DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-20 are presented for examination.

Specification
The disclosure is objected to because of the following informalities: 
In [0023], line 11: “360” should read –160–.
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01. (see [0045])
Appropriate correction is required.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 125 (Figure 1); 310 (Figure 3).  
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wicker et al. (US 2019/0334942 A1 and Wicker hereinafter) in view of Gilbert et al. (US 2007/0226796 A1 and Gilbert hereinafter), and further in view of Ben Ezra et al. (US 2018/0069875 A1 and Ben Ezra hereinafter).
As to claim 1, Wicker discloses a system and method for curating threat intelligence data, the system and method having:
determining, responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online entity that are associated with the first electronic attack (0037, lines 1-4); 
analyzing a plurality of other online entities to identify a second online entity that shares at least one of the vulnerability characteristics with the first online entity (0037, lines 4-8); 
predicting, based on the shared vulnerability characteristics, that the second online entity is a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the at least one of the shared vulnerability characteristics (0037, lines 4-8); 
wherein at least one of the receiving, the determining, the analyzing, the predicting, or the performing is performed using one or more electronic hardware processors (0026, lines 18-21). 
Wicker fails to specifically disclose:
receiving an indication that a first online entity has undergone or is undergoing a first electronic attack made by one or more actors engaged in an online action with the first online entity that is indicative of fraud; 
performing an action to mitigate potential damage of the second electronic attack.

Gilbert discloses a system and method for tactical and strategic attack detection and prediction, the system and method having:
receiving an indication that a first online entity has undergone or is undergoing a first electronic attack made by one or more actors engaged in an online action with the first online entity that is indicative of fraud (0047, lines 1-5). 
Given the teaching of Gilbert, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker with the teachings of Gilbert by indicating an attack. Gilbert recites motivation by disclosing that identifying attacks against an entity is used to match patterns of attacks in a network (0047, lines 1-8). It is obvious that the teachings of Gilbert would have improved the teachings of Wicker by indicating an attack in order to identify patterns of attack in a network.

Wicker in view of Gilbert fails to specifically disclose:
performing an action to mitigate potential damage of the second electronic attack.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed Wicker in view of Gilbert, as taught by Ben Ezra.
Ben Ezra discloses a system and method for attack sequencing matching, the system and method having:
performing an action to mitigate potential damage of the second electronic attack (0061, lines 1-7).
Given the teaching of Ben Ezra, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the 

As to claim 2, Wicker discloses:
gathering information from a plurality of online entities that include the first online entity and the second online entity (0026, lines 1-5; 0027, lines 1-17); 
saving the gathered information in an electronic database (0026, lines 18-21). 

As to claim 3, Wicker fails to specifically disclose:
wherein: the gathering comprises conducting search engine queries based on each of the plurality of online entities and calculating query distances between the online entity on which the search engine query was conducted and other online entities; 
the saving comprises saving the calculated query distances in the electronic database; 
the determining the one or more vulnerability characteristics comprises retrieving the saved query distances from the electronic database; 
the analyzing comprises identifying the second online entity in response to a query distance between the first online entity and the second online entity being less than a predefined threshold. 
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Wicker, as taught by Gilbert.
Gilbert discloses:
wherein: the gathering comprises conducting search engine queries based on each of the plurality of online entities and calculating query distances between the online entity on which the search engine query was conducted and other online entities (0130, lines 12-17; 0131, lines 1-9); 
the saving comprises saving the calculated query distances in the electronic database (0134, line 14); 
the determining the one or more vulnerability characteristics comprises retrieving the saved query distances from the electronic database (0134, lines 4-11); 
the analyzing comprises identifying the second online entity in response to a query distance between the first online entity and the second online entity being less than a predefined threshold (0131, lines 6-9; 0134, lines 8-17). 
Given the teaching of Gilbert, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker with the teachings of Gilbert by identifying an entity based on a distance. Gilbert recites motivation by disclosing that identifying a second entity in response to a query distance allows for the identification of inexact matches and indication of morphing attack patterns (0133; 0134). It is obvious that the teachings of Gilbert would have improved the teachings of Wicker by identifying a second entity in response to a query distance for the identification of inexact matches and indication of morphing attack patterns.

As to claim 11, Wicker in view of Gilbert fails to specifically disclose:
wherein the performing the action comprises sending a notification to the second online entity regarding the second electronic attack or temporarily denying transactions involving the second online entity. 

Ben Ezra discloses:
wherein the performing the action comprises sending a notification to the second online entity regarding the second electronic attack or temporarily denying transactions involving the second online entity (0061, lines 1-17). 
Given the teaching of Ben Ezra, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker in view of Gilbert with the teachings of Ben Ezra by sending a notification regarding the attack or temporarily denying transactions. Please refer to the motivation recited above with respect to claim 1 as to why it is obvious to apply the teachings of Ben Ezra to the teachings of Wicker in view of Gilbert.

Claims 4 and 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wicker in view of Gilbert and Ben Ezra as applied to claim 2 above, and further in view of Lavi et al. (US 2019/0007440 A1 and Lavi hereinafter).
As to claim 4, Wicker in view of Gilbert and Ben Ezra fails to specifically disclose:
wherein: the gathering comprises electronically scanning source codes of websites of each of the plurality of online entities to determine whether the scanned websites contain electronic links to other websites of other entities; 
the saving comprises saving results of the electronically scanning in the electronic database; 
the determining the one or more vulnerability characteristics comprises retrieving the results of the electronically scanning from the electronic database. 

Lavi discloses a system and method for dark web monitoring, analysis, and alert, the system and method having:
wherein: the gathering comprises electronically scanning source codes of websites of each of the plurality of online entities to determine whether the scanned websites contain electronic links to other websites of other entities (0129, lines 1-5); 
the saving comprises saving results of the electronically scanning in the electronic database (0129, lines 4-5; 0133, lines 1-2); 
the determining the one or more vulnerability characteristics comprises retrieving the results of the electronically scanning from the electronic database (0134, lines 3-5). 
Given the teaching of Lavi, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker in view of Gilbert and Ben Ezra with the teachings of Lavi by scanning source codes to determine vulnerability characteristics. Lavi recites motivation by disclosing that scanning source codes of websites provides to monitor and provide alerts and therefor provide protection (0007). It is obvious that the teachings of Lavi would have improved the teachings of Wicker in view of Gilbert and Ben Ezra by scanning source codes of websites in order to monitor and provide alerts.

As to claim 5, Wicker in view of Gilbert and Ben Ezra fail to specifically disclose:
wherein the analyzing comprises identifying the second online entity in response to the results indicating that: the website of the first online entity contains a link to the website of the second online entity; or the website of the second online entity contains a link to the website of the first online entity. 

Lavi discloses:
wherein the analyzing comprises identifying the second online entity in response to the results indicating that: the website of the first online entity contains a link to the website of the second online entity; or the website of the second online entity contains a link to the website of the first online entity (0129, lines 1-5). 
Given the teaching of Lavi, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker in view of Gilbert and Ben Ezra with the teachings of Lavi by identifying the second entity indicating a link. Please refer to the motivation recited above with respect to claim 4 as to why it is obvious to apply the teachings of Lavi to the teachings of Wicker in view of Gilbert and Ben Ezra.

Claims 8 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wicker in view of Gilbert, Ben Ezra, and Lavi as applied to claim 4 above, and further in view of Ramos et al. (US Patent 10,460,306 B1 and Ramos hereinafter).
As to claim 8, Wicker in view of Gilbert, Ben Ezra, and Lavi fails to specifically disclose:
wherein the analyzing comprises identifying the second online entity in response to the results indicating that the first online entity and the second online entity both accept a particular payment type. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Wicker in view of Gilbert, Ben Ezra, and Lavi, as taught by Ramos.
Ramos discloses a system and method for credit data analysis, the system and method having:
wherein the analyzing comprises identifying the second online entity in response to the results indicating that the first online entity and the second online entity both accept a particular payment type (col. 12, lines 35-39). 
Given the teaching of Ramos, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker in view of Gilbert, Ben Ezra, and Lavi with the teachings of Ramos by identifying an entity as a result indicating a shared payment type. Ramos recites motivation by disclosing that identifying merchants of particular characteristics such as accepted payment or goods and service determines available merchants (col. 11, lines 22-45). It is obvious that the teachings of Ramos would have improved the teachings of Gilbert, Ben Ezra, and Lavi by identifying a merchant indicating a shared payment type.


As to claim 9, Wicker in view of Gilbert, Ben Ezra, and Lavi fails to specifically disclose:
wherein the analyzing comprises identifying the second online entity in response to the results indicating that the first online entity and the second online entity both offer a particular category of goods that exceed a predefined monetary value. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Wicker in view of Gilbert, Ben Ezra, and Lavi, as taught by Ramos.
Ramos discloses:
wherein the analyzing comprises identifying the second online entity in response to the results indicating that the first online entity and the second online entity both offer a particular category of goods that exceed a predefined monetary value (col. 12, lines 4-9, 35-39). 
.

Claims 12-14 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wicker in view of Ben Ezra.
As to claim 12, Wicker in view of Ben Ezra discloses:
a non-transitory memory (0017, lines 4-9); 
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising (0017, lines 4-9): 
determining one or more vulnerability characteristics of a first online entity (0037, lines 1-4); 
accessing a database storing vulnerability characteristics and electronic attack data for a plurality of online entities who have been subject of an electronic attack (0034, lines 6-8; 0037, lines 4-8); 
determining that a first vulnerability characteristic from the one or more vulnerability characteristics of the first online entity is shared with a second online entity from the plurality of online entities (0037, lines 4-8); 
predicting, based on the first vulnerability characteristic, that the first online entity is a potential target for a first type of electronic attack associated with the first vulnerability characteristic (0037, lines 4-8).
Wicker fails to specifically disclose:
performing an action directed to the first online entity in response to the predicting and based on the first vulnerability characteristic. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed Wicker, as taught by Ben Ezra.
Ben Ezra discloses:
performing an action directed to the first online entity in response to the predicting and based on the first vulnerability characteristic (0061, lines 1-7). 
Given the teaching of Ben Ezra, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker with the teachings of Ben Ezra by performing an action based on the vulnerability characteristic. Please refer to the motivation recited above with respect to claim 1 as to why it is obvious to apply the teachings of Ben Ezra to the teachings of Wicker.

As to claim 13, Wicker discloses:
wherein the operations further comprise determining a risk score associated with the first vulnerability characteristic (0027, lines 1-18). 

As to claim 14, Wicker fails to specifically disclose:
wherein the predicting is further based on the risk score meeting or exceeding a predetermined threshold. 

Ben Ezra discloses:
wherein the predicting is further based on the risk score meeting or exceeding a predetermined threshold (0061, lines 1-3). 
Given the teaching of Ben Ezra, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker with the teachings of Ben Ezra by predicting based on the risk score meeting or exceeding a threshold. Please refer to the motivation recited above with respect to claim 1 as to why it is obvious to apply the teachings of Ben Ezra to the teachings of Wicker.

As to claim 19, Wicker fails to specifically disclose:
wherein the action comprises a notification of the first type of electronic attack, a suggested action for the first online entity to take for the first type of electronic attack, temporarily suspending transaction processing with the first online entity, or invoking additional security measures with transaction processing with the first online entity. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed Wicker, as taught by Ben Ezra.
Ben Ezra discloses:
wherein the action comprises a notification of the first type of electronic attack, a suggested action for the first online entity to take for the first type of electronic attack, temporarily suspending transaction processing with the first online entity, or invoking additional security measures with transaction processing with the first online entity (0061, lines 1-17). 
.

Claim 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wicker in view of Ben Ezra as applied to claim 13 above, and further in view of Mattson et al. (US 2017/023776 A1 and Mattson hereinafter).
As to claim 18, Wicker in view of Ben Ezra fails to specifically disclose:
the first type of electronic attack comprises a carding attack or a credential stuffing attack. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Wicker in view of Ben Ezra, as taught by Mattson.
Mattson discloses a system and method for deploying countermeasures, the system and method having:
the first type of electronic attack comprises a carding attack or a credential stuffing attack (0006, lines 1-7). 
Given the teaching of Mattson, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Wicker in view of Ben Ezra with the teachings of Mattson by detecting a carding or credential stuffing attack. Mattson recites motivation by disclosing that attackers may use bots to commit many types of unauthorized acts, crimes, or computer fraud such as carding or credential attacks which therefore must be monitored in order to provide protection (0007; 0008). It is obvious .

	
Allowable Subject Matter
Claim 20 is allowed.
The following is an examiner’s statement of reasons for allowance: 
Although the prior art of record (such as Wicker) teaches determining, based on the indication of the first electronic attack, one or more vulnerability characteristics of the first member that are associated with the first electronic attack (0037, lines 1-4); determining, based at least in part on the profile information saved in the electronic database, that a second member of the online entities shares at least one of the vulnerability characteristics with the first member (0037, lines 4-8); predicting that the second member is a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the at least one of the shared vulnerability characteristics (0037, lines 4-8); Gilbert teaches receiving an indication that a first member of the online entities has undergone or is undergoing a first electronic attack made by one or more actors engaged in online actions with the first member that are indicative of fraud (0047, lines 1-5); and Ben Ezra teaches performing an action to mitigate potential damage of the second electronic attack (0061, lines 1-7), none of the prior art of record alone or in combination teaches gathering profile information from a plurality of online entities, the profile information including search engine query distances between members of the online entities, links provided by some members of the online entities to other members of the online entities, a presence or an absence of one or more particular anti-fraud or security protection mechanisms on websites of the online entities, types of goods or values of good offered by the online entities, types of payments accepted by the online entities, shipping and billing address inconsistencies tolerated by the online entities; saving the gathered profile information in an electronic database.
The closest prior art made of record are:
Wicker discloses a system and method for curating threat intelligence data including receiving threat intelligence data comprising a list of entities, one or more associations between entities, a reputation score for each entity, and/or a confidence value corresponding to the one or more associations.
Gilbert discloses a system and method for tactical and strategic attack detection and prediction against an individual entity and interrelated/affiliated networks of entities.
Ben Ezra discloses a system and method for matching event sequences for predictive detection of cyber-attacks.
	
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Claims 6, 7, 10, and 15-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
	

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Basavapatna et al. (US 2013/0097710 A1) discloses a system and method for mobile risk assessment.
Baughman et al. (US 2020/0076831 A1) discloses a system and method for torrent attack detection.
Carson (US 2019/0251251 A1) discloses a system and method for determining a likelihood of an existence of malware of an executable.
Cheng et al. (US 2020/0336498 A1) discloses a system and method for detecting hidden link in website.
Cohen et al. (US 2018/0234435 A1) discloses a system and method for proactive predication and mitigation of cyber-threats.
Elliott, JR. et al. (US 2009/0307049 A1) discloses a system and method for soft co-clustering of data.
Fitzgerald (US 2017/0270526 A1) discloses a system and method for machine learning for fraud detection.
Gardezi et al. (US 2020/0252428 A1) discloses a system and method for detecting cyberattacks impersonating legitimate sources.
Jones et al. (US 2020/0264859 A1) discloses a system and method for tracking application data.
Keren (US 2020/0311790 A1) discloses a system and method for protected electronic commerce and financial transactions.
Kirti et al. (US 2018/0375886 A1) discloses a system and method for monitoring privileged users and detecting anomalous activities in a computing environment.
Lee et al. (US 2014/0137250 A1) discloses a system and method for detecting final distribution site and landing site of malicious code.
Maylor et al. (US 2020/0358798 A1) discloses a system and method for mediating access to resources.
Milener et al. (US 2012/0011588 A1) discloses a system and method for enhanced browsing with security scanning.
Ng et al. (US 2016/0248800 A1) discloses a system and method for cyber vulnerability scan analyses with actionable feedback.
Nunes et al. (US 2020/0389480 A1) discloses a system and method for analyzing vulnerabilities of networked systems.
Nunna et al. (US 2019/0342183 A1) discloses a system and method for synchronized distributed processing in a communications network.
Prakash et al. (US 2020/0092326 A1) discloses a system and method for real-time detection and redirection from counterfeit websites.
Shanley (US 2013/0340082 A1) discloses a system and method for open source security monitoring.
Sugihara et al. (US 2016/0094551 A1) discloses a system and method for transaction verification through enhanced authentication.
Turgeman et al. (US 2016/0307201 A1) disclose a system and method for contextual mapping of web-pages and generation of fraud-relatedness score-values.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835.  The examiner can normally be reached on 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SARAH SU/Primary Examiner, Art Unit 2431