’. The ‘Subject’ header is then transformed into: Subject: [Synthetic] Outstanding invoice) and (Goutal (US 2024/0354403 A1), Fig. 10, Para. 0048). Doing so would aid to improve the functioning of computers by enabling the detection of synthetic text in emails received by individuals, enterprises and other organizations. Such computer-implemented methods are not capable of being effectively carried out by the mental processes of humans (Goutal (US 2024/0354403 A1), Para. 0063).
In regard to claim 12, the method of claim 12 relates to the apparatus claim 2. Therefore, claim 12 is rejected for the same reason.
In regard to claim 13, the method of claim 13 relates to the apparatus claim 3. Therefore, claim 13 is rejected for the same reason.
In regard to claim 14, the method of claim 14 relates to the apparatus claim 4. Therefore, claim 14 is rejected for the same reason.
In regard to claim 15, the method of claim 15 relates to the apparatus claim 5. Therefore, claim 15 is rejected for the same reason.
In regard to claim 16, the method of claim 16 relates to the apparatus claim 6. Therefore, claim 16 is rejected for the same reason.
In regard to claim 19, the method of claim 19 relates to the apparatus claim 9. Therefore, claim 19 is rejected for the same reason.
Claims 7, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over GOUTAL et al. (US 2024/0403792 A1), hereinafter GOUTAL in view of Hebbagodi et al. (US 2023/0396641 A1), hereinafter Hebbagodi, and further in view of BETTHAUSER et al. (US 2024/0370570 A1), hereinafter BETTHAUSER.
Regarding claim 7, the combination of GOUTAL in view of Hebbagodi does not explicitly teach the apparatus of claim 1, where the cyber security training tool is configured to use a large language model trained to generate software code that creates data visualizations, including at least one of a graph and a chart, to showcase cyber security breaches, user activity, and current cyber threat trends.
However, BETTHAUSER teaches where the cyber security training tool is configured to use a large language model trained to generate software code that creates data visualizations, including at least one of a graph and a chart, to showcase cyber security breaches, user activity, and current cyber threat trends (BETTHAUSER, Para. 0049, each log line may be processed by a large language model to generate an embedding. Each embedding may be treated as a vertex in the graph 302, such that each vertex exists in an N-dimensional space, where N is the number of elements of the embedding vectors) and (BETTHAUSER, Para. 0050, graphs 300 are labeled based on a classification criteria 520 that was associated with raw input 102. In a security context, classification criteria may indicate if the log line is deemed suspicious. Suspiciousness may be based on a manual evaluation of the log line, alone or in the context of the entire log, e.g., as part of a post-mortem analysis of a security breach. For example, a log line may be deemed suspicious if a destination IP address is to an area known for phishing attacks. Log lines may also be deemed suspicious based on repetition of operations such as password changes, file access, privilege escalation, or other sensitive operations. Log lines may also be deemed suspicious based on an automated analysis).
GOUTAL, Hebbagodi and BETTHAUSER are all considered to be analogous to the claimed invention because they are in the same field of Cyber-attack training tool to train a user interface component and to demonstrate security awareness training for a synthetic cyberattack and a real cyberattack. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filling date of the claimed invention to have modified GOUTAL and Hebbagodi to incorporate the teaching of BETTHAUSER to include where the cyber security training tool is configured to use a large language model trained to generate software code that creates data visualizations, including at least one of a graph and a chart, to showcase cyber security breaches, user activity, and current cyber threat trends (BETTHAUSER, Para. 0049) and (BETTHAUSER, Para. 0050). Doing so would aid users can quickly and cheaply iterate over different graph topologies and bootstrap signal from existing encoder models. This enables the resolution of the analysis to be changed from the level of individual embeddings to the level of entire raw inputs. The downstream model is typically a much smaller model than the encoder model, and so adjusting the graph topology or retraining the downstream model is faster and cheaper than re-training the encoder model. Iterating over different graph topologies and/or downstream models leverages large encoder models that have processed a vast amount of data (BETTHAUSER, Para. 0018).
In regard to claim 17, the method of claim 17 relates to the apparatus claim 7. Therefore, claim 17 is rejected for the same reason.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTOL-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571)272-0248. The examiner can normally be reached Monday- Friday 9:00 am- 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GITA FARAMARZI/Examiner, Art Unit 2496
/SHAHRIAR ZARRINEH/ Primary Examiner, Art Unit 2496
Prosecution Insights