CROSS-DOMAIN FREQUENCY FILTERS FOR FRAUD DETECTION

Detailed Action This communication is in response to applicants filed 11/04/2024. Claims 2-21 are pending. Claim 1 is cancelled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statements (IDS) submitted 08/20/2025, 12/26/2024, 03/25/2025, 04/22/2025 appear to be in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Allowable Subject Matter Claim 12 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 2-11, 13-20, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over MAO (US 20140283120 A1), hereafter MAO in view of SMITH (US 20190349426 A1), hereafter SMITH. Regarding claim 2, MAO teaches: A computer-implemented method (MAO [0022] “Furthermore, the methods and systems may take the form of a computer program product on a computer-readable storage medium having computer-readable program instructions (e.g., computer software) embodied in the storage medium.”) comprising: receiving, by a content provider device of a content provider and from a client device, a request (MAO [0040] “In an aspect, the data sources 202 can comprise a content provider for providing one or more of audio content, video content, news, sports programming, advertisements, and the like.”, [0048] “In an aspect, the rights management device 220 can be in communication with one or more data sources 202, an origin server, computing device 210, and/or the content distribution network 212. As an example, the rights management device 220 can be configured to manage transmission of data, such as content transmitted to one or more of the user devices 214. As a further example, the rights management device 220 can log and/or analyze a time at which one or more of the user devices 214 request data such as content.”) comprising a data structure that represents each triggered frequency filter, in a set of frequency filters (MAO [0037] “The one or more access tokens can relate to access rights, such as a right to download content, a right to present content, a right to stream content, a right to store content, a right to transmit, or a right to share content, or a combination thereof. Access rights can also comprise thresholds relating to a total number of currently active streams of the account (e.g. a limit of 5 active streams per account), a total number of currently enabled devices (e.g. a limit of 5 tokens allowing play per account, whether or not streams are active), or subscriptions (e.g. subscription must be current for asset to play), parental control settings for the account or device, or the like. Accordingly, when a particular user makes a request for particular content, the rights management device 124 can analyze the access token associated with the user and the requested content to determine if the user has rights to the requested content. In an aspect, granting the request for content can be dependent upon a location of the one or more devices, content type, access type, or time duration relating to content, or a combination thereof. In another aspect, the request for access can comprise a type of access, such as download, transmit, stream, present, or share, or a combination thereof.” The thresholds associated with access rights provide for frequency filters, wherein a met access right threshold provides for a triggered frequency filter.) for multiple content providers (MAO [0054] “In an aspect, the computing device 300 can be in communication with one or more data sources 301 and/or content providers.”), for which an event count for a specified event type corresponding to the frequency filter exceeds a maximum event count defined by the frequency filter during a time period corresponding to a specified time duration for the frequency filter (MAO [0038] “As a further example, the set of user rights can comprise a right to download a particular data asset up to a certain number of times and a right to simultaneously stream the data asset to up to a certain number of devices.”, [0056] “One or more access tokens can be associated with an expiration or time to live. As an example, the one or more access tokens may only grant rights for a pre-defined period of time (e.g., one hour, one day, one week, twelve months, etc.). Any time period can be used. Time periods associated with particular access tokens can be customized for specific users, devices, subscriptions content assets, or other criteria.”); determining, by a content provider device by querying the probabilistic data structure, whether one or more frequency filters of the content provider are triggered frequency filters represented by the probabilistic data structure; and determining, by the content provider device, a response to the request based on the determination of whether the one or more frequency filters of the content provider are triggered frequency filters represented by the probabilistic data structure (MAO [0037] “Access rights can also comprise thresholds relating to a total number of currently active streams of the account (e.g. a limit of 5 active streams per account), a total number of currently enabled devices (e.g. a limit of 5 tokens allowing play per account, whether or not streams are active), or subscriptions (e.g. subscription must be current for asset to play), parental control settings for the account or device, or the like. Accordingly, when a particular user makes a request for particular content, the rights management device 124 can analyze the access token associated with the user and the requested content to determine if the user has rights to the requested content.”). Further regarding claim 1, MAO does not explicitly teach, but in a related art SMITH teaches: a probabilistic data structure (SMITH [1180] “The content lookup may begin by checking a bloom filter stored in the blockchain to determine if there is a bit match between the hash of the search target and the bloom filter. If so, this may indicate that the content may be present in the K bucket associated with the bloom filter.”) Since MAO and SMITH are from the same field of endeavor as both are directed to secure content delivery, which is within the same field of endeavor as the claimed invention, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify and combine the teachings of MAO by incorporating the teachings of SMITH into MAO. The motivation to combine is “optimization, for example, so that the client broadcast can be quickly responded to if negative, or a more exhaustive search can be used if it is positive.”. (SMITH [1183]). Regarding claim 3, MAO-SMITH teaches: The computer-implemented method of claim 2, wherein, if it is determined that the one or more frequency filters of the content provider are triggered frequency filters represented by the probabilistic data structure, the response comprises determining to not provide content in response to the request (MAO [0005] “A number of access requests granted to the one or more users and/or devices can be determined. The access token can be modified based upon the number of access requests. If the number of access requests exceeds an access threshold, one or more subsequent access requests can be denied.”). Regarding claim 4, MAO-SMITH teaches: The computer-implemented method of claim 2, wherein, if it is determined that none of the one or more frequency filters of the content provider are triggered frequency filters represented by the probabilistic data structure, the response comprises selecting and providing content in response to the request (MAO [0038] “The first access token can also be associated with one or more data assets, such as content. The first access token can afford the first group of users a particular set of user rights such as access rights. As a further example, the set of user rights can comprise a right to download a particular data asset up to a certain number of times and a right to simultaneously stream the data asset to up to a certain number of devices. As such, when a member of the first group of users downloads the data asset, the first access token is modified to represent that a download has occurred. When the download threshold (e.g., three downloads) is met, the first access token download of the data asset can be restricted or denied.”). Regarding claim 5, MAO-SMITH teaches: The computer-implemented method of claim 2, wherein: determining, whether one or more frequency filters of the content provider are triggered frequency filters represented by the probabilistic data structure comprises determining a number of triggered frequency filters of the content provider (MAO [0037] “Access rights can also comprise thresholds relating to a total number of currently active streams of the account (e.g. a limit of 5 active streams per account), a total number of currently enabled devices (e.g. a limit of 5 tokens allowing play per account, whether or not streams are active), or subscriptions (e.g. subscription must be current for asset to play), parental control settings for the account or device, or the like. Accordingly, when a particular user makes a request for particular content, the rights management device 124 can analyze the access token associated with the user and the requested content to determine if the user has rights to the requested content. In an aspect, granting the request for content can be dependent upon a location of the one or more devices, content type, access type, or time duration relating to content, or a combination thereof.”); and determining the response to the request comprises determining the response based on the number of triggered frequency filters of the content provider (MAO “In another aspect, modifying the access token can be dependent upon a location of the one or more users, content type, access type, delivery type, or time duration relating to content, or a combination thereof. As an example, modifying the access token can be based upon limits/thresholds applied across various networks or delivery type, as QAM, wireless, or the like. In another aspect, when a member of a group of users associated with a particular access token downloads a data asset, the access token can be modified to represent that a download has occurred. When the download threshold (e.g., three downloads) is met, the download of the data asset can be restricted or denied. Similarly, if two members of the group of users are streaming the data asset and a third member of the group of users requests streaming of the data asset, the request can be denied for exceeding the threshold for streaming access allocated to the access token.”). Regarding claim 6, MAO-SMITH teaches: The computer-implemented method of claim 2, further comprising: detecting, based on data received from the client device, an occurrence of an event corresponding to a particular frequency filter; and sending, to the client device, a filter identifier that identifies the particular frequency filter, wherein the client device updates the event count for the particular frequency in response to receiving the filter identifier that identifies the particular frequency filter (MAO [0005] “A number of access requests granted to the one or more users and/or devices can be determined. The access token can be modified based upon the number of access requests.”, [0038] “The first access token can afford the first group of users a particular set of user rights such as access rights. As a further example, the set of user rights can comprise a right to download a particular data asset up to a certain number of times and a right to simultaneously stream the data asset to up to a certain number of devices. As such, when a member of the first group of users downloads the data asset, the first access token is modified to represent that a download has occurred. When the download threshold (e.g., three downloads) is met, the first access token download of the data asset can be restricted or denied.”, [0067] “As a further example, as the user checks-out an asset right associated with playback of a content asset, the device used to playback the asset right can provide tracking information, such as playback status, pause status, rewind, number of times the asset is accessed, length of time the asset is accessed, and the like. Such information can be tracked and provided by other mechanisms. As such, the tracked information can be used to update the access token associated with the particular content asset and/or user.”). Regarding claim 7, MAO-SMITH teaches: The computer-implemented method of claim 6, wherein sending the filter identifier for the particular frequency filter comprises obfuscating the filter identifier using cryptographic transformation and sending an obfuscated version of the filter identifier (SMITH [0911] “If a bloom filter structure is used for policy distribution, the policy object may associate a policy object identifier (OID) with line items in the policy structure where each policy OID may correspond to a bit in a bloom filter.”, [0334] “If an object class is associated with a number corresponding to an EPID group ID (gid) and object instances of the same type are issued private keys corresponding to the EPID group, object instances may authenticate its class to a verifier. Object class authentication is a form of attestation that allows others to interact with the object based on typed rules… For example, a function f( ) that accepts as arguments C=(c1, c2, c3, . . . cn), where cX are the object types for each of its component objects, produces an EPID gid value, C2_id, that represents the type identifier of the composite object. The implementation of f( ) may include using a cryptographic hash of each cx in C. In another example, f( ) may use an OID (Object Identifier) naming hierarchy where each cx is an OID subtree of a parent OID for C. There may be other methods for computing f( ) as well.”). Regarding claim 8, MAO-SMITH teaches: The computer-implemented method of claim 2, wherein the probabilistic data structure comprises a Bloom filter comprising a bit array (SMITH [0911] “If a bloom filter structure is used for policy distribution, the policy object may associate a policy object identifier (OID) with line items in the policy structure where each policy OID may correspond to a bit in a bloom filter.”). Regarding claim 9, MAO-SMITH teaches: The computer-implemented method of claim 2, further comprising, sending by the content provider device, the one or more frequency filters of the content provider to the client device (MAO [0037] “In an aspect, one or more access tokens can be associated with a data asset, a content asset, version or type of data asset, a user, a group of users, a device, a group of devices, a location, a class of user or device, a subscription, or the like. The one or more access tokens can relate to access rights, such as a right to download content, a right to present content, a right to stream content, a right to store content, a right to transmit, or a right to share content, or a combination thereof. Access rights can also comprise thresholds relating to a total number of currently active streams of the account”, [0067] “As a further example, as the user checks-out an asset right associated with playback of a content asset, the device used to playback the asset right can provide tracking information…As such, the tracked information can be used to update the access token associated with the particular content asset and/or user.”). Regarding claim 10, MAO-SMITH teaches: The computer-implemented method of claim 9, wherein sending the one or more frequency filters of the content provider comprises sending, for each frequency filter, an encrypted token generated by encrypting a token that defines a filter identifier for the frequency filter, the maximum event count for the specified event type, and the specified time duration for the frequency filter (SMITH [0533] “The token bucket 4704 may have an encrypted balance that may be decremented by one or more transmitting device. In some examples, a token in the token bucket may be one or more sequences encrypted with a first key, where one or more of the edge devices 4706-4710 may have a key that decrypts the token file and removes a sequence or token.”, [1215] “In an example, tokens or objects to describe functions including constants, identifiers, operators, reserved words, and separators, and preambles can be provided to the parties within the permissions guide 16502.”, [1311] “A token may be set to function for X number of packets, or X volume of data, or X period of time, or it may have an infinite lease for some types of traffic and quotas for others.”). Regarding claim 11, MAO-SMITH teaches: The computer-implemented method of claim 10, wherein the filter identifier comprises a byte array that identifies at least one of (i) a digital component corresponding to the specified event type, (ii) a content platform corresponding to the specified event type, or (iii) the specified event type (SMITH [0911] “If a bloom filter structure is used for policy distribution, the policy object may associate a policy object identifier (OID) with line items in the policy structure where each policy OID may correspond to a bit in a bloom filter. In this example, every node implementing a set of OIDs may subscribe to the bloom filter covering an OID.”, [0879] “Policies are defined as a set of rules to manage and control access to network resources. A policy may include a set of events, conditions, actions, subjects and targets.”). Regarding claims 13-20, claims 13-20 recite similar limitations as claims 2-9, but for recitation in the form of a system. MAO-SMITH teaches: A system (MAO [0002] “Provided are methods and systems for, in one aspect, managing data assets such as content presented to one or more devices or users.”) Regarding claim 21, claim 21 recite similar limitations as claim 2, but for recitation in the form of a non-transitory computer-readable medium. MAO-SMITH teaches: A system (SMITH [0664] “The non-transitory, machine readable medium 8000 may include code 8002 to direct the processor 902 to establish communications channels with other devices.”) CONCLUSION The prior art of record and not relied upon is considered pertinent to the applicant’s disclosure: Tian; Cheng US 11308228 B1 Providing Access For Online Content Via Secured URL ([AB] “Exemplary embodiments are directed to a method for allowing a user at a first client device to provide access to restricted content on a content provider server to a user at a second client device without providing identifying information of the second client device or the user to the content provider. The content provider receives a request from a messaging app on a first client device for sharing of a content item with a second client device and generates a metadata block comprising at least a link to the content item. The metadata block is sent to the first client device and, in response, a public key of a private/public key pair of the second client device is received from the first client device. A request for the content item, is then received and contains a data item digitally signed using the private key of the private/public key pair of the second client device. The public key is then used to verify the digitally signed data item, thereby confirming the identity of the second client device. Thereafter, the requested content item is sent to the second client device.”) Hotchkies; Blair Livingstone US 10311372 B1 Machine Learning Based Content Delivery ([AB] “Systems and methods for managing content delivery functionalities based on machine learning models are provided. In one aspect, content requests are routed in accordance with clusters of historical content requests to optimize cache performance. In another aspect, content delivery strategies for responding to content requests are determined based on a model trained on data related to historical content requests. The model may also be used to determine above-the-fold configurations for rendering responses to content requests. In some embodiments, portions of the model can be executed on client computing devices.”) Franklin; Paul David US 10102065 B1 Localized Failure Mode Decorrelation In Redundancy Encoded Data Storage Systems ([AB] “A data storage system, such as an archival storage system, implements failure decorrelation methods. In some embodiments, a selector is employed to select one or more data storage devices of a host for storage of incoming data. In some of such embodiments, the selector selects from among the storage devices in a random, pseudorandom, stochastic, or deterministic fashion so as to prevent correlation of one or more failure modes associated with storage of the data.”) Eldawy; Mohamed S. US 9602619 B1 Ordering Of Digital Content Based On A Content Model ([AB] “Ordering of digital content based on a content model is presented. A user request for digital content is received. A content playing model is selected from a plurality of content prefetching models. The content playing model is used for playing a plurality of portions of the digital content. The content playing models are generated based on prior history associated with the digital content. A play sequence for the digital content is generated based on the selected content playing model. The plurality of portions can be obtained using the play sequence.” Lof; Henrik Tobias US 20140310779 A1 SYSTEMS AND METHODS FOR EFFICIENT AND SECURE TEMPORARY ANONYMOUS ACCESS TO MEDIA CONTENT ([AB] “A method for providing access to media content is performed at a device with a processor and memory storing instructions for execution by the processor. The method includes receiving, from a client device, a request for access to a media item. The method further includes obtaining user information associated with a user identifier corresponding to the request. Obtaining the user information includes, if the user identifier corresponds to a first type of user identifier, retrieving the user information from a database; and if the user identifier corresponds to a second type of user identifier different from the first type of user identifier, extracting the user information from the user identifier. The method further includes performing a media access operation based on the request and the user information associated with the user identifier.”) Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kamryn Gillespie whose telephone number is 703-756-5498. The examiner can normally be reached on Monday through Thursday from 9am to 6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /K.J.G./Examiner, Art Unit 2408 /LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408