Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
1. This action is responsive to communication filed on: 30 January 2026 with acknowledgement of an original application filed on 22 July 2024.
2. Claims 1-5 and 7-20 are currently pending. Claims 1, 13, and 17, are independent claims. Claims 1, 4, 13, 16-17, and 20, have been amended. Claim 6 has been canceled.
Response to Arguments
3. Applicant's arguments filed 30 January 2026 have been fully considered however they are not persuasive when noted below or are moot due to new grounds of rejection necessitated by applicant’s amendments to the claims. The Examiner has withdrawn the 112 rejections for dependent claims 2, 4, 14, 16, 18, and 20, due to amendment and arguments presented.
I) In response to Applicant’s argument beginning on page 9, “Objections to the Specification…Applicant has amended the Abstract. Accordingly, Applicant requests that the objection to the Abstract be reconsidered and withdrawn”.
The Examiner disagrees with argument. The amendments to the Abstract are an improvement however, the wording in the Abstract is still confusing/indefinite. The Examiner has included a suggested amended Abstract below.
II) In response to applicant’s argument beginning on page 10, “35 U.S.C. §112(b)…Regarding independent claims 1, 13, and 17…Applicant has amended independent claims 1, 13, and 17”
The Examiner disagrees with argument and notes the amended claims are an improvement, however the language in the claims is confusing/indefinite. Appropriate Correction is shown below.
III) In response to applicant’s argument beginning on page 12, “35 U.S.C. §103…Without conceding the merits of the rejection of independent claim 1, 13, and 17…Alroobaea does not teach or suggest the features of amended independent claim 1 or overcome the deficiencies of Abrams…does not teach or suggest “labeling, with a second label that indicates that the authentication challenge was unsuccessfully completed, a subset of training …”.
The Examiner agrees with the argument however an updated search was performed for the amended limitations. A 103 rejection is below with newly presented prior art Friedman et al. that clearly teaches/suggests labeling machine with results an authentication challenge, see col. 6, line 52 through col. 7, line 10.
Specification
4. The abstract of the disclosure is objected to because like the independent claims the wording in the abstract is confusing and is therefore indefinite. Based on the Examiner’s interpretation of the Applicant’s disclosure, see paragraphs 3, 26-29, 43-44, 47-49, 51-56 of the printed publication. The “invention” is directed to a method/apparatus/non-transitory computer-readable medium that using a machine learning model detects malicious actors even if the malicious actor successfully completed an authentication challenge, the “invention” consists of the following: training a machine learning model and utilizing a machine learning model comprising:
receiving training data that is labeled with a first or second label, wherein the first label indicates an authentication challenge was successfully completed, wherein the second label indicates an authentication was unsuccessfully completed;
relabeling a subset of the training data labeled with a first label with a second label, based on detecting a training data element within the subset of training data satisfying a threshold;
receiving, from a data store, a set of labeled data comprising data that is labeled as being associated with a respective malicious actor; and
obtaining, from the machine learning model, an indication that a respective user is a malicious actor, wherein the machine learning model is trained using both the set of relabeled training data and the set of labeled data.A corrected abstract that is a concise statement of the technical disclosure of the patent is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b). Appropriate Correction required.
The following is suggested:
In some identity management systems, to train a machine learning (ML) model to detect malicious actors, a model training service may receive a set of training data that is automatically labeled with a first label [[and]] or a second label wherein the first label indicates an authentication challenge was successfully completed, wherein the second label indicates an authentication was unsuccessfully completed. Relabeling a subset of the training data labeled with a first label with a second label, based on detecting a training data element within the subset of training data satisfying a threshold. The model training service may receive a set of pre-labeled data that is labeled as being associated with a respective malicious actor. The model training service may then train an ML model using both the set of relabeled
Claim Rejections - 35 USC § 112
5. The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
6. Claims 1-5 and 7-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The amended claims are an improvement of the previously presented claims, however the claims are still indefinite, because they do not clearly point out the invention. The Examiner suggests the following overcome the 112 rejection.
(Examiner’s suggested amendment only to overcome 112 second rejection)
A method for training a machine learning model, comprising: receiving a set of training data for training the machine learning model to detect malicious actors, the set of training data comprising data that is automatically labeled with a first label or a second label, wherein the first label indicates [[that]] an authentication challenge was successfully completed, wherein the second label indicates that the authentication challenge was unsuccessfully completed;
relabeling training data labeled with a first label with a second label, based on detecting a training data element satisfying a threshold;
receiving, from a data store, a set of labeled data comprising data that is labeled as being associated with a respective malicious actor; and
obtaining, from the machine learning model, an indication that a respective user is a malicious actor, wherein the machine learning model is trained using both the set of relabeled training data and the set of labeled data.Appropriate Correction is required.
Drawings
7. New corrected drawings in compliance with 37 CFR 1.121(d) are required in this application because Figure 7, contains the same limitations that were rejected above with respect to the independent claims. Applicant is advised to employ the services of a competent patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer prepares new drawings. The corrected drawings are required in reply to the Office action to avoid abandonment of the application. The requirement for corrected drawings will not be held in abeyance.
8. To expedite a complete examination of the instant application the claims rejected under 35 U.S.C. 112 above are further rejected as set forth below in anticipation of applicant amending these claims to overcome the above rejections.
Claim Rejections – 35 USC § 103
9. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
10. Claims 1-4, 7-11, and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Friedman et al. U.S. Patent No. 9,667,611 (hereinafter ‘611) in view of Abrams et al. U.S. Patent Application Publication No. 2015/0339477 (hereinafter ‘477) in further view of Alroobaea et al. U.S. Patent Application Publication No. 2023/0308465 (hereinafter ‘465).
As to independent claim 1, “A method for training a machine learning model, comprising: receiving a set of training data for training the machine learning model to detect malicious actors, the set of training data comprising data that is automatically labeled with a first label, wherein the first label indicates that an authentication challenge was successfully completed” is taught in ‘611 col. 6, line 52 through col. 7, line 10, note the machine learning module is trained with elements of a correlation matrix that has labels for successful and unsuccessful authentication;the following is not explicitly taught in ‘611:
“labeling with a second label that indicates that the authentication challenge was unsuccessfully completed, a subset of training data in the set of training data with the first label to obtain a set of updated training data” however ‘477 teaches annotating (i.e. labeling) a training set according authentication context properties that include authentication challenge history in paragraphs 5 and 23;
“and obtaining, from the machine learning model, an indication that a respective user is a malicious actor” however ‘477 teaches using a machine learning model to indicate a respective user is a malicious account/compromised account (i.e. malicious actor) in the Abstract and paragraphs 25-26;
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of situationally aware authentication taught in ‘611 to include a means to improve upon the machine learning model training. One of ordinary skill in the art would have been motivated to perform such a modification because improvements can be made to security techniques to protect accounts and/or sensitive information see ‘477 paragraphs 1-4.
the following is not explicitly taught in ‘611 and ‘477:
“wherein labeling a respective training data element with the second label is based at least in part on the respective training data element satisfying a threshold” however ‘465 teaches the method includes training a deep neural network (DNN) model on the decentralized data, wherein DNN model training comprises: portioning dataset into several subsets as well as utilizing thresholds to identify activity in DNNs in paragraphs 10 and 47-48;
“receiving, from a data store, a set of labeled data comprising data that is labeled as being associated with a respective malicious actor” however ‘465 teaches a central server for coordinating the training process with includes sending model updates and adversarial examples in the Abstract, paragraphs 10, 14, 41, and 45;
“wherein the machine learning model is trained using both the set of updated training data and the set of labeled data” however ‘465 teaches the DNN is trained using a combination of federated learning and updates (i.e. transfer learning) in the Abstract, paragraphs 10, 45, 98 and 126.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of situationally aware authentication taught in ‘611 and ‘477 to include a means to improve upon the machine learning model training. One of ordinary skill in the art would have been motivated to perform such a modification because cybersecurity has increasingly important because sophistication of cyber-attacks has grown improvements are needed, see ‘465 paragraphs 2-6.
As to dependent claim 2, “The method of claim 1, further comprising: detecting that the respective training data element satisfies the threshold, wherein labeling the respective training data element with the second label is based at least in part on detecting that the threshold is satisfied” is taught in ‘465 paragraphs 47-48.
As to dependent claim 3, “The method of claim 1, further comprising: detecting that the respective training data element satisfies the threshold for a threshold quantity of time, wherein labeling the respective training data element with the second label is based at least in part on detecting that the threshold is satisfied for the threshold quantity of time” is shown in ‘465 paragraph 47.
As to dependent claim 4, “The method of claim 1, wherein obtaining the indication comprises: obtaining, from the machine learning model, a prediction of whether the respective user is a malicious actor” is disclosed in ‘477 Abstract and paragraphs 25-26.
As to dependent claim 6, “The method of claim 1, wherein the first label indicates that the authentication challenge was successfully completed and the second label indicates that the authentication challenge was unsuccessfully completed” is taught in ‘477 paragraphs 5 and 23.
As to dependent claim 7, “The method of claim 1, wherein the threshold comprises a threshold quantity of failed passwords, a threshold quantity of failed usernames, a threshold quantity of failed log-in attempts, or any combination thereof” is shown in ‘477 paragraphs 23 and 32.
As to dependent claim 8, “The method of claim 1, wherein the data of the set of training data is associated with data traffic for a respective user, a respective tenant, a respective service, a respective application, a respective website, or any combination thereof” is disclosed in ‘465 paragraph 12.
As to dependent claim 9, “The method of claim 1, wherein the authentication challenge is a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) test” is taught in ‘477 paragraphs 20 and 29.
As to dependent claim 10, “The method of claim 1, wherein the set of labeled data that is received from the data store is associated with a type of cybersecurity attack” is shown in ‘465 paragraph 126.
As to dependent claim 11, “The method of claim 1, wherein the machine learning model is trained for a type of cybersecurity attack” is disclosed in ‘465 paragraph 126.
As to independent claim 13, this claim is directed to an apparatus executing the method of claim 1; therefore, it is rejected along similar rationale.
As to dependent claims 14-16, these claims contain substantially similar subject matter as claims 2-4; therefore, they are rejected along similar rationale.
As to independent claim 17, this claim is directed to a non-transitory computer-readable medium storing code executing the method of claim 1; therefore, it is rejected along similar rationale.
As to dependent claims 18-20, these claims contain substantially similar subject matter as claims 2-4; therefore, they are rejected along similar rationale.
11. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Friedman et al. U.S. Patent No. 9,667,611 (hereinafter ‘611) in view of Abrams et al. U.S. Patent Application Publication No. 2015/0339477 (hereinafter ‘477) in further view of Alroobaea et al. U.S. Patent Application Publication No. 2023/0308465 (hereinafter ‘465) in further view of Kahn U.S. Patent Application Publication No. 2023/0379711 (hereinafter ‘711).
As to dependent claim 5, the following is not explicitly taught in ‘611, ‘477 and ‘465: “The method of claim 1, wherein a malicious actor is a robot, a software application, an automated computer program, or any combination thereof” however ‘711 teaches identifying a bot in the Abstract, Figure 1A, and paragraph 75.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of situationally aware authentication taught in ‘611, ‘477, and ‘465 to include a means to identify bots. One of ordinary skill in the art would have been motivated to perform such a modification because privacy concerns has undermined online trust, therefore improvements are needed see ‘711 paragraphs 6-8.
12. Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Friedman et al. U.S. Patent No. 9,667,611 (hereinafter ‘611) in view of Abrams et al. U.S. Patent Application Publication No. 2015/0339477 (hereinafter ‘477) in further view of Alroobaea et al. U.S. Patent Application Publication No. 2023/0308465 (hereinafter ‘465) in further view of Pergal et al. U.S. Patent Application Publication No. 2021/0367956 (hereinafter ‘956).
As to dependent claim 12, the following is not explicitly taught in ‘611, ‘477 and ‘465: “The method of claim 1, wherein the authentication challenge is associated with an authentication server” however ‘956 teaches utilizing an authentication server in paragraph 45.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of situationally aware authentication taught in ‘611, ‘477, and ‘465 to include a means to utilize an authentication server. One of ordinary skill in the art would have been motivated to perform such a modification because computer networks are under constant threats from malicious parties seeking unauthorized access, see ‘956 paragraphs 1-3.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
13. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ELLEN TRAN/Primary Examiner, Art Unit 2433 20 April 2026
Prosecution Insights