Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTIONClaims StatusClaims 1-20 are pending and have been rejected. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/30/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 12 and 16 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. While claim language discloses “unclassified host being either an emulated computing device or a non-emulated device”, paragraph 0011 of Specification of instant application discloses that “…the unclassified host is characterized by the device characterization server as one of a physical computing device, a virtual machine, or a container.” However, there is no clear indication that the physical computing device, a virtual machine, or a container are the claimed emulated computing device or a non-emulated device. 	Regarding claims 2-11, which claim dependency from claims 1, claims 13-15, which claim dependency from claim 12, and claim 17-20, which claim dependency from claim 16, are rejected for the same reasons as set forth in the rejection of claims 1, 12 and 16 above.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A 
Claims 1, 8, 9, 12 and 16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 4, 10, 12 and 15 of U.S. Patent No. 10,911,319. Although the claims at issue are not identical, they are not patentably distinct from each other because they both claim similar subject matter, such as characterizing a client devices in order to conduct electronic transactions.
Instant Application 17/138669
US Patent No. 10,911,319
                                Claim 1      A method, comprising:       5accessing, by a first computer system, host network observation data that was passively generated and that corresponds to one or more sessions of network traffic between an unclassified host and another computer system, the unclassified host being either an emulated computing device or a non-emulated computing device;         based on a set of comparison network observation data, the first computer system 10performing an analysis of the host network observation data to characterize the unclassified host, wherein the comparison network observation data includes a plurality of sessions of network traffic from a plurality of training data hosts, each session of the plurality of sessions of network traffic including an exchange of a plurality of packets, each exchange including a first plurality of packets sent from the training data hosts and a second plurality of packets 15transmitted to the training data hosts;        based on a result of the analysis, the first computer system making a characterization of the unclassified host as one of the emulated computing device or the non-emulated computing device; and        making a determination to approve or deny a request from the unclassified host to 20perform an electronic transaction corresponding to an electronic transaction service, wherein the determination is based on the characterization of the unclassified host as one of the emulated computing device or the non-emulated computing device.
  A computer-implemented method, comprising:        passively generating, by a server, observation data corresponding to one or more sessions of network traffic between an unclassified host and a computer system, the unclassified host being a physical computing device, a virtual machine, or a container;        processing, by the server and using a machine learning classifier, the generated observation data, wherein the machine learning classifier is trained with a set of training data that includes a plurality of sessions of network traffic from a plurality of training data hosts, each session of the network traffic including an exchange of a plurality of packets, each exchange including a first plurality of packets sent from the training data hosts and a second plurality of packets received by the training data hosts;      performing one of the following characterizing steps:       characterizing, by the server and based on a first result of the processing of the generated observation data, the unclassified host as the physical computing device; or       characterizing, by the server and based on a second result of the processing of the generated observation data, the unclassified host as a virtual machine or container; and       recording a transaction associated with the unclassified host as a potentially fraudulent transaction based on the unclassified host being characterized as a virtual machine or container.

      wherein the comparison network observation data includes a time difference between receipt, by a second computer system, of a first packet from the 20unclassified host and receipt, by the second computer system, of a second packet from the unclassified host.
                                Claim 12
        wherein the observation data includes a time difference between receipt, by a second computer system, of a first packet from the 20unclassified host and receipt, by the second computer system, of a second packet from the unclassified host.

     wherein the first packet is a synchronize packet, and wherein the second packet is an acknowledge packet.
                                  Claim 4
      wherein the first packet is a synchronize packet, and wherein the second packet is an acknowledge packet.
                                 Claim 12
      A non-transitory computer-readable medium having stored thereon instructions that are executable by a computer system to cause the computer system to perform operations comprising:       accessing host network observation data that was passively generated and that corresponds to one or more sessions of network traffic involving an unclassified host, the unclassified host being either an emulated computing device or a non-emulated computing device;        based on a set of comparison network observation data, using a machine-learning classifier to perform an analysis of the host network observation data to characterize the unclassified host, wherein the machine-learning classifier was trained using the comparison network observation data, and wherein the comparison network observation data includes a plurality of sessions of network traffic from a plurality of training data hosts, each session of the plurality of sessions of network traffic including an exchange of a plurality of packets, each exchange including a first plurality of packets sent from the training data hosts and a second plurality of packets transmitted to the training data hosts;        based on a result of the analysis, making a characterization of the unclassified host as one of the emulated computing device or the non-emulated computing device; and       making a determination to approve or deny a request from the unclassified host to perform an electronic transaction corresponding to an electronic transaction service, wherein the determination is based on the characterization of the unclassified host as one of the emulated computing device or the non-emulated computing device.

     A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:        passively generating observation data corresponding to one or more sessions of network traffic between an unclassified host and a computer system, the unclassified host being a physical computing device, a virtual machine, or a container;       processing the generated observation data using a machine learning classifier trained with a set of training data that includes a plurality of sessions of network traffic from a plurality of training data hosts, each session of the network traffic including an exchange of a plurality of packets, each exchange including a first plurality of packets sent from the training data hosts and a second plurality of packets received by the training data hosts;       performing one of the following characterizing steps:       characterizing, based on a first result of the unclassified host as the physical computing device,       characterizing, based on a second result of the processing of the generated observation data, the unclassified host as a virtual machine or container; and       recording a transaction associated with the unclassified host as a potentially fraudulent transaction based on the unclassified host being characterized as a virtual machine or container.
cause the computer system to perform operations 10comprising:       accessing host network observation data that was passively generated and that corresponds to one or more sessions of network traffic involving an unclassified host, the unclassified host being either an emulated computing device or a non-emulated computing device;       15based on a set of comparison network observation data, performing an analysis of the host network observation data to characterize the unclassified host, wherein the comparison network observation data includes a plurality of sessions of network traffic from a plurality of training data hosts, each session of the plurality of sessions of network traffic including an exchange of a plurality of packets, each exchange including a first plurality of packets sent 20from the training data hosts and a second plurality of packets transmitted to the training data hosts;        based on a result of the analysis, making a characterization of the unclassified host as one of the emulated computing device or the non-emulated computing device; and        making a determination to approve or deny a request from the unclassified host to 25perform an electronic transaction corresponding to an electronic transaction service, wherein the determination is based on the characterization of the unclassified host as one of the emulated computing device or the non-emulated computing device.
 cause the device characterization system to perform operations comprising:        passively generating observation data corresponding to one or more sessions of network traffic between an unclassified host and a computer system, the unclassified host being a physical computing device, a virtual machine, or a container;         accessing a machine learning classifier trained with a set of training data that includes a plurality of sessions of network traffic from a plurality of training data hosts, each session of the network traffic including an exchange of a plurality of packets, each exchange including a first plurality of packets sent from the training data hosts and a second plurality of packets received by the training data hosts processing, using the machine learning classifier, the generated observation data;        performing one of the following characterizing steps:         characterizing, based on a first result of the processing of the generated observation data, the unclassified host as the physical computing device;        characterizing, based on a second result of the processing, the unclassified host as a virtual machine or container; and        recording a transaction associated with the unclassified host as a potentially fraudulent transaction based on the unclassified host being characterized as a virtual machine or container.





 	Claims 2-4, 10, 13, 17 and 18 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1 of Patent (US 10911319 B2) in view of Jenson (U.S. Publication 2015/0264063), hereinafter “Jenson”. Although the claims at issue are not identical, they are not patentably distinct from each other because they are obvious variations.

 	Regarding Claim 2, Patent (US 10911319 B2) discloses the method of claim 1 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein performing the analysis of the host network observation data includes using a machine-learning classifier that was trained using the comparison network observation data. 	Jenson, from the same or similar filed of endeavor, discloses wherein performing the analysis of the host network observation data includes using a machine-learning classifier that was trained using the comparison network observation data (Jenson, see [0056], the tree generating module can analyze acquired data to generate a tree structure based on the analysis of the data, wherein the one or more machine learning techniques can be applied to the acquired historical data to gain information about a plurality of features included in the historical data. See [0085], the machine learning technique can be applied in order to gain information about the plurality of features associated with the known legitimate activities and with the known illegitimate activities). 	Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Patent (US 10911319 B2) in view of Jenson in order to further modify the method of characterizing a client device based on traffic data from the teachings of Patent (US 10911319 B2) with the method of identifying illegitimate activities from the teachings of Jenson.


Regarding Claim 3, Patent (US 10911319 B2) in view of Jenson discloses the method of claim 2 above. Jenson, from the same or similar filed of endeavor, further discloses wherein training the machine-learning classifier includes extracting a first plurality of network traffic features from the comparison network observation data (Jenson, see [0056], one or more machine learning techniques can be applied to the acquired (and formatted) historical data to gain (or derive) information about a plurality of features included in the historical data).
 	Regarding Claim 4, Patent (US 10911319 B2) in view of Jenson discloses the method of claim 3 above. Jenson, from the same or similar filed of endeavor, further discloses wherein using the machine-learning classifier to perform the analysis of the host network observation data includes extracting a second plurality of network traffic features from the host network observation data, wherein the first and second plurality of network traffic features have at least two features in common (Jenson, see [0034-0035], the information can include a plurality of features associated with the known legitimate activities and with the known illegitimate activities, wherein each feature is associated with the activities (i.e., each feature in common)).

 	Regarding Claim 10, Patent (US 10911319 B2) discloses the method of claim 1 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein making the characterization of the unclassified host as the emulated computing device includes characterizing the unclassified host as a virtual machine or a container. 	Jenson, from the same or similar filed of endeavor, discloses wherein making the characterization of the unclassified host as the emulated computing device includes characterizing the unclassified host as a virtual machine or a container (Jenson, see fig. 9 user device is a conventional computer system executing an OS). 	Therefore, it would have been obvious to a person of ordinary skill in the art before the effective 
 One of ordinary skill in the art would have been motivated because it would have allowed to identify illegitimate activities in networked environments based on historical data (Jenson — 0001).
 	Regarding Claim 13, Patent (US 10911319 B2) discloses the method of claim 12 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein training the machine-learning classifier includes extracting a first plurality of network traffic features from the comparison network observation data. 	Jenson, from the same or similar filed of endeavor, discloses wherein training the machine-learning classifier includes extracting a first plurality of network traffic features from the comparison network observation data (Jenson, see [0056], one or more machine learning techniques can be applied to the acquired (and formatted) historical data to gain (or derive) information about a plurality of features included in the historical data). 	Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Patent (US 10911319 B2) in view of Jenson in order to further modify the method of characterizing a client device based on traffic data from the teachings of Patent (US 10911319 B2) with the method of identifying illegitimate activities from the teachings of Jenson.
 	One of ordinary skill in the art would have been motivated because it would have allowed to identify illegitimate activities in networked environments based on historical data (Jenson — 0001). 	Regarding Claim 17, Patent (US 10911319 B2) discloses the method of claim 16 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein performing the analysis of the host network observation data includes using a machine-learning classifier that was trained using the comparison network observation data. 	Jenson, from the same or similar filed of endeavor, discloses wherein performing the analysis of 
 	One of ordinary skill in the art would have been motivated because it would have allowed to identify illegitimate activities in networked environments based on historical data (Jenson — 0001).

 	Regarding Claim 18, Patent (US 10911319 B2) discloses the method of claim 16 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein training the machine-learning classifier includes extracting a first plurality of network traffic features from the comparison network observation data. 	Jenson, from the same or similar filed of endeavor, discloses wherein training the machine-learning classifier includes extracting a first plurality of network traffic features from the comparison network observation data (Jenson, see [0056], one or more machine learning techniques can be applied to the acquired (and formatted) historical data to gain (or derive) information about a plurality of features included in the historical data). 	Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Patent (US 10911319 B2) in view of Jenson in order to further modify the method of characterizing a client device based on traffic data from the teachings of 
 	One of ordinary skill in the art would have been motivated because it would have allowed to identify illegitimate activities in networked environments based on historical data (Jenson — 0001).

Claims 5-7, 11, 14, 15, 19 and 20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1 of Patent (US 10911319 B2) in view of Syed et al. (U.S. Publication 2013/0305335), hereinafter “Syed”. Although the claims at issue are not identical, they are not patentably distinct from each other because they are obvious variations.
 	Regarding Claim 5, Patent (US 10911319 B2) discloses the method of claim 1 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein the electronic transaction is a monetary transaction between a sender of funds and a receiver of funds. 	Syed, from the same or similar filed of endeavor, discloses wherein the electronic transaction is a monetary transaction between a sender of funds and a receiver of funds (Syed, see [0023], the transaction server receives a request for completing a transaction between one of user terminals and one of servers, wherein the transaction is any type of interaction between parties that results in exchange of monies (i.e., funds), etc.). 	Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Patent (US 10911319 B2) in view of Syed in order to further modify the method of characterizing a client device based on traffic data from the teachings of Patent (US 10911319 B2) with the method of delivering notifications to user regarding use of their authentication information from the teachings of Syed.
 	One of ordinary skill in the art would have been motivated because it would have allowed to complete transactions between users (Syed — 0023).


 	Regarding Claim 7, Patent (US 10911319 B2) in view of Syed discloses the method of claim 5 above. Syed, from the same or similar filed of endeavor, further discloses based on the characterization of the unclassified host as one of the emulated computing device or the non-emulated computing device, transmitting a request to the unclassified host for additional validation information for the electronic transaction (Syed, see [0037], the valid transactions can be identified on the basis of time, device type (i.e., emulated computing device or the non-emulated computing device), and location, etc. See [0040], if the authentication information is not valid, the transaction engine 220 can deny access to the one of user terminals, request re-entry of the authentication information, request additional authentication information (i.e., additional validation) to verify the identity of the user at the one of user terminals).

 	Regarding Claim 11, Patent (US 10911319 B2) discloses the method of claim 12 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose transmitting, to the unclassified host and to a merchant system, a notification of whether the request to perform the electronic transaction was approved or denied. 	Syed, from the same or similar filed of endeavor, discloses transmitting, to the unclassified host and to a merchant system, a notification of whether the request to perform the electronic transaction was approved or denied (Syed, see [0022], allowing transactions to be performed between one of user terminals and an entity associated with one or more of servers. See [0025], the transaction server can be 
 	One of ordinary skill in the art would have been motivated because it would have allowed to complete transactions between users (Syed — 0023).

 	Regarding Claim 14, Patent (US 10911319 B2) discloses the method of claim 12 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein the electronic transaction is a monetary transaction between a sender of funds and a receiver of funds. 	Syed, from the same or similar filed of endeavor, discloses wherein the electronic transaction is a monetary transaction between a sender of funds and a receiver of funds (Syed, see [0023], the transaction server receives a request for completing a transaction between one of user terminals and one of servers, wherein the transaction is any type of interaction between parties that results in exchange of monies (i.e., funds), etc.). 	Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Patent (US 10911319 B2) in view of Syed in order to further modify the method of characterizing a client device based on traffic data from the teachings of Patent (US 10911319 B2) with the method of delivering notifications to user regarding use of their authentication information from the teachings of Syed.
 	One of ordinary skill in the art would have been motivated because it would have allowed to complete transactions between users (Syed — 0023).



 	Regarding Claim 19, Patent (US 10911319 B2) discloses the method of claim 16 above. 	However, Patent (US 10911319 B2) discloses fails to explicitly disclose wherein the electronic transaction service is configured to allow monetary transactions between a plurality of user accounts of the electronic transaction service. 	Syed, from the same or similar filed of endeavor, discloses wherein the electronic transaction service is configured to allow monetary transactions between a plurality of user accounts of the electronic transaction service (Syed, see [0022-0023], allowing transactions to be performed between different parties or entities. Transaction is any type of interaction between parties that results in exchange of monies, etc.). 	Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Patent (US 10911319 B2) in view of Syed in order to further modify the method of characterizing a client device based on traffic data from the teachings of Patent (US 10911319 B2) with the method of delivering notifications to user regarding use of their authentication information from the teachings of Syed.
 	One of ordinary skill in the art would have been motivated because it would have allowed to complete transactions between users (Syed — 0023).

.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. This includes: 	U.S. Publication 2012/0150750, which describes initiating transactions on a mobile device.
U.S. Publication 2012/0330764, which describes point of sale system for transaction payment delegation. 	U.S. Publication 2014/0143137, which describes device pairing via trusted intermediary. 	U.S. Publication 2015/0213389, which describes determining and analyzing key performance. 	U.S. Publication 2017/0091673, which describes exporting a transformation chain including endpoint of model for prediction. 	U.S. Publication 2017/0124484, which describes machine learning system. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TANIA M PENA-SANTANA whose telephone number is (571)270-0627.  The examiner can normally be reached on 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R Taylor can be reached on 5712723889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/TANIA M PENA-SANTANA/Examiner, Art Unit 2457