DETECTING FRAUDULENT E-COMMERCE WEBSITES

§101 §103

DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims This Non-Final Office Action is in reply to the application filed on 28 July 2023. Claims 1-28 are currently pending and have been examined. Information Disclosure Statement The Information Disclosure Statements filed on 30 January 2024 has been considered. An initialed copy of the Form 1449 is enclosed herewith. Claim Objections Claims 1, 2, 4-18, 23, 24, 27 and 28 are objected to because of the following informalities: the claims recite the acronym “URL.” Appropriate correction is required to explicitly state what the acronym refers to. Claims 14 is objected to for reciting the acronym, “TLD.” Appropriate correction is required to explicitly state what the acronym refers to. Claims 23-25 is objected to for reciting the acronym, “HTML.” Appropriate correction is required to explicitly state what the acronym refers to. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-28 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract without significantly more. Under Step 1 the claims are analyzed to determine whether they are directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. See MPEP §2106.03. Claims 1-26 are directed to a system, claim 27 is a method and claim 28 is a computer program product. Therefore, the claims fall within the statutory categories of invention. Under Step 2A Prong 1, the claims are analyzed to determine whether the claims recite any judicial exceptions including certain groupings of abstract ideas (i.e., mathematical concepts, certain methods of organizing human activity such as a fundamental economic practice, or mental processes). See MPEP §2106.04. Claims 1, 27 and 28 recite a mental process as they include the limitations, determine that the URL is associated a with fraudulent e-commerce website (FCW) scam based on human observation, evaluation, judgement and opinion, either mentally or with the aid of pen/paper. The Courts generally treat collecting information as well as analyzing information by steps people go through in their minds and/or by pen & paper as essentially mental processes within the abstract-idea category. See MPEP §2106.04(a) Part III, C. Claim 2 recites, wherein determining that the URL is associated with the FCW scam includes tokenizing a structure associated with a website reachable via the URL. Claim 3 recites, wherein tokenizing the structure includes converting a Document Object Model (DOM) tree into a sequence of tokens. Claim 4 recites wherein determining that the URL is associated with the FCW scam includes tokenizing content on a website reachable via the URL. Claim 5 recites wherein determining that the URL is associated with the FCW scam includes evaluating a domain age associated with the URL. Claim 6 recites, wherein determining that the URL is associated with the FCW scam includes evaluating a registration period associated with the URL. Claim 7 recites, wherein determining that the URL is associated with the FCW scam includes evaluating a domain registration country associated with the URL. Claim 8 recites, wherein determining that the URL is associated with the FCW scam includes evaluating a host country associated with the URL. Claim 9 recites, wherein determining that the URL is associated with the FCW scam includes determining whether a domain registration country associated with the URL matches a host country associated with the URL. Claim 10 recites, wherein determining that the URL is associated with the FCW scam includes evaluating a registrar associated with the URL. Claim 11 recites wherein determining that the URL is associated with the FCW scam includes evaluating a domain privacy associated with the URL. Claim 12 recites, wherein determining that the URL is associated with the FCW scam includes evaluating a domain popularity ranking associated with the URL. Claim 13 recites, wherein determining that the URL is associated with the FCW scam includes evaluating one or more features of the URL. Claim 14 recites, wherein at least one feature of the URL is a TLD of the URL. Claim 15 recites wherein at least one feature of the URL is a presence of one or more hyphens in the URL. Claim 16 recites, wherein at least one feature of the URL is a presence of one or more digits in the URL. Claim 17 recites, wherein at least one feature of the URL is a subdomain level associated with the URL. Claim 18 recites, wherein determining that the URL is associated with the FCW scam includes evaluating one or more social media-based features associated with a website reachable via the URL. Claim 19 recites, wherein evaluating the one or more social media-based features includes evaluating whether there is a match between a domain of the website and a social media link. Claim 20 recites, wherein evaluating the one or more social media-based features includes determining a number of followers. Claim 21, wherein evaluating the one or more social media-based features includes determining an age of an associated social media account. Claim 22 recites, wherein evaluating the one or more social media-based features includes determining a number of likes associated with a social media account. Claim 23 recites, wherein determining that the URL is associated with the FCW scam includes determining a number of external links in HTML. Claim 24 recites, wherein determining that the URL is associated with the FCW scam includes determining a number of script tags in HTML. Claim 25 recites, wherein the processor is further configured to generate embedding vectors based on tokens in body text within HTML. Dependent claims 2-25 further recite a mental process as they include steps based on human observation, evaluation, judgement and opinion, either mentally or with the aid of pen/paper. Under Step 2A Prong 2 the claims are analyzed to determine whether the claims recite additional elements that integrate the judicial exception into a practical application. See MPEP §2106.04(d). Claims 1 and 28 recite the additional elements, a processor, a memory coupled to the processor and configured to provide the processor with instructions, a computer program product embodied in a non-transitory computer readable medium and comprising computer instructions. The additional elements are recited at a high-level of generality and perform generic computing functions such as receiving, determining, and performing. In this case, the claims merely involve automated steps executed by generic computer components recited above at a high-level of generality with no technical improvement to the functioning of the processor or memory since the additional element is no more than mere instructions to apply the abstract idea using a generic computer processor. The judicial exception of “determine that the URL is associated a with fraudulent e-commerce website (FCW) scam,” is performed by “applying a previously trained model.” The trained model is used to generally apply the abstract idea without placing any limits on how the trained model functions or how it is applied. Rather, these limitations only recite the outcome of determining that the URL is associated a with fraudulent e-commerce website (FCW) scam and do not include any details about how the “determining” is accomplished. See MPEP 2106.05(f). The claims recite the additional limitation “receiving a URL”. The limitation is recited at a high level of generality and amount to mere data gathering and thus are insignificant extra-solution activity. See MPEP 2106.05(g). The claims also recite the additional limitation, perform a remedial action in response to the determination. The limitation is recited at a high level of generality and lacks any technical details on how the limitation is accomplished. Therefore, the limitation provides nothing more than mere instructions to implement an abstract idea on a generic computer. Dependent claims merely reiterate the same abstract ideas using the same additional elements as recited above for determining and evaluating without imposing any meaningful limits or any further practical application. Dependent claim 26 recites, the additional limitation, wherein the processor is further configured to train the model using a first set of tokens extracted from a set of benign shopping sites and a second set of tokens extracted from a set of FCWs. The limitation recite ‘training” the model but fails include technical details about how the “training” is accomplished. The limitation provides nothing more than mere instructions to implement an abstract idea on a generic computer. See MPEP 2106.05(f). Considered as an ordered combination, the additional elements add nothing that is not already present when the steps are considered separately. The sequence of the claimed limitations is equally generic and otherwise held to be abstract since the combination of these additional elements is no more than mere instructions to apply the judicial exception using generic computer components. Therefore, the additional elements recited in the claimed invention individually, and even in combination, fail to integrate the recited judicial exception into any practical application since they do not impose any non-generic meaningful limits on practicing the abstract idea. Under Step 2B the claims are analyzed to determine whether the claims recite additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception. Claims 1-28 as a whole do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed with respect to Step 2A Prong Two, the additional elements in the claims amount to no more than mere instructions to apply the exception using generic computer components. The same analysis applies here in 2B and does not provide an inventive concept. For the receiving steps that were considered extra-solution activity in Step 2A, Prong Two, this has been re-evaluated in Step 2B and determined to be well understood, routine, and conventional in the field. The Ultramercial, Symantec, TLI, and OIP Techs. court decisions indicate that mere data collection, and transmission is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For these reasons, there is no inventive concept. See MPEP 2106.05(d), subsection II. Considered as an ordered combination, the additional elements of the claim do not add anything further than when they are considered separately. Thus, under Step 2B, the claims are ineligible as the claims do not recite additional elements which result in significantly more than the abstract idea itself. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 2, 4-8, 11, 13, 18-19, 23, 25 and 27-28 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al (US 2024/0095356 A1 et al) in view of Sánchez-Paniagua, M., Fidalgo, E., Alegre, E., & Jáñez-Martino, F. (2021, September). Fraudulent e-commerce websites detection through machine learning. In International Conference on Hybrid Artificial Intelligence Systems (pp. 267-279). Cham: Springer International Publishing. (hereinafter, “Sánchez”). Claims 1, 27 and 28: Huang discloses a system, method and a computer program product embodied in a non-transitory computer readable medium and comprising computer instructions (see [0091]: machine readable instructions may be one or more executable programs or portion(s) of an executable program for execution by processor circuitry, such as the processor circuitry 912 shown in the example processor platform 900 discussed below in connection with FIG. 9 and/or the example processor circuitry discussed below in connection with FIGS. 10 and/or 11. The program may be embodied in software stored on one or more non-transitory computer readable storage media): a processor configured to: receive a URL (see [0025], [0030]: In some examples, the compute node 100 receives the URL data 116A and the web content data 116B from the network 108 and stores the URL data 116A and the web content data 116B in the memory 104 to be analyzed for phishing); determine that the URL is associated a with fraudulent website scam, at least in part by applying a previously trained model to content associated with the URL (see [0025]: apply the fine-tuned training URL address version of the model and the fine-tune trained web content data version of the model on data received from a web site (e.g., the data may be the URL address of the website and/or the web content data on the page(s) of the website). In some examples, the URL address is fed through the URL address version of the model to determine if phishing is detected related to the URL address. In some examples, the web content data is fed through the web content data version of the model to determine if phishing is detected related to the web content data on the page(s) of the website. In some examples, the output (e.g., detection results) from each of the two models is then passed through a data fusion process to create a combined result corresponding to both the URL address and the web content data. Examples, disclosed herein determine whether the combined result indicates that phishing is detected at the website in question (e.g., the website at the URL address that includes the web content data)); and perform a remedial action in response to the determination (see [0113] If phishing is detected, then at block 708, the detection result decoder circuitry 220 provides a phishing notification 222 to a user interface to notify a user that phishing is present on the website at the URL address. In some examples, the notification 222 may be a visual alert on a display screen the user may view. In some examples, the notification 222 may be any other type of alert to get the attention of the user (e.g., an audible alert, etc.); and a memory coupled to the processor and configured to provide the processor with instructions (see [0091]: The machine readable instructions may be one or more executable programs or portion(s) of an executable program for execution by processor circuitry, such as the processor circuitry 912 shown in the example processor platform 900). Huang does not expressly disclose that the website is an e-commerce website but Sánchez in the same field of endeavor teaches a system of detecting fraudulent e-commerce websites (see page 2). It would have been obvious to one of ordinary skill in the art before the effective filing date to include in the system of detecting phishing websites of Huang, the detecting of e-commerce websites as taught by Sánchez since the claimed invention is merely a combination of old elements and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. Claim 2: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Huang further teaches, wherein determining that the URL is associated with the FCW scam includes tokenizing a structure associated with a website reachable via the URL (see [0037]: In some examples, token converter circuitry 206 obtains some URL address data 300A (e.g., the URL www.sample.gru.com/test). The example token converter circuitry 206 then converts (e.g., tokenizes) the URL address data 300A into a group of one or more tokens. ). Claim 4: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Huang further teaches, wherein determining that the URL is associated with the FCW scam includes tokenizing content on a website reachable via the URL (see [0041]: The example positional mapping circuitry 208 obtains tokens (e.g., converted by token converter circuitry 206) and maps the obtained tokens to a series of positional embeddings. In some examples, a positional embedding is a combination of a positional representation of the location of a given token relative to other tokens in a group of tokens. For example, if a piece of web content data was input as the string “She is a musician” and the token converter circuitry 206 created a group of tokens from the string). Claims 5-8, 11, 18, 19, 23: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Sánchez teaches, wherein determining that the URL is associated with the FCW scam includes evaluating a domain age associated with the URL, wherein determining that the URL is associated with the FCW scam includes evaluating a registration period associated with the URL, wherein determining that the URL is associated with the FCW scam includes evaluating a domain registration country associated with the URL, wherein determining that the URL is associated with the FCW scam includes evaluating a host country associated with the URL; wherein determining that the URL is associated with the FCW scam includes evaluating a domain privacy associated with the URL ; wherein determining that the URL is associated with the FCW scam includes evaluating one or more social media-based features associated with a website reachable via the URL; wherein evaluating the one or more social media-based features includes evaluating whether there is a match between a domain of the website and a social media link; wherein determining that the URL is associated with the FCW scam includes determining a number of external links in HTML (see page 4-5: domain age, months registered, social media links and accounts, SSL country. Page 6: if those links are connected to the actual company profile. We count how many of the three social media accounts are linked to the online shop website, policies related to user data. See page 6: extracted the social media links from the HTML code and verified two statements: first, if there is a link to any of the three platforms we have mentioned and second, if those links are connected to the actual company profile). It would have been obvious to one of ordinary skill in the art before the effective filing date to include in the system of detecting phishing websites of Huang as modified by Sánchez, determining that the URL is associated with the FCW scam includes evaluating features of the URL as taught by Sánchez “to improve the performance of fraudulent detectors against current websites properties” (Sánchez, page 4). Claim 13: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Huang further teaches, wherein determining that the URL is associated with the FCW scam includes evaluating one or more features of the URL (see [0036-0037]: in some examples, token converter circuitry 206 obtains some URL address data 300A (e.g., the URL www.sample.gru.com/test). The example token converter circuitry 206 then converts (e.g., tokenizes) the URL address data 300A into a group of one or more tokens. For example, the URL address data 300A is converted into token group 302A that includes tokens 9, SAMPLE, GRUXYZ, COM, and TEST. The example token group 302A was created using a special character partitioner/delimiter, which includes periods (“.”) and slashes (“/”), among other delimiters. Thus, the token converter circuitry 206 separates the groups of characters into tokens that are between the delimiters). Claim 25: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Huang further teaches, wherein the processor is further configured to generate embedding vectors based on tokens in body text within HTML (see [0042]). Claims 3, 24 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Huang and Sánchez as applied to claims 1 and 2 above, and further in view of Feng, Jian, Ying Zhang, and Yuqiang Qiao. "A Detection Method for Phishing Web Page Using DOM-Based Doc2Vec Model." CIT. Journal of Computing and Information Technology 28, no. 1 (2020): 58 (hereinafter, “Feng”). Claim 3: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 2 above. Huang and Sánchez do not expressly disclose wherein tokenizing the structure includes converting a Document Object Model (DOM) tree into a sequence of tokens but Feng teaches, wherein tokenizing the structure includes converting a Document Object Model (DOM) tree into a sequence of tokens (see page 62: Figure 3. DOM tag tree and structure table of HTML document). It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the system of detecting phishing websites of Huang and Sánchez with the system and method of tokenizing the structure includes converting a Document Object Model (DOM) tree into a sequence of tokens as taught by Feng because it achieves an accurate method of detecting phishing web page (Feng, page 59). Claim 24: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Huang and Sánchez do not expressly disclose, wherein determining that the URL is associated with the FCW scam includes determining a number of script tags in HTML but Feng teaches, determining a number of script tags in HTML (see Fig. 5, page 61: The DOM represents an HTML document as a tree structure with tags, attributes, and text nodes. For the sake of simplicity, we only use the DOM tag tree to represent an HTML document, ignoring attributes, texts, and comment nodes. The standard library of Python is used to iteratively obtain tags from the HTML page. Page 66, section 4.2.2: M is the number of tags,) It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the system of detecting phishing websites of Huang and Sánchez with the system and method of determining a number of script tags in HTML as taught by Feng because it achieves an accurate method of detecting phishing web page (Feng, page 59). Claim 26: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Huang and Sánchez do not expressly disclose, wherein the processor is further configured to train the model using a first set of tokens extracted from a set of benign shopping sites and a second set of tokens extracted from a set of FCWs but Feng teaches the limitation at page 60: convert the web pages to be tested into vectors. These unlabeled vectors are testing data onto the classifier. Finally, we input these unlabeled vectors to the trained classifier and obtain a predicted label. The predicted label is either phishing or benign. It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the system of detecting phishing websites of Huang and Sánchez with the system and method of wherein the processor is further configured to train the model using a first set of tokens extracted from a set of benign shopping sites and a second set of tokens extracted from a set of FCWs as taught by Feng because it achieves an accurate method of detecting phishing web page (Feng, page 59). Claims 9, 10 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Huang and Sánchez as applied to claim 1 above, and further in view of K. Althobaiti, G. Rummani and K. Vaniea, "A Review of Human- and Computer-Facing URL Phishing Features," 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, 2019, pp. 182-191 (hereinafter, “Althobaiti”). Claim 9, 10 and 12: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 1 above. Huang and Sánchez do not expressly disclose the following limitations but Althobaiti in the same field of endeavor teaches, wherein determining that the URL is associated with the FCW scam includes determining whether a domain registration country associated with the URL matches a host country associated with the URL; wherein determining that the URL is associated with the FCW scam includes evaluating a registrar associated with the URL; wherein determining that the URL is associated with the FCW scam includes evaluating a domain popularity ranking associated with the URL (see page 185, Table 1: domain popularity rank, page 186: Other record information includes geolocation-based features, such as the timezone, netspeed [51], physical location of the country/city [7], or the IP geolocation [57, 71, 97].Also, the existence of the domain in Whois [65, 89], the alignment between the URL domain and the domain registered in Whois [65, 78, 84], the registrars or registrants [60, 64, 67, 71, 86, 97]). Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine the system of detecting phishing websites of Huang and Sánchez with the system and method of determining that the URL is associated with the FCW scam includes determining whether a domain registration country associated with the URL matches a host country associated with the URL; determining that the URL is associated with the FCW scam includes evaluating a registrar associated with the URL; and determining that the URL is associated with the FCW scam includes evaluating a domain popularity ranking associated with the URL as taught by Althobaiti as an effective approach to predict phishing URL (Althobaiti, page 184). Claim(s) 14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Huang and Sánchez as applied to claim 13 above, and further in view of Sabir, Bushra, M. Ali Babar, Raj Gaire, and Alsharif Abuadbba. "Reliability and robustness analysis of machine learning based phishing URL detectors." IEEE Transactions on Dependable and Secure Computing (2022) (hereinafter “Sabir”). Claims 14 and 17: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 13 above. Huang and Sánchez do not expressly disclose that at least one of one feature of the URL is a TLD of the URL and wherein at least one feature of the URL is a subdomain level associated with the URL but Sabir which also discloses machine learning based phishing URL detectors, teaches, one feature of the URL is a TLD of the URL, wherein at least one feature of the URL is a subdomain level associated with the URL (page 3, section 2.1). Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine the system of detecting phishing websites of Huang and Sánchez, the features of the URL as taught by Sabir in order to use the features to train the machine learning classifiers (Sabir, page 6, section 2.2). Claim(s) 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Huang and Sánchez as applied to claim 13 above, and further in view of H. Bouijij and A. Berqia, "Machine Learning Algorithms Evaluation for Phishing URLs Classification," 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), Alkhobar, Saudi Arabia, 2021, pp. 01-05, doi: 10.1109/ISAECT53699.2021.9668489 (hereinafter “Bouijij) Claims 15 and 16: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 13 above. Huang and Sánchez do not expressly disclose that at least one of one feature of the URL is a presence of one or more hyphens in the URL and a presence of one or more digits in the URL. However, Bouijij which also discloses a system and method of detecting phishing URLs, teaches at least one of one feature of the URL is a presence of one or more hyphens in the URL and a presence of one or more digits in the URL (See page 3, Table 1). Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine the system of detecting phishing websites of Huang and Sánchez, one feature of the URL is a presence of one or more hyphens in the URL and a presence of one or more digits in the URL as taught by Bouijij, “in order to use them to generate a data input for URL classification” (Bouijij, page 3). Claim(s) 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Huang and Sánchez as applied to claim 18 above, and further in view of A. Aggarwal, A. Rajadesingan and P. Kumaraguru, "PhishAri: Automatic realtime phishing detection on twitter," 2012 eCrime Researchers Summit, Las Croabas, PR, USA, 2012, pp. 1-12 (hereinafter “Aggarwal”). Claims 20-22: The combination of Huang and Sánchez discloses the claimed invention as applied to claim 13 above. Huang and Sánchez do not expressly disclose wherein evaluating the one or more social media-based features includes determining a number of followers; wherein evaluating the one or more social media-based features includes determining an age of an associated social media account; wherein evaluating the one or more social media-based features includes determining a number of likes associated with a social media account but Aggarwal in the same field of endeavor teaches wherein evaluating the one or more social media-based features includes determining a number of followers; wherein evaluating the one or more social media-based features includes determining an age of an associated social media account; wherein evaluating the one or more social media-based features includes determining a number of likes associated with a social media (see page 1, Abstract: PhishAri, detects phishing on Twitter in realtime. We use Twitter specific features along with URL features to detect whether a tweet posted with a URL is phishing or not. Some of the Twitter specific features we use are tweet content and its characteristics like length, hashtags, and mentions. Other Twitter features used are the characteristics of the Twitter user posting the tweet such as age of the account, number of tweets, and the follower-followee ratio. See Table 1: Number of RT). Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine the system of detecting phishing websites of Huang and Sánchez, wherein evaluating the one or more social media-based features includes determining a number of followers; determining an age of an associated social media account; and determining a number of likes associated with a social media as taught by Aggarwal “to provide a more robust, water-tight and efficient detection methodology” (Aggarwal, page 4). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: US 9378465 B2: A URL classification module can then synchronously or asynchronously classify the URL based on expectation thresholds on current feature distributions of the user action statistic. The expectation thresholds can be determined manually or by machine learning. The manual method may be assisted by computing a background distribution Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAAME BALLOU whose telephone number is (571)270-1359. The examiner can normally be reached Monday-Friday 9am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached at 571-272-6782. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. MAAME BALLOU Examiner Art Unit 3629 /MAAME BALLOU/Examiner, Art Unit 3629 /LYNDA JASMIN/Supervisory Patent Examiner, Art Unit 3629