DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to the 103 rejection of claims 1-20 have been considered but are moot in view of the new grounds of rejection presented below.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Mayfield (US 2025/0126140) in view of Makhija et al. (US 2020/0210914), and further in view of Nagpal et al. (US 2024/0176840).
Regarding claims 1, 8, and 15, Mayfield teaches a computer implemented method (and corresponding system and medium) for discontinuing interaction processing using an enumeration detection system, the method comprising:
Outputting an enumeration scare based on enumeration patterns (determining whether the flow data associated with the web traffic for the website indicates a likelihood of a malicious enumeration attack – see abstract. With the overall weights or scores thereby provided from the three indications, the method 600 then includes a step 600 of determining an overall security score associated with a given threat – see [0083]).
Determining, by the one or more processors, that the enumeration score exceeds a predetermined threshold (If the overall security score associated with a given threat exceeds a threshold value, the threat may be added to a list of threats which may be provided to an administrator or otherwise responded to – see [0083]).
Discontinuing, by the one or more processors, interaction processing for the entity based on the enumeration score exceeding the predetermined threshold (When a threat or policy violation is detected by the threat management facility 100, the threat management facility 100 may perform or initiate remedial action through a remedial action facility 128. Remedial action may take a variety of forms, such as terminating or modifying an ongoing process or interaction, issuing an alert, sending a warning to a client or administration facility 134 of an ongoing process or interaction, executing a program or application to remediate against a threat or violation, record interactions for subsequent evaluation, and so forth. The remedial action may include one or more of blocking some or all requests to a network location or resource, performing a malicious code scan on a device or application, performing a malicious code scan on the client facility 144, quarantining a related application (or files, processes or the like), terminating the application or device, isolating the application or device, moving a process or application code to a sandbox for evaluation, isolating the client facility 144 to a location or status within the network that restricts network access, blocking a network access port from a client facility 144, reporting the application to an administration facility 134, or the like, as well as any combination of the foregoing – see [0041]).
Mayfield does not teach that the entity is a merchant and the interactions include transactions with the merchant, or that the interaction features include whether the transaction is authorized or declined, or that the enumeration score corresponds to a comparison of a number of authorized transactions with a number of declined transactions.
Makhija teaches a risk management system where a risk decision engine utilizes historical data regarding authorization and declines of transactions to inform about risk – see [0090]. This is involving transactions with a merchant – see [0014] and [0019].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Mayfield by assessing risk scores for merchants regarding transactions involving authorized and declined transactions, for the purpose of lowering risk during transactions, based upon the beneficial teachings provided by Makhija. These modifications would result in lower risk to the system.
Mayfield and Makhija do not teach, but Nagpal teaches:
Receiving, by one or more processors, data associated with a plurality of interaction instances, the plurality of interaction instances associated with an entity (a pattern of current user interactions 308 tracked and collected by the tracker code 120 for a user engagement session with a webpage or an application is provided – see [0048]).
Extracting, by the one or more processors, one or more interaction features from the data, (The system 102 implements feature extraction 310 on the pattern of current user interactions 308 – see [0048]).
Providing, by the one or more processors, the one or more interaction features to a determinative machine learning model trained to identify patterns (The system 102 implements feature extraction 310 on the pattern of current user interactions 308 and applies the machine learning model 130 to the extracted features. The machine learning model 130 predicts an occurrence of an event 132 based on the extracted features – see [0048]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Mayfield and Makhija by receiving interaction data, extracting features, and using AI to identify patterns and predict attacks, for the purpose of automation, based upon the beneficial teachings provided by Nagpal. These modifications would result in increased efficiency to the system.
Regarding claims 2, 9, and 16, Nagpal further teaches that one or more interaction features comprise numerical and/or textual data associated with the data (In various examples, the features extracted from the patterns can include the timing associated with a user interaction (i.e., numerical data), a type of user interaction (e.g., cursor movement, a scroll, a selection of a graphical user interface element based on the content of the webpage or the application), a speed (i.e., numerical data) at which a user interaction occurs (e.g., fast, erratic scrolling provides a different signal compared to methodical, controlled scrolling), and so forth – see [0047]).
Regarding claims 3, 10, and 17, Nagpal further teaches that the data associated with the plurality of interaction instances is received in real-time (The meaningful information is provided in real-time, or near real-time. Consequently, the provider of the webpage or the application can act on the meaningful information before the user implements the action – see abstract).
Regarding claims 5, 12, and 18, Mayfield further teaches flagging the interaction processing for the entity based on the discontinuing (reporting the application to an administration facility 134, or the like, as well as any combination of the foregoing – see [0041]. The Examiner notes that the combination of elements in the list of [0041] reasonably suggests “flagging” as it discloses stopping, reporting, etc. Reporting can be considered flagging. Clearly if the interaction is stopped, it would also be flagged/reported).
Claims 4, 6, 7, 11, 13, 14, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Mayfield (US 2025/0126140) in view of Makhija et al. (US 2020/0210914) and in view of Nagpal et al. (US 2024/0176840), and further in view of Krishnagi et al. (US 2023/0385390).
The teachings of Mayfield, Makhija, and Nagpal are relied upon for the reasons set forth above.
Regarding claims 4 and 11, Mayfield, Makhija, and Nagpal do not teach providing the identified enumeration patterns and the enumeration score to the determinative machine-learning model as training data, and outputting the determinative machine-learning model having been retained using the identified enumeration patters and the enumeration score.
Krishnagi teaches using patterns and generating a score to compare to a threshold to detect fraud, and then retraining the machine learning model with that data – see [0013] and [0017].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Mayfield, Makhija, and Nagpal by providing the enumeration patters and score to the machine learning model as training data and outputting a retrained model, in order to keep the machine learning model up-to-date with the most recent data, based upon the beneficial teachings provided by Krishnagi. These modifications would result in increased security to the system.
Regarding claims 6, 7, 13, 14, 19, and 20, Mayfield, Makhija, and Nagpal do not teach receiving an interaction authorization request associated with the entity and in response to the receiving, transmitting, by the processor, an interaction result message including a decline code based on the enumeration score exceeding a predetermined threshold.
Krishnagi teaches using patterns and generating a score to compare to a threshold to detect fraud - see [0013] and [0017]. Krishnagi also teaches that the score may be a weighted value related to a degree of confidence that indicates readiness for authorizing a login authentication of the user – see [0018].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Mayfield, Makhija, and Nagpal by receiving an authorization request associated with the entity and sending a decline message based on the enumeration score, in order to deny authorization to entities which are not trustworthy, based upon the beneficial teachings provided by Krishnagi. These modifications would result in increased security to the system.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LISA C LEWIS/Primary Examiner, Art Unit 2495
Prosecution Insights