Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detail Action
This office action is response to the application 18/960,792 filed on 11/26/2024. Claims 1-17 are pending in this communication.
Priority
This application has PRO 63/603,887 11/29/2023. Priority date has been accepted.
Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and/or mobile phone number in next communication, which will be very helpful to advance the prosecution.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. OR
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-5, 13, 15 & 16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by IRIMIE; Alin et al. (US 2018/0191776 A1)
Regarding Claim 1, IRIMIE anticipated a computerized platform for implementing an educational campaign to increase awareness of indications of signs of unsafe e-mails, the computerized platform configured to perform a method comprising utilizing an assignment-based approach to provide one or more assignments to a user in which the user is presented with a simulated e-mail including one or more indicators that the user is instructed to determine as being more likely associated with a social engineering-containing e-mail, often called a phishing email, and thus unsafe, or a non-malicious e-mail, and thus safe {Figs. 1C, 2, Fig. 15 –‘Phishing Campaign’ & [0082], “A simulated phishing attack may test the readiness of a security system or users of a system to handle phishing attacks such that malicious actions are prevented. A simulated phishing attack may, for example, target a large number of users, such as employees of an organization. Such an attack may be performed by a party friendly or neutral to the targets of the simulated attack. In one type of simulated phishing attack, an attempt is made to extract sensitive information (Fig. 18) using phishing methods, and any extracted information is used not for malicious purposes, but as part of a process of detecting weaknesses in security. Performing a simulated phishing attack can help expose a lack of vigilance and/or know-how in a user or set of users of a device in minimizing risk associated with such attacks. User know-how can be improved by providing targeted, real-time training to the user at the time of failing a test provided by a simulated phishing attack”}.
Regarding Claim 2, IRIMIE anticipates all the features of claim 1 and IRIMIE further anticipates
configured to send an e-mail to a user inviting them to participate in an assignment of the one or more assignments, and responsive to the user accepting the invitation, presenting the assignment to the user in a website dedicated to the educational campaign {[0082], “A simulated phishing attack may test the readiness of a security system or users of a system to handle phishing attacks such that malicious actions are prevented … Such an attack may be performed by a party friendly or neutral to the targets of the simulated attack … User know-how can be improved by providing targeted, real-time training to the user at the time of failing a test provided by a simulated phishing attack”. Examiner’s note: testing users how to identify phishing email and providing further training is an educational and awareness building campaign}.
Regarding Claim 3, IRIMIE anticipates all the features of claim 1 and IRIMIE further anticipates
configured to present the user with a window including selectable responses regarding whether an indicator within the simulated e-mail appears safe or unsafe {Fig. 12 & [0005], “the user will automatically be shown which of the failure indicators were in the email that they responded to, along with an explanation of why these failure indicators should have been recognizable. The failure indicators may be shown to the user by presenting the user with a copy of the email that they interacted with, with the failure indicators highlighted with flags”}.
Regarding Claim 4, IRIMIE anticipates all the features of claim 3 and IRIMIE further anticipates
configured to present to user with a selectable help link which, if selected by the user, presents the user with information regarding how to determine whether the indicator within the simulated e-mail should be considered safe or unsafe {[0082], “Performing a simulated phishing attack can help expose a lack of vigilance and/or know-how in a user or set of users of a device in minimizing risk associated with such attacks. User know-how can be improved by providing targeted, real-time training to the user at the time of failing a test provided by a simulated phishing attack”}.
Regarding Claim 5, IRIMIE anticipates all the features of claim 1 and IRIMIE further anticipates
configured to mirror hacker attacks with typo-squatted domain names and vendor branding that is not possible for phishing vendors to impersonate and that imitates what real hackers, organized crime, and nation states do when attacking individuals and companies with phishing emails {[0111], “Email domain is strange or suspicious” … [0112], “Email domain is spoofing a popular website” … [0113], “Email domain is misspelling of a popular website”}.
Regarding Claim 13, IRIMIE anticipates all the features of claim 1 and IRIMIE further anticipates
one or more indicators include a plurality of indicators selected from the group including sender, subject, greeting, spelling, punctuation, and grammar, urgency and emotionality, links to external websites, and attachments {[0009], “the method further includes selecting, via the editing tool, to create a custom phishing email template. In some implementations, the one or more failure indicators is selected from a category of the following categories: sender, subject, content, attachment, link and overall”}.
Regarding Claim 15, IRIMIE anticipates all the features of claim 1 and IRIMIE further anticipates
configured to automatically deliver prompts for performance of assignment-based phishing simulations to e-mail inboxes of users without a need for an administrator to perform email filtration bypass functions including any one or more of: i) direct injection ii) allow-listing, iii) X-Header usage, or iv) PowerShell scripting to deliver the prompts to the inboxes of the users {[0003], “an email may be sent to a target, the email having an attachment that performs malicious actions when executed or a link to a webpage that either performs malicious actions when accessed or prompts the user to execute a malicious program. Malicious actions may be malicious data collection or actions harmful to the normal functioning of a device on which the email was activated, or any other malicious actions capable of being performed by a program or a set of programs”}.
Regarding Claim 16, IRIMIE anticipates all the features of claim 1 and IRIMIE further anticipates
configured to provide an indication to an administrator of which users in an organization have completed a phishing assignment or not {[0081], “The systems and methods allow for the system administrator to provide immediate feedback and learning opportunities to users who fail the test. The systems and methods further allow the system administrator to add social engineering based failure indicators, also known as failure indicators, into any existing phishing email template, as well as allowing the system administrator to create new templates which include one or more selected failure indicators. The systems and methods further allow the system administrator to customize the message that is sent to the user upon failing a test”. Examiner’s note: administrator is aware of participant’s doing or not doing the test in multiple way}.
Claim Rejections - 35 USC § 103
The following is a quotation of AIA 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 6-9, 11, 12 & 14 are rejected under AIA 35 U.S.C. 103 as being unpatentable over IRIMIE; Alin et al. (US 2018/0191776 A1) in view of UNIYAL; Rahul (US 2025/0112953 A1).
Regarding Claim 6, IRIMIE anticipates all the features if claim 1, IRIMIE, however, does not explicitly disclose
configured to present a user with a score and an indication of whether they have passed the assignment substantially immediately responsive to the user having selected whether each of the one or more indicators in the simulate e-mail are safe or unsafe and submitting their selections.
In an analogous reference UNIYAL discloses
configured to present a user with a score and an indication of whether they have passed the assignment substantially immediately responsive to the user having selected whether each of the one or more indicators in the simulate e-mail are safe or unsafe and submitting their selections {[0087], “A user may be told the user's scores and may receive an explanation of any mistakes. Additional training may be provided to a user, if warranted (e.g., if the user made some mistakes), after initial training with a sequence test phishing attacks”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify IRIMIE’s technique of ‘testing and training users to identify and avoid phishing attempts by malicious parties’ for ‘scoring users by identifying user’s selection of phishing indicators’, as taught by UNIYAL, in order to reduce data intrusion traps. The motivation is: simulation training provides a quantifiable security baseline by scoring a user's ability to detect phishing indicators. This data-driven approach pinpoints specific knowledge gaps, such as spoofed domains or malicious attachments. By prioritizing high-risk users for additional training, an organization demonstrably reduce the success of actual attacks and build a resilient "human firewall" against credential theft and malware.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined, they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately.
Regarding Claim 7, IRIMIE anticipates all the features if claim 6, IRIMIE, however, does not explicitly disclose
configured to request the user to re-take the assignment if they did not receive a passing score.
UNIYAL further discloses
configured to request the user to re-take the assignment if they did not receive a passing score {[0044], “If the user did not correctly recognize and ignore or avoid responding to all of the test phishing attacks … resume with some or all of the same types of test attack activities (challenges) repeated, especially those which the user did not correctly identify”}.
Regarding Claim 8, IRIMIE anticipates all the features if claim 7, IRIMIE, however, does not explicitly disclose
configured to randomly select from different content to include within each of the one or more indicators if the user re-takes the assignment.
UNIYAL further discloses
configured to randomly select from different content to include within each of the one or more indicators if the user re-takes the assignment {[0089], “The navigation vectors may also specify whether and how to continue testing the user until better responses are received. For example, if the user responds to a particular type of phishing attack, that type of phishing attack may be repeated based on a navigation vector”}.
Regarding Claim 9, IRIMIE anticipates all the features if claim 1, IRIMIE, however, does not explicitly disclose
configured to present the use with positive reinforcement responsive to passing the training assignment.
UNIYAL further discloses
configured to present the use with positive reinforcement responsive to passing the training assignment {[0025], “The gamification may include training about potential phishing in a metaverse or mixed reality environment by testing the users with test phishing attacks. The gamification may incentivize participation, such as by scoring user training and advising users of their performance in phishing prevention activities”}.
Regarding Claim 11, IRIMIE anticipates all the features if claim 1, IRIMIE, however, does not explicitly disclose
configured to assign the user an overall score and a rank responsive performance of the user in the one or more assignments.
UNIYAL further discloses
configured to assign the user an overall score and a rank responsive performance of the user in the one or more assignments {[0087], “A user may be told the user's scores and may receive an explanation of any mistakes. Additional training may be provided to a user, if warranted (e.g., if the user made some mistakes), after initial training with a sequence test phishing attacks”}.
Regarding Claim 12, IRIMIE anticipates all the features if claim 1, IRIMIE, however, does not explicitly disclose
configured to present the rank of the user as an avatar, with different avatars being associated with different ranks.
UNIYAL further discloses
configured to present the rank of the user as an avatar, with different avatars being associated with different ranks {[0041], “a user's avatar may interact with an avatar for a bank relationship manager (RM) avatar. This avatar may be localized to the user” … [0087], “A user may be scored based on how many attacks the user successfully avoided, presumably because the attacks were detected. The scores may be provided to the user. A user may be told the user's scores and may receive an explanation of any mistakes”}.
Regarding Claim 14, IRIMIE anticipates all the features if claim 1, IRIMIE, however, does not explicitly disclose
configured to automatically adjust difficulty of subsequent assignments taken by the user based on performance of the user in prior assignments.
UNIYAL further discloses
configured to automatically adjust difficulty of subsequent assignments taken by the user based on performance of the user in prior assignments {[0089], “The navigation vectors may also specify whether and how to continue testing the user until better responses are received. For example, if the user responds to a particular type of phishing attack, that type of phishing attack may be repeated based on a navigation vector”}.
Claim 10 is rejected under AIA 35 U.S.C. 103 as being unpatentable over IRIMIE; Alin et al. (US 2018/0191776 A1) in view of KUMAR; Lokesh Vijay et al. (US 2025/0005150 A1).
Regarding Claim 10, IRIMIE anticipates all the features if claim 1, IRIMIE, however, does not explicitly disclose
configured to randomly assign content that should be considered either safe or unsafe to each of the one or more indicators.
In an analogous reference KUMAR discloses
configured to randomly assign content that should be considered either safe or unsafe to each of the one or more indicators {[0052], “the machine learning system may randomly select observations to be included in the training set 220 and/or the test set 225”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify IRIMIE’s technique of ‘testing and training users to identify and avoid phishing attempts by malicious parties’ for testing phishing knowledge by randomly assigning content, as taught by KUMAR, in order to reduce data intrusion traps. The motivation is: randomly shuffled simulation training provides a quantifiable security baseline by scoring a user's ability to detect phishing indicators. By prioritizing high-risk users for additional training, an organization demonstrably reduce the success of actual attacks and build a resilient "human firewall" against credential theft and malware.
Claim 17 is rejected under AIA 35 U.S.C. 103 as being unpatentable over IRIMIE; Alin et al. (US 2018/0191776 A1) in view of ATENCIO; Philip et al. (US 2021/0090463 A1).
Regarding Claim 17, IRIMIE anticipates all the features if claim 1, IRIMIE, however, does not explicitly disclose
leading to greater than 90% compliance of all end users having taken and passed the phishing exercise.
In an analogous reference ATENCIO discloses
leading to greater than 90% compliance of all end users having taken and passed the phishing exercise {[0007], “employees who fail to meet the scoring criteria are given an opportunity to retake the test until they pass, and failure to complete training with a passing grade generally results in disciplinary action”. Examiner’s note: a user under test must repeat testing until passes 100%}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify IRIMIE’s technique of ‘testing and training users to identify and avoid phishing attempts by malicious parties’ for ‘keeping phishing avoidance skill by repeated testing and training users’ by CCC, in order to keep data intrusion rare. The motivation is: By prioritizing high-risk users for additional training, an organization demonstrably reduce the success of actual attacks and build a resilient "human firewall" against credential theft and malware.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034 or Quazi.farooqui@USPTO.GOV. The examiner can normally be reached on Monday-Friday 9:00 am to 5:30 pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bill Korzuch can be reached on (571) 272-7589 or William.Korzuch@USPTO.GOV. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491