DETAILED ACTION
This communication is responsive to the application # 16/233,839 filed on December 27, 2018. Claims 1-20 are pending and are directed toward EMULATOR DETECTION THROUGH USER INTERACTIONS.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


 Claims 1-3, 6, 7, 15-20 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Turgeman (US 2015/0256528, Pub. Date: Sep. 10, 2015), hereinafter referred to as Turgeman28.
As per claim 1, Turgeman28 teaches a system (40 SERVER, Turgeman28, FIG. 4) comprising:
a non-transitory memory (48 MEMORY, Turgeman28, FIG. 4); and
46 PROCESSOR, Turgeman28, FIG. 4) comprising:
receiving first data associated with a user account from an electronic device (For example, a user may be required to enter a username and a password in order to access an email account, or in order to access an online banking interface or website. Turgeman28, [0006]),
wherein the first data comprises identification data and interaction data, and wherein the interaction data is associated with an action on an interface of the electronic device (In some instances, cursor movement may be controlled by a user using a device having a touch-screen display. The user's specific compensating motions upon the touch screen are then measured to determine the user’s “characteristic response' for user identification. In use of the method of the invention with a touch-screen display, the "cursor movement device' is defined as the touch-screen and its associated software for controlling cursor movement. Turgeman28, [0046]);
determining, based at least on the identification data, that the electronic device is a mobile device, wherein the action on the electronic device is of a type performed through a direct input by a user (The present invention may be used in conjunction with various suitable devices and systems, for example, various devices that have a touch-screen; Turgeman28, [0158]);
analyzing the interaction data to determine that the interaction data indicates that the action on the interface of the electronic device was controlled by an indirect input (An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized service (a banking website, an electronic commerce website, or the like) or with a local application or Web-browser running on the end-user device. A usage interference is injected or introduced, or an input/ output mismatch or abnormality is created, causing an output displayed on the screen of the end-user device, to be non-matching to the expected output that is typically displayed in response to regular non-interfered user gestures or regular non-interfered user input. Turgeman28, [0074]);
determining, based on the analyzing, that the action was performed through a mobile device emulator (62 BOT, Turgeman28, FIG. 4); and
flagging (The lack of a different response can be interpreted as indicative that the end-user is a bot. Turgeman28, [0072]), based on the determining that the action was performed through the mobile device emulator, the user account (The reaction or the corrective manual actions of the user are monitored, tracked and analyzed, in order to differentiate among users, or in order to differentiate between an authorized human user and a human cyber-attacker, or in order to differentiate between an authorized human user and a computer bot or an automatic computerized script. Turgeman28, [0074]).
As per claim 2, Turgeman28 teaches the system of claim 1, wherein the interaction data is associated with a scrolling force (In some embodiments, the cursor movement is diverted by changing the ratio of the angle and/or magnitude of cursor movement specified by the cursor movement device or by the emulated cursor movement device to the angle and/or magnitude of the movement of the cursor on the display or on the emulated display. Turgeman28, [0095]).
As per claim 3, Turgeman28 teaches the system of claim 2, wherein the interaction data indicates constant force scrolling or zero force scrolling (The user's specific compensating motions upon the touchscreen are then measured to determine the user's "characteristic response" for user identification. In use of the method of the invention with a touch-screen display, the "cursor movement device" is defined as the touch-screen and its associated software for controlling cursor movement. Turgeman28, [0046]).
As per claim 6, Turgeman28 teaches the system of claim 1, wherein the interaction data indicates a lag period associated with the action (Turgeman28, [0138]).
As per claim 7, Turgeman28 teaches the system of claim 6, wherein the lag period is below a first threshold period, and wherein a lag period of the electronic device is greater than the first threshold period (and only after said intentional delay period, updating the display of the output unit to correspond to the effect of said user-performed click. Turgeman28, [0138]).
As per claim 15, Turgeman28 teaches a non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations (Some embodiments of the present invention may be implemented, for example, as a built-in or integrated security feature which may be a component or a module of a system or device, or may be a downloadable or install-able application or module, or plug-in or extension; or as a module of a web-site or web-page, or of a client-server system or a "cloud computing" system; or as machine-readable medium, Turgeman28, [0157]) comprising:
receiving first data from a display of a first electronic device, wherein the first data is generated by an interaction associated with content displayed on the first electronic device (In some embodiments, the output unit comprises a display for human use or an emulated display for a bot, Turgeman28, [0104]);
comparing the first data to stored second data associated with a second electronic device associated with an account associated with the content or the second electronic device (and comparing between (A) the user-specific end-user characteristic that was extracted from the end-user response to the displayed aberration, and (B) one or more stored characteristic responses that are stored in a database indicating prior responses of the end-user to displayed aberrations; wherein finding a match by said comparing is indicative of the identity of the end-user. Turgeman28, [0114]);
determining, based on the comparing, that the interaction was by a third electronic device controlling the first electronic device through a mobile device emulator and not by a user associated with the account (In some embodiments, the end-user response to the displayed aberration is generated by the cursor movement device or by the emulated cursor movement device. Turgeman28, [0105]); and
denying, based on the determining, access to the account (Turgeman28, [0063],[0170]).
As per claim 16, Turgeman28 teaches the non-transitory machine-readable medium of claim 15, wherein the comparing the first data comprises analyzing metadata of the first data (Turgeman28, [0054]).
As per claim 17, Turgeman28 teaches the non-transitory machine-readable medium of claim 16, wherein the analyzing the metadata comprises determining that the metadata indicates that the interaction with the first electronic device comprises indirect scrolling, and wherein the stored second data indicates that the second electronic device is operated by direct scrolling (Turgeman28, [0055]).
As per claim 18, Turgeman28 teaches the non-transitory machine-readable medium of claim 17, wherein the indirect scrolling is determined to be through the third electronic device (Turgeman28, [0047]).
As per claim 19, Turgeman28 teaches the non-transitory machine-readable medium of claim 17, wherein the direct scrolling comprises scrolling on a touch-screen display of the second electronic device (Turgeman28, [0151]).
claim 20, Turgeman28 teaches the non-transitory machine-readable medium of claim 15, wherein the first electronic device and the second electronic device are of a same type comprising a smart phone, a personal computer, a desktop computer, or a wearable computing device (Turgeman28, [0064], [[0158]).
Claims 8-14 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Turgeman (US 2015/0205944, Pub. Date: Jul. 23, 2015), hereinafter referred to as Turgeman44.
As per claim 8, Turgeman44 teaches a method comprising:
receiving first data associated with a user account from an electronic device, wherein the first data comprises identification data and interaction data (In some embodiments, the grouping and/or tagging may be performed and later utilized, based on biometric traits, behavioral traits, identified cognitive traits, identified physical traits or physiological traits of the users, and/or a combination of such traits or such multiple types of traits, Turgeman44, [0065]), wherein the interaction data is associated with a scrolling action on an interface of the electronic device (the trait that the user scrolls the screen vertically using a scroll-wheel of the mouse, rather by pressing the Arrow Keys on the keyboard, Turgeman44, [0065]);
determining that the identification data identifies the electronic device as a first type of device (the system may firstly determine or estimate or recognize, which user-specific features or traits are cross-platform features or traits, and/or are transferable from a first platform (e.g., a first device, or type of device) to a second platform (e.g., a second device, or type of device). Turgeman44, [0066]);
determining that scrolling on the electronic device is controlled by a direct input (the trait that the user is right-handed based on analysis of curved motion of the thumb when the user scrolls or taps a smartphone, such that the analysis indicates that the on-screen curve gesture matches a right-handed person that utilized his right-hand thumb, Turgeman44, [0065]);
determining that the interaction data indicates that the scrolling action on the electronic device was controlled by an indirect input (For example, false identity created by automated malware may be detected by the present invention as such automated malware may lack the characterization of human ( e.g., the manual activity having the particular user-specific traits, as described above). Turgeman44, [0076]);
determining, based on the determining that the scrolling action on the electronic device was controlled by indirect input, that the electronic device is operating a mobile device emulator (The present invention may differentiate or distinguish between the genuine (human) user, and a robot or a machine-operable module or function (e.g., implemented as a computer virus, a Trojan module, a cyber-weapon, or other malware)   which attempts to automatically imitate or emulate or simulate movement of a cursor or other interaction with a touch-screen. Turgeman44);
and taking an action, based on the determining that the electronic device is operating the mobile device emulator, on the user account (The combined factors and data may be taken into account by a user identity determination module 105, which may determine whether or not the current user is a fraudster or is possibly a fraudster. The user identity determination module 105 may trigger or activate a fraud mitigation module 106 able to perform one or more fraud mitigating steps based on that determination; for example, by requiring the current user to respond to a challenge, to answer security question(s), to contact customer service by phone, to perform a two-step authentication or two-factor authentication, or the like. Turgeman44).
claim 9, Turgeman44 teaches the method of claim 8, further comprising: determining, based on the interaction data, that the electronic device is a second type of device different from the first type (Turgeman44, [0038]).
As per claim 10, Turgeman44 teaches the method of claim 9, wherein the first type of device differs in hardware and/or software from the second type of device (Turgeman44, [0038]).
As per claim 11, Turgeman44 teaches the method of claim 8, wherein the indirect input comprises scrolling at least partially controlled by a secondary electronic device (Turgeman44, [0057]).
As per claim 12, Turgeman44 teaches the method of claim 11, wherein the secondary electronic device comprises a mouse and/or a keyboard (by accessing an online account via a laptop, Turgeman44, [0057]).
As per claim 13, Turgeman44 teaches the method of claim 8, wherein the electronic device comprises a touch-screen display, and wherein the direct input comprises user interactions with the touch-screen display (Turgeman44, [0025]).
As per claim 14, Turgeman44 teaches the method of claim 8, wherein the identification data is at least partially generated by the mobile device emulator (Turgeman44, [0076]).
 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the 

Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Turgeman (US 2015/0256528, Pub. Date: Sep. 10, 2015), in view of Schwarz et al. (US 2017/0024073, Pub. Date: Jan. 26, 2017), hereinafter referred to as Turgeman28 and Schwarz.
As per claim 4, Turgeman28 teaches the system of claim 1, but does not teach a touch radius, Schwarz however teaches wherein the interaction data is associated with a touch radius (Each touch event has a centroid position, which denotes the approximate center of the touch area, and a radius indicating the maximum distance from the centroid to the perimeter of the touch area. In one example, the features consist of statistics (mean/standard deviation/minimum/maximum) computed over sequences of touch events corresponding to a particular touch contact for each time window. These statistics are calculated for the radius of each event and speed and acceleration of consecutive events. Additional features include the total number of events in the sequence and mean/stdev/min/max calculated over the Cartesian distances between the centroid of the touch event at t=0 and all touch events in any concurrent sequences (belonging to other touch contacts). Schwarz, [0020]).
Turgeman28 in view of Schwarz are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Turgeman28 in view of Schwarz. This would have been desirable because minimum distance to other touches, number of touch events, and min/mean/max/stdev of touch radius are found to be most predictive (Schwarz, [0020]).

As per claim 5, Turgeman28 teaches the system of claim 2, wherein the interaction data indicates a constant touch radius during the action (All of these features are rotation and flip invariant. Schwarz, [0020]).
inimum distance to other touches, number of touch events, and min/mean/max/stdev of touch radius are found to be most predictive (Schwarz, [0020]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on Monday-Friday 7:30am - 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/OLEG KORSAK/
Primary Examiner, Art Unit 2492