SYSTEM AND METHOD FOR PROVIDING A MICRO-SERVICES COMMUNICATION PLATFORM

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 2. This action is in response to the application filed November 13, 2024. 3. Claims 1-20 have been examined and are pending with this action. 4. The Information Disclosure Statement filed February 20, 2025 has been considered. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 5. Claims 1-13, 16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Turgeman (US 10,055,560 B2) in view of Brustoloni et al. (US 2001/0034831 A1) INDEPENDENT: As per claim 1, Turgeman teaches a communication platform comprising: one or more computer processors (see Turgeman, col.4, lines 23-30: “System 200 may be implemented by using suitable hardware components and/or software modules, which may be co-located or may be distributed over multiple locations or multiple devices. Components and/or modules of system 200 may interact or communicate over one or more wireless communication links, wired communication links, cellular communication, client/server architecture, peer-to-peer architecture, or the like”); and one or more computer-readable mediums storing instructions that, when executed by the one or more computer processors, cause the communication platform to perform operations (see Turgeman, col.4, lines 23-30) comprising: detecting, based on accounting for use of a micro-service by a first account and a second account and shared profile information between the first account and the second account, an illicit usage pattern (see Turgeman, col.1, line 64-col.2, line 2: “The present invention may include, for example, systems, devices, and methods for detecting identity of a user of an electronic device, for determining whether or not an electronic device is being used by a fraudulent user, and/or for differentiating between users of a computerized service or between users of an electronic device.”; col.8, line 66-col.9, line 4: “The user-specific signal characteristics may be stored in the database 203, and may be used subsequently by comparator/matching module 204 in order to compare or match between current-characteristics and previously-estimated characteristics, thereby enabling a decision whether or not the current user is genuine or fraudulent.”; col.13, lines 53-55: “Some embodiments may further examine patterns of the inputting method, if the number of characters is identical, in order to detect a possible fraud.”; and col.54, lines 29-46: “In some embodiments, a method comprises: determining that a particular subscription account of a computerized service, is accessed by two different human users who utilize a same set of login credentials, by performing: (a) monitoring input-unit interactions of pairs of usage sessions that originated from pairs of two different subscriptions accounts; (b) extracting from the input-unit interactions that were monitored in step (a), a cross-account usage-session pairing pattern; (c) monitoring input-unit interactions of pairs of usage sessions that originated from a same subscription account; (d) extracting from the input-unit interactions that were monitored in step (c), an intra-account usage-session pairing pattern; (e) determining whether a pair of usage sessions, that originated from said particular subscription account, is: (i) relatively more similar to the cross-account usage-session pairing pattern, or (ii) relatively more similar to the intra-account usage-session pairing pattern.”); and in response to the detecting of the illicit usage pattern, preventing future interactions between the first account and the communication platform (see Turgeman, col.2, line 56-col.3, line 3: “The present invention may include detection and/or prevention of Remote Access Trojan (RAT) attacks… The RAT catcher module of the present invention may utilize knowledge of remote access protocols to provide tailored made yet robust detection and prevention techniques.”; and col.23, lines 22-29: “System 200 may comprise a credentials sharing detector 256, for detection, mitigation and/or prevention of credential sharing (e.g., username-and-password sharing, or other cases of “friendly fraud”) among two or more users, in which one user is an authorized user or “paying subscriber” who shares his credentials (e.g., for accessing a premium service) with a second user (who is not a “paying subscriber”).”). Turgeman does not explicitly teach that the service is a microservice. Brustoloni teaches a microservice (see Brustoloni, [0010]: “More particularly, a method and associated apparatus is described for providing paid access accessing, via a local area network (LAN), a micro-service provider (.mu.SP). The .mu.SP establishes a secure tunnel with each client, preventing unauthorized or nonpaying users from gaining service.”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Turgeman in view of Brustoloni by implementing a microservice. One would be motivated to do so because Turgeman teaches in the Abstract, “Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker.”, emphasis added. As per claim 7, Turgeman and Brustoloni teach a method comprising: detecting, at a communication platform, based on accounting for use of a micro-service by a first account and a second account and shared profile information between the first account and the second account, an illicit usage pattern (see Claim 1 rejection above); and in response to the detecting of the illicit usage pattern, preventing future interactions between the first account and the communication platform (see Claim 1 rejection above). As per claim 18, Turgeman and Brustoloni teach a non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a communication platform, cause the communication platform to perform operations (see Turgeman, col., lines : “”; and col., lines : “”) comprising: detecting, based on accounting for use of a micro-service by a first account and a second account and shared profile information between the first account and the second account, an illicit usage pattern (see Claim 1 rejection above); and in response to the detecting of the illicit usage pattern, preventing future interactions between the first account and the communication platform (see Claim 1 rejection above). DEPENDENT: As per claims 2, 8, and 19, which respectively depend on claims 1, 7 and 18, Turgeman further teaches wherein the detecting of the illicit usage pattern is further based on detecting that a communication stream that is registered for transmission of data of a first data type is used to transmit data of a second data type (see Turgeman, col.16, line 57-col.17, line 3: “In a second example, the code injection detector 246 may utilize data or meta-data about the length of field(s) that are expected, compared with actual number of characters typed. For example, the bank web-server may indicate to the code injection detector 246, that two fields are expected to be filled-out; a username field which is limited to 16 characters, and a password field that is limited to 20 characters. The code injection detector 246 may observe the actually-typed or actually-performed manual interactions, and may detect that the user has typed a string with a length of 45 characters; thereby indicating that possibly a third field (or additional fields) have been fraudulently “injected” into the HTML code by a malware and have fraudulently induced the user to type excessive number of characters than expected”). As per claims 3, 9, and 20, which respectively depend on claims 1, 7 and 18, Turgeman further teaches wherein the operations further comprise: in response to the detecting of the illicit usage pattern, preventing future interactions between subaccounts of the first account and the communication platform (see Turgeman, col.23, lines 36-46: “The modules of system 200 may monitor user interactions with the service (e.g., in the log-in page, and/or in subsequent pages that the user may browse, access, or otherwise interact with), and may estimate user-specific characteristics based on the user's interactions with the input unit(s), thereby allowing the system to distinguish and/or differentiate between the legitimate user (the subscriber John) and the illegitimate user who piggy-backs on the credentials of the legitimate user in order to access or consume premium content without separately subscribing to it.”; and col.24, lines 19-23: “identification of a licensee in order to detect or prevent software piracy or unauthorized usage by non-licensee user(s), for software or products that are sold or licensed on a per-user basis or a per-seat basis.”). As per claims 4 and 10, which respectively depend on claims 1 and 7, Turgeman further teaches wherein the operations further comprise: calculating a fraud score from usage data for the first account; and determining whether the fraud score satisfies a fraud threshold (see Turgeman, col.7, lines 25-33: “The system may thus utilize such injected GUI-based (or other types of user experience) interferences, as a trigger for measuring the latency in user response or the latency in user reaction; a greater latency (e.g., relative to previous measurements, or relative to a threshold value) may indicate that the user is a remote attacker or a RAT-based attacker; while a shorter latency (e.g., relative to previous measurements, or relative to a threshold value) may indicate that the user is a local (genuine) user and not a remote attacker.”). As per claims 5 and 11, which respectively depend on claims 1 and 7, Turgeman further teaches wherein the operations further comprise: providing the micro-service in relation to a communication session between a first communication endpoint and a second communication endpoint (see Turgeman, col.4, lines 5-11: “The present invention may thus place user characteristics (interaction features) on a similar chart or graph, utilizing one-dimension, two-dimensions, or multiple dimensions; in order to distinguish between a genuine local user, and a fraudster (human hacker, or automatic script or “bot”) that utilizes a RAT-based mechanism, to access the service.”; and Claim 1 rejection above for “microservice”). As per claims 6 and 12, which respectively depend on claims 1 and 7, Turgeman further teaches wherein the operations further comprise: establishing, for the first account, a micro-service configuration that describes triggering conditions for initiating use of the micro-service in relation to the first account (see Turgeman, col.4, lines 5-11: “The present invention may thus place user characteristics (interaction features) on a similar chart or graph, utilizing one-dimension, two-dimensions, or multiple dimensions; in order to distinguish between a genuine local user, and a fraudster (human hacker, or automatic script or “bot”) that utilizes a RAT-based mechanism, to access the service.”; col.4, lines 46-531: “A comparator/matching module 204 may compare or match, between values of user-specific features that are extracted in a current user session (or user interaction), and values of respective previously-captured or previously-extracted user-specific features (of the current user, and/or of other users, and/or of pre-defined sets of values that correspond to known automated scripts or “bots” or RAT mechanism).”; and Claim 1 rejection above for “microservice”). As per claims 8 and 19, which respectively depend on claims 7 and 18, Turgeman further teaches wherein the detecting of the illicit usage pattern is further based on detecting that a communication stream that is registered for transmission of data of a first data type is used to transmit data of a second data type (see Turgeman, col.16, line 57-col.17, line 3: “In a second example, the code injection detector 246 may utilize data or meta-data about the length of field(s) that are expected, compared with actual number of characters typed. For example, the bank web-server may indicate to the code injection detector 246, that two fields are expected to be filled-out; a username field which is limited to 16 characters, and a password field that is limited to 20 characters. The code injection detector 246 may observe the actually-typed or actually-performed manual interactions, and may detect that the user has typed a string with a length of 45 characters; thereby indicating that possibly a third field (or additional fields) have been fraudulently “injected” into the HTML code by a malware and have fraudulently induced the user to type excessive number of characters than expected”). As per claims 9 and 20, which respectively depend on claims 7 and 18, Turgeman further teaches further comprising: in response to the detecting of the illicit usage pattern, preventing future interactions between subaccounts of the first account and the communication platform (see Turgeman, col.23, lines 36-46: “The modules of system 200 may monitor user interactions with the service (e.g., in the log-in page, and/or in subsequent pages that the user may browse, access, or otherwise interact with), and may estimate user-specific characteristics based on the user's interactions with the input unit(s), thereby allowing the system to distinguish and/or differentiate between the legitimate user (the subscriber John) and the illegitimate user who piggy-backs on the credentials of the legitimate user in order to access or consume premium content without separately subscribing to it.”; and col.24, lines 19-23: “identification of a licensee in order to detect or prevent software piracy or unauthorized usage by non-licensee user(s), for software or products that are sold or licensed on a per-user basis or a per-seat basis.”). As per claim 13, which depends on claim 12, Turgeman teaches further comprising: detecting, based on event data of the first account, that a triggering event associated with the first account has been triggered (see Turgeman, Abstract, “Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker.”); and processing detection of the triggering event according to the triggering conditions for use of the micro-service described by the micro-service configuration (see Turgeman, col.4, lines 5-11: “The present invention may thus place user characteristics (interaction features) on a similar chart or graph, utilizing one-dimension, two-dimensions, or multiple dimensions; in order to distinguish between a genuine local user, and a fraudster (human hacker, or automatic script or “bot”) that utilizes a RAT-based mechanism, to access the service.”; col.4, lines 46-531: “A comparator/matching module 204 may compare or match, between values of user-specific features that are extracted in a current user session (or user interaction), and values of respective previously-captured or previously-extracted user-specific features (of the current user, and/or of other users, and/or of pre-defined sets of values that correspond to known automated scripts or “bots” or RAT mechanism).”; and Claim 1 rejection above for “microservice”). As per claim 16, which depends on claim 8, Turgeman teaches wherein a first billing profile for the first account defines a pricing of usage at a first tier of usage and a second billing profile for the second account defines the pricing of usage at a second tier of usage (see Turgeman, col.28, lines 34-39: “The system may thus be able to identify that a particular subscription-account is utilized by two different human users, rather by the same single human user; and may generate a suitable notification (e.g., a possible fraud notification; a notification to billing department; a notification to cost-containment department).”). 6. Claims 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Turgeman (US 10,055,560 B2) and Brustoloni et al. (US 2001/0034831 A1), and still further in view of Bae et al. (US 2005/0213520 A1). As per claim 14, which depends on claim 12, although Turgeman teaches first account and second account Brustoloni teaches micro-service (see Claim 1 rejection above), neither Turgeman nor Brustoloni teach further comprising: establishing, for the second account, a second service configuration that describes triggering conditions for initiating use of the service in relation to the second account, the triggering conditions for use of the service by the second account being different than the triggering conditions for use of the service by the first account. Bae teaches establishing, for the second account, a second service configuration that describes triggering conditions for initiating use of the service in relation to the second account, the triggering conditions for use of the service by the second account being different than the triggering conditions for use of the service by the first account (see Bae, [0093]: “Even if a CAMEL service subscriber subscribes to a plurality of CAMEL services and the CAMEL services are triggered by different CSI, that is, O-CSI and D-CSI, the D-CSI triggered CAMEL services can support supplementary services such as disconnection of a terminating connection leg as well as existing basic functions.”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Turgeman and Brustoloni in view of Bae by implementing establishing, for the second account, a second service configuration that describes triggering conditions for initiating use of the service in relation to the second account, the triggering conditions for use of the service by the second account being different than the triggering conditions for use of the service by the first account. One would be motivated to do so because it is well-known, routine, and conventional for different services to have different triggering or instantiating means. As per claim 15, which depends on claim 14, teaches further comprising: accounting for usage of the micro-services in association with the second account based on the second micro-service configuration established for the second account (see Turgeman, col.28, lines 34-39: “The system may thus be able to identify that a particular subscription-account is utilized by two different human users, rather by the same single human user; and may generate a suitable notification (e.g., a possible fraud notification; a notification to billing department; a notification to cost-containment department).”). 7. Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Turgeman (US 10,055,560 B2) and Brustoloni et al. (US 2001/0034831 A1), and still further in view of Official Notice. As per claim 17, which depends on claim 16, although neither Turgeman nor Brustoloni teach wherein the pricing of usage at the second tier of usage is higher than the pricing of usage at the first tier of usage, the examiner takes Official Notice. Missing further functional limitation with respect to claim 17, one of ordinary skill in the art would conclude varying prices for varying degrees, levels, or tiers of service usage, and irrespective of the tier of usage, greater usage will clearly result in a higher price. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Turgeman and Brustoloni in view of Official Notice so that the pricing of usage at the second tier of usage is higher than the pricing of usage at the first tier of usage. One would be motivated to do so because more usage in anything resource results in a higher price, when cost is involved. Conclusion 8. For the reasons above, claims 1-20 have been rejected and remain pending. 9. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL Y WON whose telephone number is (571)272-3993. The examiner can normally be reached on Wk.1: M-F: 8-5 PST & Wk.2: M-Th: 8-7 PST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R Taylor can be reached on 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Michael Won/Primary Examiner, Art Unit 2443