DETAILED ACTION

Currently pending claims are 1 – 5, 9 – 15, 19 – 25, 27 –33 and 35 – 36.

Response to Arguments
 Applicant's arguments with respect to instant claims have been fully considered but are moot in view of the new ground(s) of rejection necessitated by Applicant's amendment – please see the following section for the detail of rationale to make the corresponding prior-art(s) rejections as set forth below. 

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 1, 3, 5, 9 – 11, 13, 15, 19 – 22, 25, 27 – 30, 33 and 35 – 36 are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al. (U.S. Patent 9,369,438), in view of Call et al. (U.S. Patent 8,997,226), and in view of Kolton et al. (U.S. Patent 2016/0112440).    


As per claim 1, 11, 21 and 29, Harrison teaches a method implemented by a network security system comprising one or more network security apparatuses, client devices, or server devices, the method comprising: 
training a behavior model with behavior data generated in association with a plurality of requests (Harrison: Col. 3 Line 35 – 45 / Line 14 – 25, Col. 8 Line 40 – 45 / Line 51 – 52 / Line 55 – 58, Col. 4 Line 38 – 40, Col. 2 Line 63 – 64 / Line 55 – 57 and Col. 9 Line 11 – 16: (a) providing a learing techniqures for classification (as a classification model) to capture and analyze, over a long priod of time, the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data, wherein (b) a plurality of requests are captured including the requests submitted from both types of human users and non-human users (Col. 2 Line 63 – 64 / Line 55 – 57)  (i.e. (i.e. including both human and automatic-generated requests))); 
receiving data describing a particular request from a particular client device to a server system hosting a website, the data including particular behavior data generated at the particular client device in association with the particular request (Harrison: see above & Col. 14 Line 18 – 21 and Col. 8 Line 51 – 52: a record of data transfer requests is generated from a particular user (i.e. a particular request) via web browser(s) (i.e. webpage(s)) hosted by a web server); 
analyzing the particular behavior data using the behavior model to generate a behavior model result (Harrison: see above & Col. 9 Line 19 – 25: modeling analysis techniques including diversity, autocorrelation or entropy as well as taking into account the results of other types of modeling types of algorithms), wherein the analyzing further comprises an that distinguishes between user-assistance automated generated data in conjunction with a human user initiated requested and malicious automated generated data in conjunction with a non-human user initiated requested based on one or more blank values in input events and speed of input and transitions between the input events  (Harrison: Col. 3 Line 39 – 45) based on a series of data transfer requests and making further analysis by comparing and distincting (i.e. classifying) between human and non-human data transfer requests that results in any inconsistency based on the time at which the data transfer request was made (i.e. as additional automation factors) (Harrison: Col. 5 Line 3 – 9) so as to recognize a malicious activity of a non-human request to attack a computing system (Harrison: Col. 3 Line 39 – 45 / Line 14 – 25, Col. 18 Line 62 – 67, Col. 4 Line 38 – 40 / Line 59 – 67 and Col. 5 Line 3 – 9) – To be more specific, Harrison teaches:
a particular computing device receives time series data over a time period, wherein the received time series data over a time period characterising data transfer requests attributable to a user (Harrison: Col. 3 Line 14 – 20) and as such, the received time series data over a time period is used as one type of transition data element values, 
a plurality of metrics are computed accordingly from the received time series data over a time period (Harrison: Col. 3 Line 14 – 15) – i.e. the transition data element value ((e.g.) the received time series data over a time period), as a whole, is thus divided, on a time series basis, by the particular computing device into one of a plurality of sets of computed metrics so as to effectively detect the malicious activity such as a non-human request to attack a computing system (see above); and thus
comparing and distincting (i.e. classifying) between human and non-human data transfer requests that results in any inconsistency based on the time at which the data transfer request was made (i.e. as additional automation factors) (Harrison: Col. 5 Line 3 – 9) so as to recognize a malicious activity caused by non-human requests to attack computing systems.
However, Harrison does not disclose expressly non-human user initiated requested based on one or more blank values in input events and speed of input and transitions between the input events.
Call (& Harrison) teaches non-human user initiated requested based on speed of input and transitions between the input events (Harrison: see above: providing a learing techniqures for classification (as a classification model) to capture and analyze the characteristic metrics (w.r.t. behavior data) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data) ||  (Call: Col. 10 Line 42 – 55 and Col. 16 Line 64 – Col. 17 Line 5: detecting malware attack with a bot analyzer to indicate that a device is not being operated by a normal human user if input characters were entered at a rate (speed) that does not correspond to human user typing speed).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification such as non-human user initiated requested based on speed of input and transitions between the input events because Call’s teaching provides an enhanced, effective and reliable (robust) security mechanism to detect malware attack with a bot analyzer to indicate that a device is not being operated by a normal human user if input characters were entered at a rate (speed) that does not correspond to human user typing speed (see above) over the Harrison’s system of providing a learing techniqures for classification (as a classification model) to capture and analyze the characteristic metrics (w.r.t. behavior data) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data (see above).
Kolton (& Harrison) teaches non-human user initiated requested based on one or more blank values in input events (Kolton: Para [0210]: : detecting malware attack in a browser session by monitoring whether a request is formed by direct access of a user or the request is formed by a machine referring (i.e. re-directing) URI based on a blank value being included in the request (referred field) or in a context of an existing browsing session).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification such as non-human user initiated requested based on speed of input and transitions between the input events because Kolton’s teaching provides an enhanced, effective and reliable (robust) security mechanism to detect malware attack for detecting malware attack in a browser session by monitoring whether a request is formed by direct access of a user or the request is formed by a machine referring (i.e. re-directing) URI based on a blank value being included in the request (referred field) or in a context of an existing browsing session (see above) over the Harrison’s system of providing a learing techniqures for classification (as a classification model) to capture and analyze the characteristic metrics (w.r.t. behavior data) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data (see above).
generating an automation determination for the particular request based on the analysis (Harrison: see above & Col. 10 Line 12 – 16: determining, for anomaly detection, whether permitting or denying the requested data transfer process to proceed); 
handling the particular request based on the automation determination for the particular request (Harrison: see <right> above).  

As per claim 3, 13, 22 and 30, Harrison teaches wherein the automation determination is made by using the behavior model for anomaly detection (Harrison: see above & Col. 10 Line 12 – 16: determining, for anomaly detection, whether permitting or denying the requested data transfer process to proceed) || (Call: see above) || (Kolton: see above).

As per claim 5, 15, 25 and 33, Harrison teaches wherein the behavior model is a classification model that is trained on a training set comprising labeled behavior data generated in association with a plurality of automation-initiated requests and labeled behavior data generated in association with a plurality of human-initiated requests; wherein the automation determination is a classification determination that is generated when the behavior model is applied to the particular behavior data (Harrison: Col. 3 Line 35 – 45 / Line 14 – 25, Col. 8 Line 40 – 45 / Line 51 – 52 / Line 55 – 58 and Col. 9 Line 11 – 16: capturing and analyzing the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request over a long priod of time for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data between both of human and non-human data transfer requests, wherein a plurality of requests are captured including the requests submitted from both types of human users and non-human users (i.e. human and automatic-generated requests)) || (Call: see above) || (Kolton: see above).

As per claim 9, 19, 27 and 35, Harrison teaches providing behavior collection code for execution at the particular client device, wherein the behavior collection code, when executed at the particular client device, causes the particular client device to collect the particular behavior data at the particular client device in association with the particular request (Harrison: see above & Col. 5 Line 42 – 47) || (Call: see above) || (Kolton: see above).  

As per claim 10, 20, 28 and 36, Harrison teaches providing behavior collection code for execution at the particular client device, wherein the behavior collection code, when executed at the particular client device, causes the particular client device to collect the particular behavior data at the particular client device in association with the particular request (Harrison: see above & Figure 2 & Col. 11 Line 9 – 14) || (Call: see above) || (Kolton: see above).  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 2, 4, 12, 14, 23 – 24, and 31 – 32 are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al. (U.S. Patent 9,369,438), in view of Call et al. (U.S. Patent 8,997,226), in view of Kolton et al. (U.S. Patent 2016/0112440), and in view of Munawar et al. (U.S. Patent 2017/0076224).    

As per claim 2, 12, 23 and 31, Munawar (& Harrison) teaches wherein the behavior model is trained using one or more unsupervised learning techniques and a training set of behavior data generated in association with a plurality of non-automated requests and (Munawar: Para [0046], Para [0008] / [0016], Para [0042] and Para [0049]: (a) providing a traing / learning technique in reagrd to gradient of an objective function used in an unsupervised learning algorithm w.r.t. neural network learning techniques incontrast to the conventional positive learning techniques) || (Harrison: Col. 2 Line 63 – 64 / Line 55 – 57, Col. 3 Line 35 – 45 / Line 14 – 25, Col. 8 Line 40 – 45 / Line 51 – 52 / Line 55 – 58, Col. 4 Line 38 – 40 and Col. 9 Line 11 – 16: regarding the non-automated requests, Harrison teaches (a) providing a learing techniqures for classification (as a classification model) to capture and analyze, the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data, wherein (b) a plurality of requests are captured including the requests submitted from the human users (i.e. non-automated requests) other than the non-human users (Col. 2 Line 63 – 64 / Line 55 – 57) (i.e. including both human and automatic-generated requests). 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification such as the behavior model is trained using one or more unsupervised learning techniques and a training set of behavior data generated in association with a plurality of non-automated requests because Munawar’s teaching provides an enhanced, effective and reliable (robust) traing / learning technique (as a classificationn model) in reagrd to gradient of an objective function used in an unsupervised learning algorithm w.r.t. neural network learning techniques (incontrast to the conventional positive learning techniques)
that are capable of control what should not learn as well as what should be learned well by utilizing not only the collected positive data but also the negative data to effectively adjust one or more parameters of the calssification model over the Harrison’s system of providing a learing techniqures for classification (as a classification model) to capture and analyze the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request over a long priod of time for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to transfer data (see above).

As per claim 4, 14, 24 and 32, Munawar (& Harrison) teaches wherein wherein the behavior model is an autoencoder (Munawar: Para [0042], Para [0008] / [0016] / [0046] and Para [0049]: providing an enhanced classification model (including an autoencoder technique) that are capable of control what should not learn as well as what should be learned well by utilizing not only the collected positive data but also the negative data to effectively adjust one or more parameters of the calssification model). 
See the same rationale of combination applied herein as above in rejecting the claim 2.

Claims 6, 7, 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al. (U.S. Patent 9,369,438), in view of Call et al. (U.S. Patent 8,997,226), in view of Kolton et al. (U.S. Patent 2016/0112440), and in view of Maisel et al. (U.S. Patent 10,360,380).  

As per claim 6, 7, 16 and 17, Maisel (& Harrison) teaches wherein the behavior model is a recurrent or a convential neural network (Maisel: Col. 7 Line 1 – 4 and Col. 6 Line 22 – 29: providing an enhanced machine learning and classification model that includes recurrent neural networks and conventional networks that can be trained to predict more effectively a speciifc classification). 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification such as the behavior model is trained using one or more unsupervised learning techniques and a training set of behavior data generated in association with a plurality of non-automated requests because Maisel’s teaching providing an enhanced machine learning and classification model that includes recurrent neural networks and conventional networks that can be trained to predict more effectively a speciifc classification over the Harrison’s system of providing a learing techniqures for classification (as a classification model) to capture and analyze the characteristic metrics (w.r.t. behavior data) on a history of user’s data transfer request over a long priod of time for comparing and distincting (i.e. classifying) between human and non-human data transfer requests due to any inconsistency for recognizing a non-human request to 
transfer data (see above).



Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2203 – 2021
---------------------------------------------------