Office Action Predictor
Application No. 17/339,951

AUTOMATIC ANOMALY DETECTION BASED ON API SESSIONS

Final Rejection §103
Filed
Jun 05, 2021
Examiner
RAZA, MUHAMMAD A
Art Unit
2449
Tech Center
2400 — Computer Networks
Assignee
Harness INC.
OA Round
6 (Final)
58%
Grant Probability
Moderate
7-8
OA Rounds
3y 5m
To Grant
99%
With Interview

Examiner Intelligence

58%
Career Allow Rate
158 granted / 274 resolved
Without
With
+70.8%
Interview Lift
avg trend
3y 5m
Avg Prosecution
32 pending
306
Total Applications
career history

Statute-Specific Performance

§101
17.1%
-22.9% vs TC avg
§103
47.7%
+7.7% vs TC avg
§102
6.6%
-33.4% vs TC avg
§112
21.4%
-18.6% vs TC avg
Black line = Tech Center average estimate • Based on career data

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims Claims 1, 3-4, 10, 12-13, and 19 are pending in this Office Action. Response to Arguments Applicant's arguments filed in the amendment filed 11/25/2025, have been fully considered but they are not persuasive. The reasons are set forth below. Drawings The formal drawings received on 06/05/2021 have been entered. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3-4, 10, 12-13, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singla (US 20140165140) in view of van Os (US 20090119504), and further in view of Sanap (US 20200045065). Claims 1, 10, 19. Singla teaches: A method for automatically detecting an anomaly based on a session of components received for a web service, the method comprising: – in paragraphs [0020], [0023], [0024], Figs. 1-4 (A framework to detect anomalies in web-based financial transactions (e.g., account access) behavior and other types of user action events. Rules may be used to detect when an online transaction is likely to be fraudulent based on the properties of the online session.) comparing the intercepted component request to a set of components having a preset chronological order, – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (A user-specific baseline is determined based on an identified pattern of a temporally-ordered sequence of events and/or based on time gaps between each of the events in the sequence. Rules may be used to detect when an online transaction is likely to be fraudulent based on the properties of the online session. Events corresponding to a user's interaction with an online account or other session (e.g., web session), are compared against the user-specific baseline.) wherein a first component within the set of components has an output that is taken as an input of a second component in the set of components, and the second component has an output that is provided as the input to a third component in the set of components; – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.) detecting, based on the comparison, that the intercepted component request is not received in an expected chronological order defined by the present chronological order of the set of components including the first component, the second component, and the third component, – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (Significant deviations from a user's baseline or expected behavior may be flagged as a potential fraud.) wherein such detection is made if the intercepted component request does not match a request associated with the session of the components; and – in paragraphs [0042], [0080], [0081] (Rules engine 18 is configured to compare a sequence of incoming events and time data (including time gaps) of a current session to the reference baseline associated with the particular user, and initiate a rule firing where the current session information does not match with a reference baseline.) detecting that the received component request is not preceded by an expected preceding component request as specified in the preset chronological order; – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.) determining whether a preceding component request necessary for generating an input for a subsequent component request is missing; and – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access.) identifying the received component request as an anomaly based on the unexpected chronological order of the received component request and missing causal dependency. – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.) Singla does not explicitly teach: receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, the component requests being intercepted by the agent stored on the remote server. However, van Os teaches: receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, – in paragraphs [0024]-[0041], [0111]-[0120] (All communication traffic between clients 110 and servers 170 may traverse intermediaries 130, 150. One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.) the component requests being intercepted by the agent stored on the remote server; – in paragraphs [0024]-[0041], [0111]-[0120] (One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla with van Os to include receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, the component requests being intercepted by the agent stored on the remote server, as taught by van Os, in paragraphs [0002]-[0023], to provide a technique for facilitating optimization of network transactions conducted via authenticated and secured communication sessions. Combination of Singla and van Os does not explicitly teach: wherein the component is an API. However, Sanap teaches: wherein the component is an API – in paragraphs [0012], [0034], [0049], [0070] (At 502, an API request/call for an API session is initiated at the client device 102 in the application. At 504, the API request is sent to the API server 106 from the client device 102.) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla and van Os with Sanap to include wherein the component is an API, as taught by Sanap, in paragraph [0002], to provide a technique for identification of breach attempts in a client-server communication. In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960) (Claims at issue were directed to a water-tight masonry structure wherein a water seal of flexible material fills the joints which form between adjacent pours of concrete. The claimed water seal has a "web" which lies in the joint, and a plurality of "ribs" projecting outwardly from each side of the web into one of the adjacent concrete slabs. The prior art disclosed a flexible water stop for preventing passage of water between masses of concrete in the shape of a plus sign (+). Although the reference did not disclose a plurality of ribs, the court held that mere duplication of parts has no patentable significance unless a new and unexpected result is produced.). See MPEP 2144 (VI)(B). Claims 3, 12. The method of claim 1 – refer to the indicated claim for reference(s). Singla teaches: further comprising: detecting that the intercepted API request and the subsequent API request are not received in an expected chronological order defined by the present chronological order. – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.) van Os further teaches: receiving, by the server from the agent stored on the remote server, the subsequent API request sent from the user device to the server API; and – in paragraphs [0024]-[0041], [0111]-[0120] (All communication traffic between clients 110 and servers 170 may traverse intermediaries 130, 150. One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.) Claims 4, 13. The method of claim 3 – refer to the indicated claim for reference(s). Singla teaches: wherein the expected chronological order includes an API request that differs from the subsequent API request. – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.) REMARKS Applicant has presented amendments to the claims. The examiner maintains the rejections, see remarks below. Argument 1: The applicant argues that the art cited on the record does not disclose determining whether a preceding API request necessary for generating an input for a subsequent API request is missing; and identifying the received API request as an anomaly based on the unexpected chronological order of the received API request and missing causal dependency, as recited in the independent claims. In response, the examiner respectfully submits: Singla teaches determining whether a preceding component request necessary for generating an input for a subsequent component request is missing; and – in paragraphs [0020], [0023]-[0025] (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access.) Singla teaches identifying the received component request as an anomaly based on the unexpected chronological order of the received component request and missing causal dependency. – in paragraphs [0020], [0023]-[0025], Figs. 1-4 (If, in a particular instance, this user skips an otherwise usual step for this transaction (i.e., does not navigate to the account balance page), executes steps out of the expected order, spends merely 20 seconds before completing the transaction during a session, or the time interval between the expected steps deviates significantly from the normal behavior for that user, the anomaly may be indicative of fraudulent access. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.) Singla does not explicitly teach receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component. However, van Os teaches receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, – in paragraphs [0024]-[0041], [0111]-[0120] (All communication traffic between clients 110 and servers 170 may traverse intermediaries 130, 150. One intermediary (e.g., server side intermediary 150 of FIG. 1) intercepts the client's initial message requesting a connection, and forwards it to the server. Server communicator 640 is configured to handle communications with a server.) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla with van Os to include receiving, by a server from an agent stored on a remote server, a component request sent from a user device to a server component, as taught by van Os, in paragraphs [0002]-[0023], to provide a technique for facilitating optimization of network transactions conducted via authenticated and secured communication sessions. Combination of Singla and van Os does not explicitly teach wherein the component is an API. However, Sanap teaches wherein the component is an API – in paragraphs [0012], [0034], [0049], [0070] (At 502, an API request/call for an API session is initiated at the client device 102 in the application. At 504, the API request is sent to the API server 106 from the client device 102.) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Singla and van Os with Sanap to include wherein the component is an API, as taught by Sanap, in paragraph [0002], to provide a technique for identification of breach attempts in a client-server communication. In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960) (Claims at issue were directed to a water-tight masonry structure wherein a water seal of flexible material fills the joints which form between adjacent pours of concrete. The claimed water seal has a "web" which lies in the joint, and a plurality of "ribs" projecting outwardly from each side of the web into one of the adjacent concrete slabs. The prior art disclosed a flexible water stop for preventing passage of water between masses of concrete in the shape of a plus sign (+). Although the reference did not disclose a plurality of ribs, the court held that mere duplication of parts has no patentable significance unless a new and unexpected result is produced.). See MPEP 2144 (VI)(B). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUHAMMAD RAZA whose telephone number is (571)272-7734. The examiner can normally be reached Monday-Friday, 7:00 A.M.-5:00 P.M.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571)272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MUHAMMAD RAZA/Primary Examiner, Art Unit 2449
Read full office action

Prosecution Timeline

Jun 05, 2021
Application Filed
Jul 24, 2023
Non-Final Rejection — §103
Sep 14, 2023
Response Filed
Sep 20, 2023
Final Rejection — §103
Oct 23, 2023
Request for Continued Examination
Oct 24, 2023
Response after Non-Final Action
May 21, 2024
Final Rejection — §103
Aug 01, 2024
Response after Non-Final Action
Aug 22, 2024
Request for Continued Examination
Aug 28, 2024
Response after Non-Final Action
Mar 27, 2025
Final Rejection — §103
May 01, 2025
Response after Non-Final Action
Jun 23, 2025
Request for Continued Examination
Jun 24, 2025
Response after Non-Final Action
Sep 02, 2025
Non-Final Rejection — §103
Nov 25, 2025
Response Filed
Dec 15, 2025
Final Rejection — §103
Mar 18, 2026
Request for Continued Examination
Apr 02, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology. Study what changed to get past this examiner.

Patent 12598147
COLLABORATIVE RELATIONAL MANAGEMENT OF NETWORK AND CLOUD-BASED RESOURCES
2y 5m to grant Granted Apr 07, 2026
Patent 12592917
NETWORK LINK ESTABLISHMENT IN A MULTI-CLOUD INFRASTRUCTURE
2y 5m to grant Granted Mar 31, 2026
Patent 12587451
AUTOMATING SECURED DEPLOYMENT OF CONTAINERIZED WORKLOADS ON EDGE DEVICES
2y 5m to grant Granted Mar 24, 2026
Patent 12580978
APPLICATION-CENTRIC WEB PROTOCOL-BASED DATA STORAGE
2y 5m to grant Granted Mar 17, 2026
Patent 12574327
ELASTIC OVERLAY NETWORK GENERATION
2y 5m to grant Granted Mar 10, 2026

AI Strategy Recommendation

Click below to generate an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

7-8
Expected OA Rounds
58%
Grant Probability
99%
With Interview (+70.8%)
3y 5m
Median Time to Grant
High
PTA Risk
Based on 274 resolved cases by this examiner