Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsIntuit Inc. › 18427108
Last updated: April 19, 2026
Application No. 18/427,108

UNSUPERVISED ANOMALY DETECTION USING LOOKAHEAD PAIRS

Non-Final OA §102§103
Filed
Jan 30, 2024
Examiner
ALRIYASHI, ABDULKADER MOHAMED
Art Unit
2447
Tech Center
2400 — Computer Networks
Assignee
Intuit Inc.
OA Round
1 (Non-Final)
67%
Grant Probability
Favorable
1-2
OA Rounds
3y 0m
To Grant
71%
With Interview

Interview Optional

+4.2% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 380 resolved cases, 2023–2026

Examiner Intelligence

ALRIYASHI, ABDULKADER MOHAMED View full profile →
Grants 67% — above average
67%
Career Allow Rate
254 granted / 380 resolved
+8.8% vs TC avg
Minimal +4% lift
Without
With
+4.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
26 currently pending
Career history
406
Total Applications
across all art units

Statute-Specific Performance

§101
9.3%
-30.7% vs TC avg
§103
48.8%
+8.8% vs TC avg
§102
16.2%
-23.8% vs TC avg
§112
21.2%
-18.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 380 resolved cases

Office Action

§102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Objections Claims 1 and 11 are objected to because of the following informalities. As to claims 1 and 11, the claims recite the limitation “the LAPs of interest”, in line 10. However, there is insufficient antecedent basis for the limitation in the claim. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1, 3-11 and 13-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Subbarayan et al. (Pub. No.: US 20190114417 A1). As to claim 1, Subbarayan teaches a computer-implemented method for detecting anomalies in sequences of actions using lookahead pairs (LAPs), the method performed by one or more processors of an anomaly detection system and comprising: receiving, over a communications network, a sequence of actions performed by a user during an active session (paragraph [0046], “…For example, the context analyzer 252 can extract a sequence of API calls (e.g., API Sequence S1={login, view account balance, view payee, initiate money transfer, validate transaction, store transaction number and logout}) associated with a particular API…” i.e. receiving a sequence of API calls); generating one or more LAPs of interest based on the received sequence of actions (paragraph [0046], i.e. the extracted API sequence teaches one or more LAPs), each LAP of interest indicating a target action most recently performed by the user (paragraph [0046], i.e. “logout” in the extracted sequence), an origin action performed by the user before the target action (paragraph [0046], i.e. “login” in the extracted sequence), and a number of gap actions performed by the user after the performance of the origin action and up to the performance of the target action (paragraph [0046], i.e. the actions between login and logout); and selectively flagging the LAPs of interest as anomalies based on whether they appear in a LAP database including a plurality of historical LAPs each indicating a previously observed pair of actions and a number of actions observed between the previously observed pair of actions (paragraph [0049], “…In other words, the ML model 253 can be trained on API transactions associated with largely normal user access patterns to applications that can be stored in a dictionary of API transactions (e.g., a dictionary of known associations between symbols). A potentially malicious pattern of activity can generate either a new sequence of symbols or a combination of new sequences of symbols of API transactions that can be identified as an outlier and be flagged as being indicative of malicious activity…” and paragraph [0053]), the selective flagging including: refraining from flagging the LAP of interest as an anomaly if the LAP database indicates that the LAP of interest is associated with a number of observances greater than or equal to a minimum threshold (paragraph [0064], “For example, if the consistency scores associated with one or more API calls in an analyzed sequence (received from a client device) are found to be below a predetermined threshold, the threshold being determined based on baseline data collected during training, the outlier detector can report or return an outlier indicating anomalous activity”, in other words if above or equal the threshold no anomalous activity will be reported); and flagging the LAP of interest as an anomaly if the LAP database indicates that the LAP of interest is associated with a number of observances less than the minimum threshold or if the LAP of interest does not appear in the LAP database (paragraph [0064], “For example, if the consistency scores associated with one or more API calls in an analyzed sequence (received from a client device) are found to be below a predetermined threshold, the threshold being determined based on baseline data collected during training, the outlier detector can report or return an outlier indicating anomalous activity”, in other words if above or equal the threshold no anomalous activity will be reported, and paragraphs [0070]-[0071]). As to claim 3, Subbarayan teaches wherein a duration between two consecutive actions in the active session does not exceed a maximum real-time idle duration (paragraph [0046], “Sequencing of API transactions has a known start and end session, either using time-based logic or user-initiated authentication (e.g., user login/logout)”, i.e. does not exceed standard session timeout duration). As to claim 4, Subbarayan teaches for each LAP of interest, the number of gap actions is less than or equal to a maximum lookahead value (paragraph [0046], i.e. the length of sequence S1). As to claim 5, Subbarayan teaches wherein the LAP database is generated based on actions performed by users during a plurality of sessions associated with a plurality of services hosted on a plurality of domains (paragraph [0049], “API transactions associated with largely normal user access patterns to applications that can be stored in a dictionary of API transactions (e.g., a dictionary of known associations between symbols)” and paragraph [0068]). As to claim 6, Subbarayan teaches wherein the LAP database indicates a time at which each action was performed, and wherein a duration between two consecutive actions in any given session does not exceed a maximum training idle duration (paragraph [0046], “Sequencing of API transactions has a known start and end session, either using time-based logic or user-initiated authentication (e.g., user login/logout)”, i.e. does not exceed standard session timeout duration and paragraph [0067]). As to claim 7, Subbarayan teaches wherein sessions including less than two performed actions are excluded from the LAP database (paragraph [0042], “In some implementations, the router 250 can selectively discard or reject transmission of communications/messages/traffic events that have been determined to be representative of a potentially malicious action/indicator of compromise, and only to allow transmission of communications/messages/traffic events that are found to be consistent with (or within established traffic parameter baselines”). As to claim 8, Subbarayan teaches wherein the LAP database indicates, for each historical LAP, at least one of a total number of sessions during which the historical LAP was observed, a total number of observances of the historical LAP over the total number of sessions, an initially seen date indicating an earliest time that the historical LAP was observed, or a last seen date indicating a most recent time that the historical LAP was observed (paragraph [0067], “…a number of API calls received from the client device within a predefined time period…”). As to claim 9, Subbarayan teaches wherein at least one of the total number of sessions, the total number of observances, the initial date, or the last date are used to augment the LAP database, wherein augmenting the LAP database includes at least one of discarding LAPs associated with a total number of sessions below a threshold or discarding LAPs associated with a last seen date exceeding a threshold (paragraph [0067], “…the measures of strength of associations can be combined with other metrics… ”, “…a number of API calls received from the client device within a predefined time period…”). As to claim 10, Subbarayan teaches wherein the LAP database is generated in an unsupervised manner from unlabeled training data including historical sequences of actions performed by historical users during historical sessions, wherein the historical sequences of actions are not labeled based on known anomalies (paragraph [0053], “In some instances the baseline data can be data collected and accumulated during training of the ML model 253, that can be an unsupervised model, forming a dictionary of symbols (e.g., a dictionary of API transactions described above)”). As to claim 11, Subbarayan further teaches a system for detecting anomalies in sequences of actions using lookahead pairs (LAPs), the system comprising: one or more processors; and at least one memory coupled to the one or more processors and storing instructions that, when executed by the one or more processors, cause the system to perform operations (fig. 2). Therefore, the limitations of claim 11 are substantially similar to claim 1. Please refer to claim 1 above. As to claims 13-20, the claims are substantially similar to claims 3-10, respectively. Please refer to each respective claim above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 2 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Subbarayan et al. (Pub. No.: US 20190114417 A1) in view of Lewis et al. (Patent No.: US 9342384 B1). As to claim 2, Subbarayan teaches wherein the received sequence of actions includes a predefined number of most recent actions performed by the user, and wherein the predefined number of most recent actions are stored in a data structure in reverse chronological order (paragraph [0046], “S1={login, view account balance, view payee, initiate money transfer, validate transaction, store transaction number and logout}”). Subbarayan does not explicitly teach utilizing a deque data structure. However, in an analogues art (computer systems) Lewis teaches predefined number of most recent actions are stored in a deque data structure (col. 2, lines 49-50, “A double-ended queue (or Deque) is a queue that is configured such that data elements maybe added to, or removed from, either the head or tail ends of the queue…”). Based on Subbarayan in view of Lewis, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate utilizing deque data structure (taught by Lewis) with storing action in a data structure (taught by Subbarayan) in order to allow for more efficient size adjustments if required. As to claim 12, the limitations of the claim are substantially similar to claim 2. Please refer to claim 2 above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references teaches detecting anomalies based on previously observed sequence of actions. Mankins (Patent No.: US 7900194 B1), fig. 3. Al Sharnouby (Pub. No.: US 20190220334 A1), paragraph [0021]. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULKADER M ALRIYASHI whose telephone number is (313)446-6551. The examiner can normally be reached Monday - Friday, 8AM - 5PM Alt, Friday, EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JOON HWANG can be reached at (571)272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Abdulkader M Alriyashi/Primary Examiner, Art Unit 2447 12/27/2025
Read full office action

Prosecution Timeline

Jan 30, 2024
Application Filed
Dec 27, 2025
Non-Final Rejection — §102, §103
Mar 24, 2026
Applicant Interview (Telephonic)
Mar 24, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

18/214,837
Patent 12591688
CONTEXT-AWARE CRYPTOGRAPHIC INVENTORY
2y 5m to grant Granted Mar 31, 2026
17/626,119
Patent 12574429
LINK PERFORMANCE PREDICTION AND MEDIA STREAMING TECHNOLOGIES
2y 5m to grant Granted Mar 10, 2026
18/488,764
Patent 12563083
EVENT-DRIVEN COLLECTION AND MONITORING OF RESOURCES IN A CLOUD COMPUTING ENVIRONMENT
2y 5m to grant Granted Feb 24, 2026
18/510,270
Patent 12556404
IMPERSONATION DETECTION USING AN AUTHENTICATION ENFORCEMENT ENGINE
2y 5m to grant Granted Feb 17, 2026
18/045,635
Patent 12547730
AUTOMATED INFORMATION HANDLING SYSTEM HARDENING OPTIMIZATION SYSTEMS AND METHODS
2y 5m to grant Granted Feb 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
67%
Grant Probability
71%
With Interview (+4.2%)
3y 0m
Median Time to Grant
Low
PTA Risk
Based on 380 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month