DETAILED ACTION

Currently pending claims are 1 – 5, 9 – 15, 19 – 25, 27 –33 and 35 – 36.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/25/2021 has been entered.

Response to Arguments

Applicant's arguments with respect to the subject matter of the instant claims have been fully considered but are not persuasive.
As per claim 1, Applicant asserts prior-art(s) does not teach “the analyzing further comprises an additional automated analysis of one or more additional automation factors when the behavior model result fails to provide a definitive indication of automated behavior” (Remarks: Page 10 / 4th Para).  Examiner respectfully disagrees with the following rationale.
(a) Examiner notes the claim language such as the behavior model result provides an indefinitive indication of automated behavior, as recited in the claim, is considered to be unclear and ambiguous in its meaning and its context about what exactly to constitute the extent of the relevant level to be indefinitive – accordingly, the precise metes and bound of the claim, as alleged, cannot be determined.  See § MPEP 2173.05(b)
(b) Examiner notes according to MPEP 2111 of the broadest and reasonable claim interpretations, applicant’s argument has no merit since the alleged limitation such as “what is the exact context of additional automation factors” have not been specifically recited into the claim.  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993); and 
(c) In light of that, Harrison teaches when the behavior model is directed to an inconsistent result (i.e. identifying discrepancies and inconsistencies) as one type of indefinitive indications w.r.t. malicious behaviors (Harrison: Col. 3 Line 39 – 45) basde on a series of data transfer requests and making further analysis by comparing and distincting (i.e. classifying) between human and non-human data transfer requests that results in any inconsistency based on the time at which the data transfer request was made (i.e. as additional automation factors) (Harrison: Col. 5 Line 3 – 9) so as to recognize a malicious activity of a non-human request to attack a computing system (Harrison: Col. 3 Line 39 – 45 / Line 14 – 25, Col. 18 Line 62 – 67, Col. 4 Line 38 – 40 / Line 59 – 67 and Col. 5 Line 3 – 9) – To be more specific, Harrison teaches (i) a particular computing device receives time series data over a time period, wherein the received time series data over a time period characterising data transfer requests attributable to a user (Col. 3 Line 14 – 20) and as such, the received time series data over a time period is used as one type of transition data element values and (ii) a plurality of metrics are computed accordingly from the received time series data over a time period (Col. 3 Line 14 – 15) – i.e. the transition data element value ((e.g.) the received time series data over a time period), as a whole, is thus divided, on a time series basis, by the particular computing device into one of a plurality of sets of computed metrics so as to effectively detect the malicious activity such as a non-human request to attack a computing system (see above). As such, Applicant's arguments are respectfully traversed.  

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims , 11, 21 and 29 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention because the claim language such as the behavior model result provides an indefinitive indication of automated behavior, as recited in the claim, is considered to be unclear and ambiguous in its meaning and its context about what exactly to constitute the extent of the relevant level to be indefinitive – accordingly, the precise metes and bound of the claim, as alleged, cannot be determined.  See § MPEP 2173.05(b).  Any other claims not addressed are rejected by virtue of their dependency should also be corrected.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 3, 5, 9 – 11, 13, 15, 19 – 22, 25, 27 – 30, 33 and 35 – 36 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Harrison et al. (U.S. Patent 9,369,438). 

As per claim 1, 11, 21 and 29, Harrison teaches implemented by a network security system comprising one or more network security apparatuses, client devices, or server devices, the method comprising: 
training a behavior model with behavior data generated in association with a plurality of requests (Harrison: Col. 3 Line 35 – 45 / Line 14 – 25, Col. 8 Line 40 – 45 / Line 51 – 52 / Line 55 – 58, Col. 4 Line 38 – 40, Col. 2 Line 63 – 64 / Line 55 – 57 and Col. 9 Line 11 – 16: (a) providing a learing techniqures for classification (as a classification model) to capture and analyze, over a long priod of time, the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data, wherein (b) a plurality of requests are captured including the requests submitted from both types of human users and non-human users (Col. 2 Line 63 – 64 / Line 55 – 57)  (i.e. (i.e. including both human and automatic-generated requests))); 
receiving data describing a particular request from a particular client device to a server system hosting a website, the data including particular behavior data generated at the particular client device in association with the particular request (Harrison: see above & Col. 14 Line 18 – 21 and Col. 8 Line 51 – 52: a record of data transfer requests is generated from a particular user (i.e. a particular request) via web browser(s) (i.e. webpage(s)) hosted by a web server); 
analyzing the particular behavior data using the behavior model to generate a behavior model result (Harrison: see above & Col. 9 Line 19 – 25: modeling analysis techniques including diversity, autocorrelation or entropy as well as taking into account the results of other types of modeling types of algorithms), wherein the analyzing further comprises an additional automated analysis of one or more additional automation factors when the behavior model result fails to provide a definitive indication of automated behavior (Harrison: Col. 3 Line 39 – 45) basde on a series of data transfer requests and making further analysis by comparing and distincting (i.e. classifying) between human and non-human data transfer requests that results in any inconsistency based on the time at which the data transfer request was made (i.e. as additional automation factors) (Harrison: Col. 5 Line 3 – 9) so as to recognize a malicious activity of a non-human request to attack a computing system (Harrison: Col. 3 Line 39 – 45 / Line 14 – 25, Col. 18 Line 62 – 67, Col. 4 Line 38 – 40 / Line 59 – 67 and Col. 5 Line 3 – 9) – To be more specific, Harrison teaches:
a particular computing device receives time series data over a time period, wherein the received time series data over a time period characterising data transfer requests attributable to a user (Col. 3 Line 14 – 20) and as such, the received time series data over a time period is used as one type of transition data element values, 
a plurality of metrics are computed accordingly from the received time series data over a time period (Col. 3 Line 14 – 15) – i.e. the transition data element value ((e.g.) the received time series data over a time period), as a whole, is thus divided, on a time series basis, by the particular computing device into one of a plurality of sets of computed metrics so as to effectively detect the malicious activity such as a non-human request to attack a computing system (see above); and thus
comparing and distincting (i.e. classifying) between human and non-human data transfer requests that results in any inconsistency based on the time at which the data transfer request was made (i.e. as additional automation factors) (Harrison: Col. 5 Line 3 – 9) so as to recognize a malicious activity caused by non-human requests to attack computing systems.
generating an automation determination for the particular request based on the analysis (Harrison: see above & Col. 10 Line 12 – 16: determining, for anomaly detection, whether permitting or denying the requested data transfer process to proceed); 
handling the particular request based on the automation determination for the particular request (Harrison: see <right> above).  

As per claim 3, 13, 22 and 30, Harrison teaches wherein the automation determination is made by using the behavior model for anomaly detection (Harrison: see above & Col. 10 Line 12 – 16: determining, for anomaly detection, whether permitting or denying the requested data transfer process to proceed).

As per claim 5, 15, 25 and 33, Harrison teaches wherein the behavior model is a classification model that is trained on a training set comprising labeled behavior data generated in association with a plurality of automation-initiated requests and labeled behavior data generated in association with a plurality of human-initiated requests; wherein the automation determination is a classification determination that is generated when the behavior model is applied to the particular behavior data (Harrison: Col. 3 Line 35 – 45 / Line 14 – 25, Col. 8 Line 40 – 45 / Line 51 – 52 / Line 55 – 58 and Col. 9 Line 11 – 16: capturing and analyzing the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request over a long priod of time for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data between both of human and non-human data transfer requests, wherein a plurality of requests are captured including the requests submitted from both types of human users and non-human users (i.e. human and automatic-generated requests)).

As per claim 9, 19, 27 and 35, Harrison teaches providing behavior collection code for execution at the particular client device, wherein the behavior collection code, when executed at the particular client device, causes the particular client device to collect the particular behavior data at the particular client device in association with the particular request (Harrison: see above & Col. 5 Line 42 – 47).  

As per claim 10, 20, 28 and 36, Harrison teaches providing behavior collection code for execution at the particular client device, wherein the behavior collection code, when executed at the particular client device, causes the particular client device to collect the particular behavior data at the particular client device in association with the particular request (Harrison: see above & Figure 2 & Col. 11 Line 9 – 14).  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 2, 4, 12, 14, 23 – 24, and 31 – 32 are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al. (U.S. Patent 9,369,438), in view of Munawar et al. (U.S. Patent 2017/0076224).    

As per claim 2, 12, 23 and 31, Munawar (& Harrison) teaches wherein the behavior model is trained using one or more unsupervised learning techniques and a training set of behavior data generated in association with a plurality of non-automated requests and (Munawar: Para [0046], Para [0008] / [0016], Para [0042] and Para [0049]: (a) providing a traing / learning technique in reagrd to gradient of an objective function used in an unsupervised learning algorithm w.r.t. neural network learning techniques incontrast to the conventional positive learning techniques) || (Harrison: Col. 2 Line 63 – 64 / Line 55 – 57, Col. 3 Line 35 – 45 / Line 14 – 25, Col. 8 Line 40 – 45 / Line 51 – 52 / Line 55 – 58, Col. 4 Line 38 – 40 and Col. 9 Line 11 – 16: regarding the non-automated requests, Harrison teaches (a) providing a learing techniqures for classification (as a classification model) to capture and analyze, the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data, wherein (b) a plurality of requests are captured including the requests submitted from the human users (i.e. non-automated requests) other than the non-human users (Col. 2 Line 63 – 64 / Line 55 – 57) (i.e. including both human and automatic-generated requests). 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification such as the behavior model is trained using one or more unsupervised learning techniques and a training set of behavior data generated in association with a plurality of non-automated requests because Munawar’s teaching provides an enhanced, effective and reliable (robust) traing / learning technique (as a classificationn model) in reagrd to gradient of an objective function used in an unsupervised learning algorithm w.r.t. neural network learning techniques (incontrast to the conventional positive learning techniques)
that are capable of control what should not learn as well as what should be learned well by utilizing not only the collected positive data but also the negative data to effectively adjust one or more parameters of the calssification model over the Harrison’s system of providing a learing techniqures for classification (as a classification model) to capture and analyze the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request over a long priod of time for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data (see above).

As per claim 4, 14, 24 and 32, Munawar (& Harrison) teaches wherein wherein the behavior model is an autoencoder (Munawar: Para [0042], Para [0008] / [0016] / [0046] and Para [0049]: providing an enhanced classification model (including an autoencoder technique) that are capable of control what should not learn as well as what should be learned well by utilizing not only the collected positive data but also the negative data to effectively adjust one or more parameters of the calssification model). 
See the same rationale of combination applied herein as above in rejecting the claim 2.

Claims 6, 7, 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al. (U.S. Patent 9,369,438), in view of Maisel et al. (U.S. Patent 10,360,380).  

As per claim 6, 7, 16 and 17, Maisel (& Harrison) teaches wherein the behavior model is a recurrent or a convential neural network (Maisel: Col. 7 Line 1 – 4 and Col. 6 Line 22 – 29: providing an enhanced machine learning and classification model that includes recurrent neural networks and conventional networks that can be trained to predict more effectively a speciifc classification). 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification such as the behavior model is trained using one or more unsupervised learning techniques and a training set of behavior data generated in association with a plurality of non-automated requests because Maisel’s teaching providing an enhanced machine learning and classification model that includes recurrent neural networks and conventional networks that can be trained to predict more effectively a speciifc classification over the Harrison’s system of providing a learing techniqures for classification (as a classification model) to capture and analyze the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request over a long priod of time for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to 
transfer data (see above).


Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.




Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2203 – 2021
---------------------------------------------------