DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/02/2020 has been entered.

3.	Claims 2, 11 have been canceled.

4.	Claims 1, 3-10, 12-20 are pending. 

Response to Arguments and Amendments
5.	Applicant’s arguments, see (page 2-3 remarks), filed 11/02/2020, with respect to the rejection(s) of claim(s) 1, 3-10, 12-20 under 103 rejection have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Charles Frederick (US 8695086).
6.	Applicant’s arguments filed on 11/02/2020, with respect to the 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph rejections of claims 1, 10, and 18 have been fully considered and persuasive. Therefore, the rejections of claims 1, 10, and 18 have been withdrawn.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



	Regarding claims 1, 10, and 18:
	In the instant case, the term “including sequence of resources used by a user and information about those resources where used” is unclear what it is modifying.  That is, it’s unclear whether the phrase “including sequence of resources” is modifying “the first data”, “the first user’s interactions”, or “other input device”. For examination purposes this was constructed as “the first data”.
	Dependent claims 3-10, 12-17, and 19-20 inherit the deficiency of their parent. Therefore, claims 3-10, 12-17, and 19-20 are rejected for the same reasons as claims 1, 10, and 18 above.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

8.	Claims 1, 3-10, 12-20 are rejected under 35U.S.C 103 as being unpatentable over Avi TURGEMAN (US 20140317744), in view of  Charles Frederick (US 8695086), hereinafter Frederick.


	Regarding claim 1:
these features may be extracted for each usage session, may assist in creating a user-specific profile, and may be used for detecting a potential attacker (Turgeman, paragraph 84), and system 200 may comprise a user-specific feature extraction module 201, which may extract or estimate user specific features or traits or characteristics, that characterize an interaction (or a set or batch of interactions, or a session of interactions) of a user with a service, through an input unit 299 (e.g., mouse, keyboard, stylus, touch-screen) and an output unit 298 (e.g., monitor, screen, touch-screen) that the user utilizes for such interactions. A user interaction monitoring/ sampling module 202 may monitor all user interactions and may record, capture, or otherwise sample such interactions, and/or may otherwise collect user interaction data which may enable the user-specific feature extraction module 201 to extract or estimate user-specific features of the interaction (Turgeman, paragraph 27), and further discloses  monitoring user keystrokes during interactions with said computerized service; extracting statistics of time-gaps between pairs of key-down and key-up events; based on the extracted statistics of said time-gaps between pairs of key down and key-up events (Turgeman, paragraph 262), sampling and analyzing mouse-events in a first usage session of the computerized service; sampling and analyzing mouse events in a second usage session of the computerized service; based on differences between (a) the sampled and analyzed mouse events in the first usage session (Turgeman, paragraph 245).
Obtaining second data identifying second user interactions with at least one of the one or more computing or networking resources during a subsequent second user session; determining whether the second user session is valid based on the second data and at least one of the one or more profiles by comparing the second user interactions to the typical user interactions defined in the at least one profile, wherein the at least one profile identifies two or more of: a user's typing speed when using the keyboard these parameters may be monitored and evaluated by the keyboard identification module 250, and may allow to distinguish or differentiate among users based on the estimated type of keyboard layout that is being utilized in a current session, compared to historical or past keyboard layout(s) that were observed in prior usage sessions (Turgemen, paragraph 80), and the typing speed on a keyboard may be monitored and analyzed; rapid typing speed may indicate that the user is relatively young (e.g., between the ages of 15 and 40, or between the ages of 18 and 30), and/or may indicate that the user is an expert or experienced. In contrast, slow typing speed may indicate that the user is relatively old (e.g., over 60 years old; over 70 years old), and/or that the user is non-experienced or novice (Turgemen, paragraph 90); and the user's use of alternative keys on the keyboard to perform a common function monitoring keyboard interactions of a first user with said computerized service; identifying a sequence of multiple particular characters, that are entered by the first user consecutively via keyboard more rapidly than other character sequences that the first user types; determining that said sequence of multiple characters, is more common in a particular natural language; determining that keyboard interactions of a second user, with said computerized service, lack rapid typing of said sequence of particular characters; based on both of said determining, differentiating between the first user and the second user (Turgemen, paragraph 265); and taking one or more actions in response to determining that the second user session is not valid if it is estimated or observed that one out-of-four times the user's reaction may not match a previously-calculated model of reaction to interference, then, in one-out-of-four attempts to access the encrypted data, the user may fail even though the user was the genuine user; however, the system may request the user to “try again, by introducing to the interface a same-type interference (e.g., the same interference-type ((Turgemen, paragraph 159). However, Turgemen fails to teach the user's frequencies of selecting different keys on the keyboard. Frederick teaches to establish the probability profile of a user, the system captures the keyboard events and the frequency of the key board events produced by the user and stores the results (Frederick, column 7, [lines 40-45]), and further FIGS. 6 (A & B) illustrate the process flow for identifying the users, monitoring any change in the user via the keyboard dynamics (Frederick, column 15, [lines 37-42]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention 


Regarding claim 3:

	Turgeman and Frederick disclose wherein the at least one profile identifies: a number of clicks a user makes using at least one button of the mouseAppl. No. 15/935,646Page 3 Response to Office Action dated 08/07/2020 or trackpad, a scrolling behavior of the user using the mouse or trackpad, a distance traveled by the user using the mouse or trackpad, cursor movements made by the user using the mouse or trackpad, a movement speed of the mouse or cursor, and an overshoot of the cursor the vertical axis indicates a first user-specific feature or characteristic, measured or extracted from monitored user interaction (for example, average curvature of mouse movement). The horizontal axis indicates a second user-specific feature or characteristic, measured or extracted from monitored user interaction (for example, mouse movement speed in one or more directions) (Turgeman, paragraph 23), and the user-specific features, whose values may be compared or matched across usage-sessions, may include, for example, curvature (or curvature radius) of mouse movement or mouse strokes; acceleration and/or speed of mouse movement in one or more directions; and/or other suitable features (Turgeman, paragraph 28).



Regarding claim 4:
Turgeman and Frederick disclose wherein the typical user interactions include at least one of: a sequence of resources used, an order in which the resources are used in the sequence, and how operations are conducted using each of the resources each time that a user logs-in to his banking website, the website may require the user's device to execute (e.g., one time only per each log-in session) a particular resource-intensive user-side (e.g., browser-based) calculation, and to transmit or submit the answer back to the server. The resources burdening module 251 may observe that, for example, in a first usage session the client-side computation required 13 seconds; in a second usage session the client-side computation required 13.3 seconds; in a third usage session the client-side computation required 12.8 seconds; and in a current, fourth, usage session the client-side computation required only 8 seconds. This may indicate that the current usage session is being performed by utilizing a different hardware (e.g., faster processor, increased memory) relative to the previous usage sessions, and may indicate that a possible fraud may be taking place (e.g., by a hacker, a remote attacker, or other fraudster) (Turgeman, paragraph 81).

Regarding claim 5:
Turgeman and Frederick disclose herein the typical user interactions include  at least one of: how each resource is launched or accessed, how operations involving each resource were initiated, and a duration of user interactions with each resource over loading one or more resources of the computing device which is used for accessing said computerized service; measuring an effect of said overloading on frequency of Sampling user interactions via an input unit; based on the measured effect of said overloading, determining whether said user is (i) co located physically at said computing device, or (ii) is located remotely from said computing device and controlling remotely said computing device via said remote access channel (Turgeman, paragraph 191).

Regarding claim 6:
Turgeman and Frederick disclose wherein the typical user interactions include at least one of: a time of day of the associated session, a location of a remote user for the associated session, how a touchscreen is used, and physical security for the associated session The long-stroke evaluator module 248 may detect, for example, that in a first usage session on Monday, the ten longest strokes that the userperformed have moved the pointer by 600 to 700 pixels, thereby indicating that a mouse device was used on a flat surface with a long stroke; whereas, in a second usage session on Tuesday, the ten longest strokes that the user performed have moved the pointer by 250 to 300 pixels, thereby indicating that a touch-pad was used in that usage session. (Turgeman, paragraph 70).

Regarding claim 7:
Turgeman and Frederick disclose wherein the one or more actions comprise at least one of: flagging the second user session; 15collecting and logging information about the second user session; monitoring actions that occur during the second user session; and generating an alarm or other notification associated with the second user session the utilization of Caps Lock or Num Lock or other “shifting keys (e.g., the Windows key, or a FN function key in a laptop keyboard), may be indicative of a younger or more-proficient user, and may be used for raising a flag or initiating a fraud alert when such user attempts to handle an online account of a senior citizen (Turgeman, paragraph 87).

Regarding claim 8:
Turgeman and Frederick disclose  wherein the one or more actions comprise at least one of: restricting what a user is allowed to do during the second user session; terminating the second user session; requesting additional credentials from the user during the second user session; 25interacting with the user during the second user session to verify the user's identity; and requesting that the user use multi-factor authentication during the second user session to verify the user's identity the system may thus have, in some embodiments, a single profile for the entire account, and test it by means of cross-validation that it can be used to accept both while rejecting others (Turgeman, paragraph 107).

Regarding claim 9:
Turgeman and Frederick disclose wherein the second user session is established after receiving valid user credentials unique way of two-factor (or two-step) authentication or log in. For example, entry of user credentials (e.g., username, and/or PIN or password or passphrase) may be subject to gamification or may be implemented by utilizing a graphic user interface (GUI) or on-screen interface in a way that captures or recognizes user-specific traits through the way that the user utilizes such interface for entering is credentials (Turgeman, paragraph 134)

Regarding claim 10:
Claim 10 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 12:
Claim 12 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 13:
Claim 13 is rejected under the same reason set forth in rejection of claim 4.

Regarding claim 14:
Claim 14 is rejected under the same reason set forth in rejection of claim 5.

Regarding claim 15:
Claim 15 is rejected under the same reason set forth in rejection of claim 6.

Regarding claim 16:
Claim 16 is rejected under the same reason set forth in rejection of claim 7.

Regarding claim 17:
Claim 17 is rejected under the same reason set forth in rejection of claim 8.

Regarding claim 18:
Claim 18 is rejected under the same reason set forth in rejection of claim 1.


Claim 19 is rejected under the same reason set forth in rejection of claim 7.

Regarding claim 20:
Claim 20 is rejected under the same reason set forth in rejection of claim 8.


Conclusion

Any inquiry concerning this communication from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556. The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Nickerson Jeffrey L can be reached on 469-295-9235.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either obtained from either Private PAIR or Public PAIR. Status information for unpublished application is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov . Should you have question on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automatic information system, call 800-786-9199 (In USA or

/THANH H LE/             Examiner, Art Unit 2432                                                                                                                                                                                           
/Kevin Bechtel/             Primary Examiner, Art Unit 2491