DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1, 3-4, 10, 12-13, and 19 are pending in this Office Action.
Response to Arguments
Applicant's arguments filed in the amendment filed 11/25/2025, have been fully considered but they are not persuasive. The reasons are set forth below.
Drawings
The formal drawings received on 06/05/2021 have been entered.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 3-4, 10, 12-13, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singla (US 20140165140) in view of van Os (US 20090119504), and further in view of Sanap (US 20200045065).
Claims 1, 10, 19. Singla teaches:
A method for automatically detecting an anomaly based on a session of components received for a web service, the method comprising: – in paragraphs [0020], [0023], [0024], Figs. 1-4 (A framework to detect anomalies in web-based financial transactions (e.g., account access) behavior and other types of user action events. Rules may be used to detect when an online transaction is likely to be fraudulent based on the properties of the online session.)
comparing the intercepted component request to a set of components having a preset chronological order, – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (A user-specific baseline is determined based on an identified pattern of a temporally-ordered sequence of events and/or based on time gaps between each of the events in the sequence. Rules may be used to detect when an online transaction is likely to be fraudulent based on the properties of the online session. Events corresponding to a user's interaction with an online account or other session (e.g., web session), are compared against the user-specific baseline.)
wherein a first component within the set of components has an output that is taken as an input of a second component in the set of components, and the second component has an output that is provided as the input to a third component in the set of components; – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.)
detecting, based on the comparison, that the intercepted component request is not received in an expected chronological order defined by the present chronological order of the set of components including the first component, the second component, and the third component, – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (Significant deviations from a user's baseline or expected behavior may be flagged as a potential fraud.)
wherein such detection is made if the intercepted component request does not match a request associated with the session of the components; and – in paragraphs [0042], [0080], [0081] (Rules engine 18 is configured to compare a sequence of incoming events and time data (including time gaps) of a current session to the reference baseline associated with the particular user, and initiate a rule firing where the current session information does not match with a reference baseline.)
detecting that the received component request is not preceded by an expected preceding component request as specified in the preset chronological order; – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.)
determining whether a preceding component request necessary for generating an input for a subsequent component request is missing; and – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access.)
identifying the received component request as an anomaly based on the unexpected chronological order of the received component request and missing causal dependency. – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.)
Singla does not explicitly teach:
receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, the component requests being intercepted by the agent stored on the remote server.
However, van Os teaches:
receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, – in paragraphs [0024]-[0041], [0111]-[0120] (All communication traffic between clients 110 and servers 170 may traverse intermediaries 130, 150. One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.)
the component requests being intercepted by the agent stored on the remote server; – in paragraphs [0024]-[0041], [0111]-[0120] (One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.)
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla with van Os to include receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, the component requests being intercepted by the agent stored on the remote server, as taught by van Os, in paragraphs [0002]-[0023], to provide a technique for facilitating optimization of network transactions conducted via authenticated and secured communication sessions.
Combination of Singla and van Os does not explicitly teach:
wherein the component is an API.
However, Sanap teaches:
wherein the component is an API – in paragraphs [0012], [0034], [0049], [0070] (At 502, an API request/call for an API session is initiated at the client device 102 in the application. At 504, the API request is sent to the API server 106 from the client device 102.)
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla and van Os with Sanap to include wherein the component is an API, as taught by Sanap, in paragraph [0002], to provide a technique for identification of breach attempts in a client-server communication.
In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960) (Claims at issue were directed to a water-tight masonry structure wherein a water seal of flexible material fills the joints which form between adjacent pours of concrete. The claimed water seal has a "web" which lies in the joint, and a plurality of "ribs" projecting outwardly from each side of the web into one of the adjacent concrete slabs. The prior art disclosed a flexible water stop for preventing passage of water between masses of concrete in the shape of a plus sign (+). Although the reference did not disclose a plurality of ribs, the court held that mere duplication of parts has no patentable significance unless a new and unexpected result is produced.). See MPEP 2144 (VI)(B).
Claims 3, 12. The method of claim 1 – refer to the indicated claim for reference(s).
Singla teaches:
further comprising: detecting that the intercepted API request and the subsequent API request are not received in an expected chronological order defined by the present chronological order. – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.)
van Os further teaches:
receiving, by the server from the agent stored on the remote server, the subsequent API request sent from the user device to the server API; and – in paragraphs [0024]-[0041], [0111]-[0120] (All communication traffic between clients 110 and servers 170 may traverse intermediaries 130, 150. One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.)
Claims 4, 13. The method of claim 3 – refer to the indicated claim for reference(s).
Singla teaches:
wherein the expected chronological order includes an API request that differs from the subsequent API request. – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.)
REMARKS
Applicant has presented amendments to the claims. The examiner maintains the rejections, see remarks below.
Argument 1: The applicant argues that the art cited on the record does not disclose determining whether a preceding API request necessary for generating an input for a subsequent API request is missing; and identifying the received API request as an anomaly based on the unexpected chronological order of the received API request and missing causal dependency, as recited in the independent claims.
In response, the examiner respectfully submits:
Singla teaches determining whether a preceding component request necessary for generating an input for a subsequent component request is missing; and – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access.)
Singla teaches identifying the received component request as an anomaly based on the unexpected chronological order of the received component request and missing causal dependency. – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.)
Singla does not explicitly teach receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component.
However, van Os teaches receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, – in paragraphs [0024]-[0041], [0111]-[0120] (All communication traffic between clients 110 and servers 170 may traverse intermediaries 130, 150. One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.)
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla with van Os to include receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, as taught by van Os, in paragraphs [0002]-[0023], to provide a technique for facilitating optimization of network transactions conducted via authenticated and secured communication sessions.
Combination of Singla and van Os does not explicitly teach wherein the component is an API.
However, Sanap teaches wherein the component is an API – in paragraphs [0012], [0034], [0049], [0070] (At 502, an API request/call for an API session is initiated at the client device 102 in the application. At 504, the API request is sent to the API server 106 from the client device 102.)
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla and van Os with Sanap to include wherein the component is an API, as taught by Sanap, in paragraph [0002], to provide a technique for identification of breach attempts in a client-server communication.
In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960) (Claims at issue were directed to a water-tight masonry structure wherein a water seal of flexible material fills the joints which form between adjacent pours of concrete. The claimed water seal has a "web" which lies in the joint, and a plurality of "ribs" projecting outwardly from each side of the web into one of the adjacent concrete slabs. The prior art disclosed a flexible water stop for preventing passage of water between masses of concrete in the shape of a plus sign (+). Although the reference did not disclose a plurality of ribs, the court held that mere duplication of parts has no patentable significance unless a new and unexpected result is produced.). See MPEP 2144 (VI)(B).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUHAMMAD RAZA whose telephone number is (571)272-7734. The examiner can normally be reached Monday-Friday, 7:00 A.M.-5:00 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571)272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MUHAMMAD RAZA/Primary Examiner, Art Unit 2449