DETAILED ACTION
This office action is in response to the application filed on 11/04/2024. Claim(s) 1-20 is/are pending and are examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/04/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Priority
The instant application claims priority to the Provisional No. 63/107,235 filed on 10/29/2020.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claim(s) 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim(s) 1, 11, and 20 of parent Application No. 17/324,952. Although the claims are not identical, they are not patentably distinct from each other for the following reason(s):
Parent Application 17/324,952
Instant Application
A computing platform, comprising: at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to :detect that a first character-limited message, sent to a recipient device from a sender device, comprises suspicious content, wherein the detection includes the computing platform scanning or evaluating a content of the first character-limited message, the recipient device being different from the computing platform; subsequent to detecting that the first character-limited message comprises suspicious content, delivering the first character-limited message to the recipient device; receive, via the communication interface, from the recipient device, user interaction information indicating that a user of the recipient device has sent a reply character-limited message in response to the first character-limited message; generate a modified character-limited message by modifying a first source phone number associated with the recipient device and corresponding to the reply character- limited message; cause transmission of the modified character-limited message with the modified first source phone number to the sender device; intercept one or more additional character-limited messages sent by the sender device and to the modified first source phone number; and redirect the one or more additional character-limited messages.
A computing platform, comprising: at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: receive, from a recipient device, an indication of a character-limited message sent in response to the recipient device receiving a first character-limited message from a sender, wherein the first character-limited message has been determined to include suspicious content prior to the first character-limited message being delivered to the recipient device; modify a source number associated with the recipient device for the character-limited message; cause transmission of the character-limited message with the modified source number to the sender; intercept a second character-limited message sent by the sender to the modified source number; and redirect the second character-limited message.
11. A method, comprising: at a computing platform comprising at least one processor, a communication interface, and memory: detecting, by the at least one processor, that a first character-limited message, sent to a recipient device from a sender device, comprises suspicious content, wherein the detecting includes the computing platform scanning or evaluating a content of the first character-limited message; subsequent to detecting that the first character-limited message comprises suspicious content, delivering the first character-limited message to the recipient device; receiving, by the at least one processor, from the recipient device, user interaction information indicating that a user of the recipient device has sent a reply character-limited message in response to the first character-limited message; generating, by the at least one processor, a modified character-limited message by modifying a first source phone number associated with the recipient device and corresponding to the reply character-limited message; causing transmission, by the at least one processor, of the modified character- limited message with the modified first source phone number to the sender device; intercepting, by the at least one processor, one or more additional character-limited messages sent by the sender device and to the modified first source phone number; and redirecting, by the at least one processor, the one or more additional character- limited messages.
11. A method, comprising: at a computing platform comprising at least one processor, a communication interface, and memory: receiving, by the at least one processor, from a recipient device, an indication of a character-limited message sent in response to the recipient device receiving a first character-limited message from a sender, wherein the first character-limited message has been determined to include suspicious content prior to the first character-limited message being delivered to the recipient device; modifying, by the at least one processor, a source number associated with the recipient device for the character-limited message; causing transmission, by the at least one processor, of the character-limited message with the modified source number to the sender; intercepting, by the at least one processor, a second character-limited message sent by the sender to the modified source number; and redirecting, by the at least one processor, the second character-limited message.
20. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory, cause the computing platform to: detect that a first character-limited message, sent to a recipient device from a sender device, comprises suspicious content, wherein the detection includes the computing platform scanning or evaluating a content of the first character-limited message; subsequent to detecting that the first character-limited message comprises suspicious content, deliver the first character-limited message to the recipient device; receive, via the communication interface, from the recipient device, user interaction information indicating that a user of the recipient device has sent a reply character-limited message in response to the first character-limited message; generate a modified character-limited message by modifying a first source phone number associated with the recipient device and corresponding to the reply character-limited message; cause transmission of the modified character-limited message with the modified first source phone number to the sender device; intercept one or more additional character-limited messages sent by the sender device and to the modified first source phone number; and redirect the one or more additional character-limited messages.
20. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory, cause the computing platform to: receive, from a recipient device, an indication of a character-limited message sent in response to the recipient device receiving a first character-limited message from a sender, wherein the first character-limited message has been determined to include suspicious content prior to the first character-limited message being delivered to the recipient device; modify a source number associated with the recipient device and for the character-limited message; cause transmission of the character-limited message with the modified source number to the sender; intercept a second character-limited message sent by the sender to the modified source number; and redirect the second character-limited message.
The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim(s) 1-20 are rejected under 112(b) for being indefinite. Claims 1, 11 and 20 each recites “redirect the second character-limited message” which permits more than one interpretation. It is unclear if Applicant intended for the second character-limited message to be redirected to the recipient or back to the sender. The Examiner interprets the claim to mean the message is redirected to the sender. Thus, Examiner is unable to ascertain the scope of the claim, and a rejection under 112(b) is proper.
The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 4, 5, 10-11, 14, 15, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wyatt (US 2012/0324094 A1), hereinafter Wyatt in view of McClintock (US 10,298,598 B1), hereinafter McClintock.
Regarding Claim(s) 1, 11, and 20 Wyatt teaches:
A computing platform, comprising:
at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: (Wyatt Fig. 2 and ¶ 31-33 teaches, Housing 210 houses familiar computer components, some of which are not shown, such as a processor 220, memory 225, battery 230, speaker, transceiver, antenna 235, microphone, ports, jacks, connectors, camera, input/output (I/O) controller, display adapter, network interface, mass storage devices 240, and the like. Mass storage devices 240 may include flash and other nonvolatile solid-state storage or solid-state drive (SSD))
receive, from a recipient device, an indication of a character-limited message sent in response to the recipient device receiving a first character-limited message from a sender, wherein the first character-limited message has been determined to include suspicious content prior to the first character-limited message being delivered to the recipient device; (Wyatt ¶ 175, the intent to send an SMS message may be intercepted if the recipient number is associated with a known malicious entity. For the message to be intercepted the system must have received an indication.)
Wyatt does not appear to explicitly teach but in related art:
modify a source number associated with the recipient device for the character-limited message; (McClintock Col. 12 Ln. 32-37 teaches, A host computer system may, in some embodiments, employ other associated systems and resources to facilitate delivering the responses to such attacks including, for example, automated imposters, artificial ports, artificial users, automated email responders and/or other such systems and resources.)
cause transmission of the character-limited message with the modified source number to the sender; (McClintock Fig. 10 and Col. 19 Ln. 36-45 teaches, an imposter, which may then generate a fake email response and that fake email response may be sent to the known attacker.)
intercept a second character-limited message sent by the sender to the modified source number; and (McClintock Col. 19 Ln. 60-67 teaches, the fake email response may include a query to the known attacker for further information which may then cause the known attacker to send a next attack email that may be received by the imposter, triggering the generation 1026 of a next fake email response that may be sent to the known attacker.)
redirect the second character-limited message. (McClintock Col. 19 Ln. 60-67 teaches, the fake email response may include a query to the known attacker for further information which may then cause the known attacker to send a next attack email that may be received by the imposter, triggering the generation 1026 of a next fake email response that may be sent to the known attacker.)
It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Wyatt with McClintock, to modify the computing platform and message interceptor of Wyatt with the imposter method of McClintock. The motivation to do so, McClintock Col. 2 Ln. 36-37, to identify potential attacks and for preventing those attacks on operational elements.
Regarding Claim(s) 4 and 14 Wyatt in view of McClintock teaches:
The computing platform of claim 1, (Wyatt in view of McClintock teaches the parent claim above.) wherein redirecting the second character-limited message comprises redirecting the second character-limited message to a honeypot. (McClintock Fig. 10 and Col. 19 Ln. 36-45 teaches, an imposter, (i.e., a honeypot) which may then generate a fake email response and that fake email response may be sent to the known attacker.)
Regarding Claim(s) 5 and 15 Wyatt in view of McClintock teaches:
The computing platform of claim 1, (Wyatt in view of McClintock teaches the parent claim above.) wherein redirecting the second character-limited message comprises redirecting the second character-limited message to a security policy enforcement entity. (McClintock Col. 13-14 Ln. 58-67 and Ln. 1-4 teaches, the attack detector 220 (which may be the same as the attack detector 210) may alter 218 the behavior of the host computer system 216 so that the host computer system thereafter responds to communications attempts from the attacker 214 with altered behavior. The attack detector 220 may alter 218 the behavior of the host by, for example, alerting the host as to the identity of the attacker 214, or by instantiating one or more analysis, modeling and/or imposter services to alter the behavior of the host such as the services described herein at least in connection with FIG. 1 or by some other such actions.)
Regarding Claim(s) 10 Wyatt in view of McClintock teaches:
The computing platform of claim 1, (Wyatt in view of McClintock teaches the parent claim above.) wherein the first character-limited message comprises at least one of a short message service (SMS) message or a multimedia messaging service (MMS) message. (Wyatt ¶ 175, the intent to send an SMS message may be intercepted if the recipient number is associated with a known malicious entity. For the message to be intercepted the system must have received an indication.)
Claim(s) 2-3, 6-7, 9, 12-13, 16-17, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wyatt in view of McClintock as applied to claim 1 above, and further in view of Jakobsson (US 2020/0053111 A1), hereinafter Jakob.
Regarding Claim(s) 2 and 12 Wyatt in view of McClintock teaches:
The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: (Wyatt in view of McClintock teaches the parent claim above.)
Wyatt in view of McClintock does not appear to explicitly teach but in related art:
based on receiving the indication, transmit an instruction, to a messaging service center, that causes the messaging service center to drop the character-limited message sent in response to the recipient device receiving the first character-limited message from the sender. (Jakob, ¶ 0330, One security action is to filter the email messages being sent from an account that is associated with a high risk of being compromised, where the filtering comprises blocking, sending to an admin, adding a warning, removing information, replacing information, blocking requests for modified artifacts until a problem has been resolved, etc.; ¶ 0048, messages may be Slack message or SMS))
It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Wyatt in view of McClintock with Jakob, to modify the computing platform and message interceptor of Wyatt with the imposter method of McClintock with the security actions of Jakob. The motivation to do so constitutes applying a known technique of blocking users or messages to known devices and/or methods for preventing malicious messages ready for improvement to yield predictable results to prevent sensitive information from being obtained by an attacker.
Regarding Claim(s) 3 and 13 Wyatt-McClintock-Jakob teaches:
The computing platform of claim 1, (Wyatt in view of McClintock teaches the parent claim above.) wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: classify the first character-limited message as potential spam, spam, or non-spam. (Jakob ¶ 0296 teaches, A person of skill in the art will recognize that yet other conditions associated with increased risk of attack can be used to trigger responses of the type disclosed herein, i.e., not limited to detection of corruption, or detection of deceptive sender information, but also, for example, the detection of dangerous content, such as malware, or references to dangerous content, or undesirable content such as spam)
The motive given in Claim 2 is equally applicable to the above claim.
Regarding Claim(s) 6 and 16 Wyatt-McClintock-Jakob teaches:
The computing platform of claim 1, wherein modifying the source number for the character-limited message comprises rewriting a phone number associated with the recipient device. (Jakob ¶ 0343 teaches, modify artifact in message. ¶ 0048, Artifacts also comprise objects such as phone numbers, which can be identified by the security system as being of a format typical of phone numbers)
Regarding Claim(s) 7 and 17 Wyatt-McClintock-Jakob teaches:
The computing platform of claim 6, (Wyatt-McClintock-Jakob teaches the parent limitation above.) wherein rewriting the phone number associated with the recipient device comprises rewriting the phone number to correspond to a honeypot. (Jakob ¶ 0117 teaches, It is commonly better for the attacker not to know that they have been detected. For this reason, it is also beneficial to automatically generate a false instance of Bob's account and/or computer, which is a form of honeypot, populate this with synthetic data generated to deceive Eve, and observe the attack proceed in the honeypot. All of these aspects are preferably automated, and performed by the security system.)
Regarding Claim(s) 9 and 19 Wyatt-McClintock-Jakob teaches:
The computing platform of claim 1, wherein determining that the first character-limited message includes suspicious content further includes: (Wyatt in view of McClintock teaches the parent claim above.) prior to delivering the first character-limited message to the recipient device, modifying a second source number for the first character-limited message sent to the recipient device, and wherein delivering the first character-limited message to the recipient device includes sending the first character-limited message with the modified second source number to the recipient device, the modified second source number indicating that the first character-limited message comprises suspicious content. (Jakob Fig. 6, “FROM: Potential Spam”, and ¶ 0048 teaches, the message security computing platform 130 may send a spam warning or digest to the recipient device (e.g., client device 150). For example, in some instances, in sending a spam warning or digest to the recipient device (e.g., client device 150), the message security computing platform 130 may cause the recipient device (e.g., client device 150) to display and/or otherwise present one or more graphical user interfaces similar to graphical user interface 600, which is shown in FIG. 6. ¶ 0048, Artifacts also comprise objects such as phone numbers, which can be identified by the security system as being of a format typical of phone numbers associated with Slack message or SMS)
Claim(s) 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wyatt in view of McClintock as applied to claim 1 above, and further in view of Roytman (US 2016/0110422 A1), hereinafter Roy.
Regarding Claim(s) 8 and 18 Wyatt in view of McClintock teaches:
The computing platform of claim 1, (Wyatt in view of McClintock teaches the parent claim above.)
Wyatt in view of McClintock does not appear to explicitly teach but in related art:
wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: train one or more machine learning algorithms using the intercepted second character-limited message received from the sender. (Roy ¶ 94 teaches, Messages for example continue to be monitored by the routing module and certain messages are for example intercepted and provided to the machine learning module in order to extend the range of user queries that the virtual assistants instantiated by the artificial intelligence module are able to resolve.)
It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Wyatt in view of McClintock with Roy, to modify the computing platform and message interceptor of Wyatt with the imposter method of McClintock with the continued learning system of Roy. The motivation to do so constitutes applying a known technique of continuous training of a model to known devices and/or methods for preventing malicious messages ready for improvement to yield predictable results to be able to further identify threats.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 11,102,244 B1 - intelligence is gathered about an attacker that is attempting an attack via a malicious exploit message by exploiting the attacker's belief that the attack is succeeding.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB BENEDICT KNACKSTEDT whose telephone number is (703)756-5608. The examiner can normally be reached Monday-Friday 8:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/J.B.K./Examiner, Art Unit 2408
/LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408