DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Jakobsson US PG Publication 20180152471 A1.
Regarding claims 1, 12 and 20, Jakobsson teaches a method comprising: teaches determining a risk level of the electronic communication based on analyzing the interaction data, the risk level corresponding to a likelihood that the electronic communication is not generated by a human user [Jakobsson 20180152471 A1 ¶0034 recipient message server 106 performs risk analysis for incoming message for performing authenticity and/or reputation analysis to determine an overall measure of risk; wherein actual sender is determined based on measure of confidence of sender identified in the message. ¶¶0141-0142 impersonation attack message determination; measure of control of the domain of the sender to determine if the real-life identity of user satisfy some common criteria]; and
when the risk level of the electronic communication is below a risk threshold, associating a validation indicator with the electronic communication, and allowing the sending of the electronic communication to proceed [Jakobsson 20180152471 A1 ¶0039 a security risk associated the message is below a threshold (e.g., risk score determined in 208 and/or 210 is below a threshold); identifying accounts that might have been account take-over – ATOed, messages sent by the account are to be analyzed; based on past observations about typical messages sent by the sender and the degree to which a newly received message from the sender deviates from what has been typically observed about messages sent by the account of the sender. ¶0043 tracked observations about message signatures of messages from sender and associated context];
wherein the method is performed by one or more processors [Jakobsson 20180152471 A1 ¶0025 processor configured to execute instructions of invention].
obtaining observational data comprising interaction data on a user computing device [Jakobsson 20180152471 A1 ¶¶0029-0030 and 0038 Fig. 1 shows a system environment for analyzing message(s) where sending message server 104 sends messages to coupled analysis server 102 and recipient message server 106 receives via gateway 110/network 108. ¶0043 profiled message include identifying content, message signature and updated data structure that tracks observations about message signatures sent by mobile phone message client.];
detecting, in a communication application executing on the user computing device, a command to send an electronic communication [Jakobsson 20180152471 A1 ¶0048 requesting desired from services via third-party service apps. ¶¶0085-0086 determines whether electronic message is automatically generated by identifying likely scripted behavior associated with a protected accounts];
Regarding claims 2 and 13, Jakobsson teaches claim 1 as described above.
Jakobsson teaches when the risk level of the electronic communication is above the risk threshold, preventing sending of the electronic communication [¶0039 messages profiled for security risk; ¶0094 preventing access to portion of the message].
Regarding claims 3 and 14, Jakobsson teaches claim 1 as described above.
Jakobsson teaches when the risk level of the electronic communication is above the risk threshold, sending a notification to a monitoring entity indicating that the user computing device is compromised [¶0094 provides additional warning and/or performing additional analysis].
Regarding claims 4 and 15, Jakobsson teaches claim 1 as described above.
Jakobsson teaches wherein associating the validation indicator with the electronic communication comprises signing the electronic communication before allowing the sending of the electronic communication to proceed [¶0098-0099 during analysis the associated of the aggregated and stored trusted contact and information automatically determines ].
Regarding claims 5 and 16, Jakobsson teaches claim 1 as described above.
Jakobsson teaches wherein associating the validation indicator comprises adding the validation indicator to metadata of the electronic communication [¶0051 observation of generated data of the profiled past messages that are clustered by metadata/configuration/content of messages].
Regarding claims 6 and 17, Jakobsson teaches claim 1 as described above.
Jakobsson teaches wherein the electronic communication is an email [¶0030].
Regarding claims 7 and 18, Jakobsson teaches claim 1 as described above.
Jakobsson teaches obtaining electronic communication content corresponding to an incoming electronic communication [¶¶0030-0031 and 0066 analyzing content included in the message to determine one or more content risk]; verifying a second validation indicator associated with the incoming electronic communication [¶0066 expected and/or unexpected signature(s) are detected]; and determining that a risk level of the incoming electronic communication is low based at least in part on verifying the second validation indicator associated with the incoming electronic communication [¶0066 detected attributes and signature are checked for matches].
Regarding claim 8, Jakobsson teaches claim 1 as described above.
Jakobsson teaches wherein the observational data further comprises environmental data, and determining the risk level of the electronic communication is based on the environmental data [¶¶0029-0030 electronic message exchanged via a domain independently controlled to determine if the message was an automatically generated message.].
Regarding claim 9, Jakobsson teaches claim 1 as described above.
Jakobsson teaches wherein the observational data further comprises platform data, and determining the risk level of the electronic communication is based on the platform data [¶¶0042 and 0051-0052 statistics on the commonality of tracked aspects of the messages as it traverses one computing platform to another; identifies risk by determining the conditional probability].
Regarding claims 10 and 19, Jakobsson teaches claim 1 as described above.
Jakobsson teaches maintaining a device score for the user computing device based on risk levels for multiple electronic communications sent from the user computing device [¶0050 overall risk score]; wherein determining the risk level of the electronic communication is based on the device score [¶0050 determines overall risk which is based on aggregated component scores of historical observations].
Regarding claim 11, Jakobsson teaches claim 1 as described above.
Jakobsson teaches maintaining a user score for a user of an electronic communication account based on risk levels for multiple electronic communications sent from the electronic communication account of the user [¶0042 determine a Bayesian probability score of a particular message feature consistent with past observations between sender and recipient]; wherein determining the risk level of the electronic communication is based on the user score [¶0043 abnormality can be detected based on the historical observations about message signatures of the sender.].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Schweighauser et al 20190222606A1 discloses system and method for email account takeover detection and remediation.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH WHITE-TAYLOR whose telephone number is (571)270-0682. The examiner can normally be reached Monday-Friday, 10:45a-6:45p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CATHERINE THIAW can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SAKINAH WHITE-TAYLOR
Primary Examiner
Art Unit 2407
/Sakinah White-Taylor/Primary Examiner, Art Unit 2407