Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This non-final action is responsive to application filed on 08/20/2025. Claims 2-21 are pending, with claims 2 and 14 being independent.
Priority
This application is a continuation of U.S. Application No. 18/820,347 filed on August 30, 2024, which claims the priority and benefit of U.S. Provisional Application No. 63/580,465 filed on September 5, 2023.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/ patents/apply/applying-online/eterminal-disclaimer
Claims 2-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-26 of U.S. Patent No. 12,255,919. Although the claims at issue are not identical, they are not patentably distinct from each other because examined claims are anticipated by patent claims as shown below.
Examined Application
US 12,255,919
2. A method for phishing attack detection for emails, the method comprising:
a) receiving an original message and generating one or more copies of the original message, wherein the one or more copies are varied from the original message in least one of lengths, tones, formats, and writing styles;
b) processing the one or more copies and the original message by a phishing attack detection engine to detect a phishing attack; and
c) upon detecting the phishing attack, alerting a user about the phishing attack, filtering or blocking the original message.
3. The method of claim 2, wherein the one or more copies are generated utilizing a large language model.
4. The method of claim 2, wherein the phishing attack detection engine classifies the original message and the one or more copies as malicious or benign.
5. The method of claim 4, further comprising when the original message is classified as malicious, and the one or more copies are not classified as malicious, adding the one or more copies to a training dataset.
6. The method of claim 5, further comprising training the phishing attack detection engine using the one or more copies to improve the phishing attack detection engine.
7. The method of claim 8, further comprising aggregating a classification for each of the one or more copies and the original message to detect the phishing attack.
8. The method of claim 2, further comprising determining whether the original message is suspicious prior to generating the one or more copies.
9. The method of claim 8, further comprising extracting a set of features from the original message utilizing a fast speed natural language processing technique.
10. The method of claim 9, wherein the set of features comprise at least one of a header feature, a content feature, a sender background feature, and a sender relationship.
11. The method of claim 9, further comprising processing the set of features by a classifier to determine whether the original message is suspicious.
12. The method of claim 2, wherein (b) comprises extracting a set of features from the one or more copies and the original message utilizing a deep learning model.
13. The method of claim 12, wherein the set of features comprise at least an intent and motive feature extracted utilizing the deep learning model.
14. A system comprising:
(i) a memory for storing a set of software instructions,
(ii) one or more processors configured to execute the set of software instructions to perform operations comprising:
a) receiving an original message and generating one or more copies of the original message, wherein the one or more copies are varied from the original message in least one of lengths, tones, formats, and writing styles;
b) processing the one or more copies and the original message by a phishing attack detection engine to detect a phishing attack; and
c) upon detecting the phishing attack, alerting a user about the phishing attack, filtering or blocking the original message.
15. The system of claim 14, wherein the one or more copies are generated utilizing a large language model.
16. The system of claim 14, wherein the phishing attack detection engine classifies the original message and the one or more copies as malicious or benign.
17. The system of claim 16, wherein the operations further comprise when the original message is classified as malicious, and the one or more copies are not classified as malicious, adding the one or more copies to a training dataset.
18. The system of claim 17, wherein the operations further comprise training the phishing attack detection engine using the one or more copies to improve the phishing attack detection engine.
19. The system of claim 18, wherein the operations further comprise aggregating a classification for each of the one or more copies and the original message to detect the phishing attack.
20. The system of claim 14, wherein the operations further comprise determining whether the original message is suspicious prior to generating the one or more copies.
21. The system of claim 14, wherein (b) comprises extracting a set of features from the one or more copies and the original message utilizing a deep learning model.
1. A method for phishing detection for emails, the method comprising:
(a) processing an original message to determine whether the original message is suspicious;
(b) upon determining the original message is suspicious, generating multiple copies of the original message for detecting a phishing attack, wherein the multiple copies are varied from the original message in least one of lengths, tones, formats, and writing styles such that the multiple copies are generated to be similar to a training dataset that is utilized to train a phishing attack detection engine;
(c) processing the multiple copies and the original message by the phishing attack detection engine to detect an attack; and
(d) upon detecting the phishing attack, alerting a user about the phishing attack, filtering or blocking the original message.
2. The method of claim 1, wherein (a) comprises extracting a set of features from the original message utilizing a fast speed natural language processing technique.
3. The method of claim 2, wherein the set of features comprise at least one of a header feature, a content feature, a sender background feature, and a sender relationship.
4. The method of claim 3, further comprising processing the set of features by a classifier to determine whether the original message is suspicious.
5. The method of claim 1, wherein the multiple copies are generated utilizing a large language model.
6. The method of claim 1, wherein (c) comprises extracting a set of features from the multiple copies and the original message utilizing a deep learning model.
7. The method of claim 6, wherein the set of features comprise at least an intent and motive feature extracted utilizing the deep learning model.
8. The method of claim 1, wherein the multiple copies and the original message are processed by the phishing attack detection engine to classify the original message and each copy as malicious or benign.
9. The method of claim 8, further comprising when the original message is classified as malicious at (c), storing one or more copies from the multiple copies that are not classified as malicious as training data.
10. The method of claim 9, further comprising training the phishing attack detection engine using the one or more copies from the multiple copies to improve the phishing attack detection engine.
11. The method of claim 8, further comprising aggregating a classification for each of the multiple copies and the original message to detect the attack.
12. The method of claim 11, wherein the attack is detected when a voting count of the classification is above a threshold.
13. The method of claim 1, further comprising receiving the original message in an image and extracting the original message from the image utilizing Optical Character Recognition prior to (a).
14. A system comprising:
(i) a memory for storing a set of software instructions,
(ii) one or more processors configured to execute the set of software instructions to perform operations comprising:
(a) processing an original message to determine whether the original message is suspicious,
(b) upon determining the original message is suspicious, generating multiple copies of the original message for detecting a phishing attack, wherein the multiple copies are varied from the original message in least one of lengths, tones, formats, and writing styles such that the multiple copies are generated to be similar to a training dataset that is utilized to train a phishing attack detection engine,
(c) processing the multiple copies and the original message by the phishing attack detection engine to detect an attack, and
(d) upon detecting the phishing attack, alerting a user about the phishing attack, filtering or blocking the original message.
15. The system of claim 14, wherein (a) comprises extracting a set of features from the original message utilizing a fast speed natural language processing technique.
16. The system of claim 15, wherein the set of features comprise at least one of a header feature, a content feature, a sender background feature, and a sender relationship.
17. The system of claim 16, wherein the set of features are processed by a classifier to determine whether the original message is suspicious.
18. The system of claim 17, wherein the multiple copies are generated utilizing a large language model.
19. The system of claim 14, wherein (c) comprises extracting a set of features from the multiple copies and the original message utilizing a deep learning model.
20. The system of claim 19, wherein the set of features comprise at least an intent and motive feature extracted utilizing the deep learning model.
21. The system of claim 14, wherein the multiple copies and the original message are processed by the phishing attack detection engine to classify the original message and each copy as malicious or benign.
22. The system of claim 21, wherein when the original message is classified as malicious at (c), storing one or more copies from the multiple copies that are not classified as malicious as training data.
23. The system of claim 22, wherein the phishing attack detection engine is further trained using the one or more copies from the multiple copies to improve the phishing attack detection engine.
24. The system of claim 21, wherein the operations further comprise aggregating a classification for each of the multiple copies and the original message to detect the attack.
25. The system of claim 24, wherein the attack is detected when a voting count of the classification is above a threshold.
26. The system of claim 14, wherein the original message is received from a sender in an image format and the original message is extracted from the image format utilizing Optical Character Recognition.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20240314164 A1; Detecting Cyber Threats Using Artificial Intelligence
Approaches in accordance with various illustrative embodiments provide for the generation of synthetic communications for use in training and fine-tuning threat detection models for various categories of recipients. In at least one embodiment, guidelines can be determined for a category of recipient that can be used to generate multiple types of content using generative artificial intelligence (AI), as may include text, image, and file content. A training communication can be generated using these types of content, such as to generate an email message that corresponds to a potential spear phishing attack. The generated messages can be checked for quality, and any messages that are caught by existing filters can be deleted or regenerated so that only high quality examples of spear phishing are provided as output. These training communications can be used to train a spear phishing detector for a specific category of recipient, in order to accurately flag and prevent access to actual spear phishing communications.
US 20160014151 A1; Systems And Methods For Electronic Message Analysis
Systems and methods for analyzing electronic messages are disclosed. In some embodiments, the method comprises receiving a new received message from an indicated sender, the new received message having a first message characteristic of the indicated sender and a second message characteristic, identifying an actual sender message characteristic pattern of an actual sender using the first message characteristic, probabilistically comparing the second message characteristic to the actual sender message characteristic pattern, determining a degree of similarity of the second message characteristic to the actual sender message characteristic pattern, and influencing a probability that the indicated sender is the actual sender based upon the degree of similarity. There may be multiple message characteristics and patterns. In some embodiments, the methods may utilize pattern matching techniques, recipient background information, quality measures, threat intelligence data or URL information to help determine whether the new received message is from the actual sender.
US 20230075964 A1; Phishing Mail Generator With Adaptive Complexity Using Generative Adversarial Network
A generative adversarial network and a reinforcement learning system are combined to generate phishing emails with adaptive complexity. A plurality of phishing emails are obtained from a trained generative adversarial neural network, including a generator neural network and a discriminator neural network. A subset of phishing emails is selected, from the plurality of phishing emails, using a reinforcement learning system trained on user-specific behavior. One or more of the subset of phishing emails are sent to a user email account associated with a particular user. The reinforcement learning system is then adjusted based on user action feedback to the one or more of the subset of phishing emails.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHANG DO whose telephone number is (571)270-7837. The examiner can normally be reached Monday-Friday 8:00 - 5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, RUPAL DHARIA can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHANG DO/Primary Examiner, Art Unit 2492