DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application is being examined under the pre-AIA  first to invent provisions.
Response to Amendment
2. This is in response to the amendments filed on 02/02/2021. Claims 1, 5, 11 - 12, 24 -26 and 29 have been amended. Claims 1 – 11, 13 – 24, and 26 – 28 are currently pending and have been considered below.

Allowable Subject Matter
3.    Claims 1 – 11, 13 – 24, and 26 – 28 are allowed as amended.

Examiner Reason for Allowance
4.    The following is an examiner’s statement of reasons for allowance: The Examiner finds novel the features of: determining a first fidelity value that represents a degree to which the first activity pattern indicates malicious activity; determining a second fidelity value that represents a degree to which the second activity pattern indicates malicious activity wherein a query of the one or more cardinality-based activity pattern queries specifies an activity pattern cardinality and a predefined interval to execute the query, wherein the activity pattern cardinality indicates a number of distinct activity patterns, wherein a result of the query indicates a plurality of detected activity. The closest prior art being "Gong" (US 20160065601 A1), “Turgeman” (US 20140325682 A1), “Kim” (US 2016035987 A1), “Demir” (US 20090132340 A1) and newly cited “Shih” (US Gong discloses a system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold.  Turgeman discloses devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. Kim discloses an apparatus, a system and a method for detecting and preventing malicious scripts. The apparatus for detecting and preventing malicious scripts includes a signature management unit managing a first signature including code pattern information of previously-detected malicious scripts. Demir discloses A method for maximizing page yield in advertisement display to Web users includes tracking click activity associated with advertisements displayed to users through a hierarchal set of search results pages associated with a keyword. New art Shih discloses a privileged account manager to detect a first activity pattern that may include a sequence of one or more activities performed by a first user during the privileged session. The privileged account manager may be configured to identify a second activity pattern that comprises at least a subset of the one or more activities performed by the first user during the privileged session and determine an appropriate action to be performed for the first activity pattern based on the identification of the second activity pattern.

5. What is missing from the prior art of record is a computer-readable storage media, a method, and a system for determining a query of the one or more cardinality-based activity pattern queries that specifies an activity pattern cardinality and a predefined interval to execute the query, in the context of determining a first fidelity value that represents a degree to which the first activity pattern indicates malicious activity; determining a second fidelity value that represents a degree to which the second activity pattern indicates malicious activity.  

Thus the prior art does not teach or suggest, either individually or in combination, the subject matter as claimed in claims 1,11, and 24. Therefore claims 1, 11, and 24 are deemed allowable over the prior art of record. The corresponding depending claims that further limit claims 1, 11, and 24 also contain allowable subject matter by virtue of their dependency.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 2491
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491