Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1 – 20 are pending.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1 – 6, 8 – 16, and 18 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Chechik et al. (Chechik), US 2022/0286432 A1.
Regarding claim 1, Chechik discloses:
A method, comprising:
receiving indications of login events of a computer account (e.g. Chechik, Abstract; fig. 2:201; fig. 9:sign-in events; par. 49), including a plurality of attributes of the login events (e.g. Chechik, par. 60; fig. 6:login features; fig. 13: browser, IP address, location, VPN, Application usage; ASP usage; fig. 17:1701);
tracking correlations between the plurality of attributes of the login events (e.g. Chechik, par. 60, 67 – 69, 72 – behavioral traits and metadata correlated with the sign-in events are tracked);
receiving a new indication of a new login event (e.g. Chechik, par. 74, 75, 161 – monitoring and analysis of new logins, e.g. a login from a specific location or time);
based at least in part on the tracked correlations and attributes of the new login event, using a machine learning model (e.g. Chechik, fig. 6) to determine a result associated with whether the new login event is anomalous (e.g. Chechik, par. 75, 76, 81, 114);
and performing a computer security action based on the result of the machine learning model (e.g. Chechik, par. 78, 79).
Regarding claim 2, Chechik discloses:
wherein the plurality of attributes of the login events includes at least a location attribute of the computer account or a networking attribute of the computer account (e.g. Chechik, par. 60, 73, 156).
Regarding claim 3, Chechik discloses:
wherein the location attribute of the computer account includes at is least a city attribute, a state attribute, a country attribute, a region attribute, or a geographical coordinates attribute (e.g. Chechik, par. 73, 75, 124).
Regarding claim 4, Chechik discloses:
wherein the networking attribute of the computer account includes at least an Internet Protocol address attribute, an Internet Service Provider attribute, or a subnetwork attribute (e.g. Chechik, par. 60, 73, 156).
Regarding claim 5, Chechik discloses:
wherein the plurality of attributes includes one or more attributes associated with a multi-factor authentication device or an access token (e.g. Chechik, par. 162 – herein the attributes may be associated with a device or agent that uses multi-factor authentication, i.e. a multi-factor authentication device or access “token”).
Regarding claim 6, Chechik discloses:
wherein at least one of the plurality of attributes is tracked using an age metric or a frequency metric (e.g. Chechik, par. 71, 124).
Regarding claim 8, Chechik discloses:
wherein the tracked correlations are stored according to one or more intervals of time (e.g. Chechik, par. 116, 128).
Regarding claim 9, Chechik discloses:
wherein at least one of the one or more intervals of time corresponds to a time of 7 days, 1 month, 3 months, 6 months, or 12 months (e.g. Chechik, par. 116, 128).
Regarding claim 10, Chechik discloses:
wherein the computer security action corresponds to blocking the new login event, suspending the computer account, requiring a password change, requiring a new multi-factor authentication device, revoking an existing multi-factor authentication device, revoking an access token, restricting access to network resources, or invalidating one or more existing user sessions (e.g. Chechik, par. 79).
Regarding claims 11 – 16 and 18 – 20, they are system and program claims essentially corresponding to the claims above, and they are rejected, at least, for the same reasons.
Furthermore because, regarding claims 11 and 20, Chechik discloses:
A system, comprising: one or more processors; and a memory coupled to the one or more processors, wherein the memory is configured to provide the one or more processors with instructions … (e.g. Chechik, par. 178 - 182) and
A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions … (e.g. Chechik, par. 178 - 182).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Chechik et al. (Chechik), US 2022/0286432 A1 in view of Nath, "A little internal on Redis hash table implementation".
Regarding claim 7, Chechik discloses a system for detecting anomalous event data and storing event data or “tracked correlations” using a Redis distributed database (e.g. Chechik, par. 119). However, Chechik does not appear to explicitly teach that a storage structure of a Redis distributed database may comprise a hashmap.
However, Nath teaches that all Redis databases employ hash tables for data storage (e.g. Nath, pg. 2). The examiner notes that a “hash table” is another term for “hash map” (e.g. for evidence, consider Sourek et al., US 2016/0112442 A1, par. 39 – “…a hash-table (also known as a hash-map)…”).
It would have been obvious to one of ordinary skill in the art to recognize the hash table (i.e. hash map) teachings of Nath within the system of Chechik, because one of ordinary skill in the art would have been motivated by the teachings that Redis databases employ hash maps for data storage (e.g. Nath, pg. 2).
Thus, the combination enables:
wherein the tracked correlations are stored using a distributed hash map data structure (e.g. Chechik, par. 119; e.g. Nath, pg. 2).
Regarding claim 17, it is a system claim essentially corresponding to the claims above, and it is rejected, at least, for the same reasons.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
See Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965. The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495