Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This communication is a Non-Final Office Action in response to communications received on 8/2/21.
Claims 3, 10 and 17 have been cancelled
Claims 1, 2, 8-9, 11, 15-16 have been amended.
Therefore, Claims 1-2, 4-9, 11-16, and 18-21 are now pending and have been addressed below.


	Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 8/2/21 has been entered.

Information Disclosure Statement
The Information Disclosure Statements filed on 8/26/21 has been considered. Initialed copies of Form 1449 are enclosed herewith. 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4-8, 11-15, 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over Singh et al. (US 9,984,344 B2) in view of Liao et al. (US 8,065,234 B2), further in view of Zoldi et. al. (US 2016/0225048 A1) and Hawthorn et al. (US 2015/0229664 A1)

Regarding Claims 1, 8 and 15,    Singh discloses the computer-implemented method/medium/system comprising:
Singh discloses obtaining a plurality of behavior characteristics of a first user in a plurality of risk dimensions within a predetermined period of time (Col 3 lines 52-56 risk profile ("behavior profile") for each entity, e.g. identity, and maintains a risk score that is correlated with behavior, e.g. an individual's behavior, Col 9 lines 30-35 behavior pattern for last year, Col 10 lines 25-31 behavior patterns that can be invoked using filters.  Filters can be the events, the time range (predetermined period time), Fig 5 shows user risk profile, Fig 16 shows behavior characteristics (risk dimension) such as physical access and system access data for user, Fig 25 shows risk score and behavior data user behavior data such as financial transactions 9 % abnormal, Fig 27 behavior pattern, Col 25 lines 7-18 data acquisition from variety of systems)
Singh discloses determining a plurality of predetermined weights/points corresponding to the plurality of behavior characteristics based on samples of existing behavior characteristics of a plurality of existing users (Col 17 lines 39-42 allocate risk points for each contributing factors, Col ; 
Singh discloses determining, based on the plurality of predetermined weights/points, each of a plurality of total weights of the first user that corresponds to the plurality of risk dimensions (Fig 25  shows absolute weight for each risk dimension such as travel expense 55% normal, 30% variant, 15% abnormal), Fig 2 # risk score heat map shows total weight such as 85% normal, 15% variant and 5% abnormal); 
Singh discloses mapping, based on a predetermined mapping rule (Col 7 lines 15-19 mapping rules for risk dimension), the plurality of absolute weights of the first user to standard intervals that correspond to the plurality of risk dimensions (Col 14 lines 21-34 mapping based on rules, Col 17 lines 5-7, Col 18 lines 30-37 uses the matched rules for an entity to determine the risk score per configured group and the max group score is used to determine the risk level, Col 19 lines 1-2 calculate scaled (standard interval) entity risk level); and
Singh discloses determining a geometric mean of the plurality of standard weights as a security awareness score of the first user based on multiplying the plurality of standard weights (Fig 11 shows statistical distribution of risk score for user and mean score, Col 17 lines 39-42, 57-63 a risk score of an entity such as user is the total sum of all the scores contributed by the matching rules.  Thus, if an entity matches 5 rules and each rule contributes 25 points, then the risk score of the entity is 125 (5x25=125). The algorithm involves first calculating risk scores of all the entities and then determines the percentile of each entity with respect to other entities.  Other statistical methods such as z-scores (which use `mean` and up to 6 `standard deviations` to include around 95% of scores) can be employed.). 
Singh does not specifically teach determining predetermined weight corresponding to behavior characteristic …by performing supervised learning; obtaining the samples of the existing behavior characteristics, determining, from the plurality of existing users, a first deceived user and a first undeceived user; training a model using the first deceived user and the first undeceived user to provide a trained model; determining the plurality of predetermined weights corresponding to the plurality of behavior characteristics from the trained model; mapping absolute weight to obtain a plurality of standard weights of the user; 
Liao teaches determining predetermined weight corresponding to behavior characteristic …by performing supervised learning (Col 4 lines 15-18 The fraud detection system can receive and store data. The fraud detection system is configured to use one or more models to generate date indicative of fraud (behavior characteristic), Col 7 lines 65-67 risk indicators associated with data. Col 8 lines 1-10, Col 9 lines 10-15, 24-35 apply weights for processing rules to generated one or more risk score and risk indicators based on data indicative of fraud provided by entity model, Col 10 lines 1-8 models 132 can include one or more supervised models 170 and high risk rules models 172.  Supervised models 170 are models that are generated based on training or data analysis that is based on historical transactions or applications that have been identified as fraudulent or non-fraudulent.);  mapping absolute weight to obtain a plurality of standard weights of the user (Col 8 lines 27-32the entity scoring model 150 combines each of the risk indicator scores for a particular entity using a weighted average or other suitable combining calculation to generate an overall entity score.)
Liao teaches obtaining the samples of the existing behavior characteristics, determining, from the plurality of existing users, a first deceived/fraud user and a first undeceived/non-fraud user (Col 9 lines 53-55, 39-42 thresholds are applied to segment scores into high and low risk categories (fraud/non-fraud or deceived/undeceived user), Col 10 lines 3-8, 15-20 supervised models are generated based on training or data analysis that is based on historical transactions or applications that have been identified as fraudulent or non-fraudulent. The high risk models can include rules or tress that identify particular data patterns that are indicative of fraud. Col 10 lines 40-45 entity model in the fraud detection model. Model based on entities associated with transaction. Scores for different types of entities are calculated based on historical transaction data, Col 9 lines 49-55, 63-67 data on fraudulent and non-fraudulent application (sample existing behavior characteristics) and updates entity model based on data, Col 11 lines 51-56 generate scores and risk indicators associated with corresponding entities (deceived/undeceived users 
Liao teaches training a model using the first deceived/fraud user and the first undeceived/non-fraud user to provide a trained model (Col 12 lines 5-15, 30 supervised learning algorithms identify a relationship between input features and target variables based on training data. The model generator 110 selects features from a library of features for use in particular models.  The selection of features can be determined by availability of data fields, and the usefulness of a feature for the particular data set and problem. Col 10 lines 5-15 Supervised models 170 are models that are generated based on training or data analysis that is based on historical transactions or applications that have been identified as fraudulent or non-fraudulent, Col 13 lines 3-14 historical data used to train supervised model), and
Liao teaches determining the plurality of predetermined weights corresponding to the plurality of behavior characteristics from the trained model (Col 15 lines 51-56if the buyer has a risky credit score or employment, then they may be a higher risk for EPD and the EPD models 932 can take this into account as can the weighting factors (predetermined weight) applied by, e.g., integrator 936., Col 19 lines 9-15 apply weights to generate one or more scores and risk indicators based on data from entity model);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have included determining predetermined weight corresponding to behavior characteristic …by performing supervised learning; obtaining the samples of the existing behavior characteristics, determining, from the plurality of existing users, a first deceived user and a first undeceived user; training a model using the first deceived user and the first undeceived user to provide a trained model; determining the plurality of predetermined weights corresponding to the plurality of behavior characteristics from the trained model; mapping absolute weight to obtain a plurality of standard weights of the user
Singh/Liao do not specifically teach a first deceived user and a first undeceived user; training model based on a first deceived user and a first undeceived user
Zoldi teaches determining deceived users and undeceived users based on the samples of existing behavior characteristics of the plurality of existing users (0075] the values of the raw biometric profile variables associated with the fraud (deceived) and non-fraud (undeceived) exemplars and Fig 3, [0076] Each record in the tables contains the values of the biometric variables which can be used to determine the likelihood of observing a value of the biometric profile variable value in the fraud or non-fraud table.); and training a model based on behavior characteristics of the deceived users and undeceived users (Fig 3 shows characteristic for fraud (deceived user) and non-fraud (undeceived user), [0084] using a linear or logistic regression model to determine the score blending, or binning both scores and determining the probability of fraud. The regression approach is one that is most easily implemented given ongoing fraud and non-fraud data aggregation, [0086] training based on fraud and non-fraud exemplars would allow the .alpha..sub.i to be learned from historical data., [0087])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have included determining deceived users and undeceived users; and training model using the deceived and the undeceived users, as disclosed by Zoldi in the system disclosed by Singh/Liao, for the motivation of providing a method of collecting data associated with customer and determining behavioral score representing a degree of risk of normality or abnormality of an event (Abstract lines 1-10 Zoldi).
Singh/Liao/Zoldi does not teach wherein each of the plurality of total weights is determined based in a plurality of weights corresponding to a plurality of behavior features in the risk dimension
Hawthorn teaches wherein each of the plurality of total weights is determined based in a plurality of weights corresponding to a plurality of behavior features in the risk dimension ([0184]-[0185] A weighted score may be applied to each interaction between a user and a security item 112 and/or training item 124; whether that user is a repeat offender; whether that user interacts with security items 112 and/or training items 124 from different devices (laptop/tablet/phone) or multiple source IP addresses (work/home); whether that user interacted with security items 112 [0186] all of the 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have included wherein each of the plurality of total weights is determined based in a plurality of weights corresponding to a plurality of behavior features in the risk dimension, as disclosed by Hawthorn in the system disclosed by Singh/Liao/Zoldi, for the motivation of providing a method of assessing security risks of users in a computing network based on a behavioral and/or technical profile of a user.([0002] Hawthorn
Claim 15.    Singh discloses computer-implemented system, comprising: one or more computers (Fig 21 # 2102 processor); and one or more computer memory devices (Fig 21 # 2104 memory) interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers

Regarding Claims 4, 11 and 18,    Singh as modified by Liao, Zoldi and Hawthorn teaches the method according to claim 1, 
Singh teaches wherein the plurality of behavior characteristics are extracted from at least social behavior data (Fig 25 user role/history based data, payment-related data (Fig 25 financial transaction data, excessive overtime hrs. data), and privacy data associated with the user (Fig 25 shows behavioral pattern for user based on various factors such as usage, access etc.) .

Regarding Claims 5, 12 and 19,    Singh as modified by Liao, Zoldi and Hawthorn teaches the method according to claim 1, 
Singh teaches wherein the plurality of risk dimensions comprise at least a security breach risk dimension (Fig 25 Access violations 5%), a fake order risk dimension (Fig 25 financial transaction , a travel risk dimension (Fig 25 Travel and expenses 15% normal), and a misappropriation risk dimension(Fig 25 issued duplicate payment).

Regarding Claims 6, 13 and 20,   Singh as modified by Liao, Zoldi and Hawthorn teaches the method according to claim 1, wherein the plurality of predetermined weights are determined further based on:
Singh/Liao do not teach determining deceived users and honest users based on the samples of existing behavior characteristics of users; and training a logistic regression model for obtaining the plurality of predetermined weights, wherein the logistic regression model is trained by separately using samples of existing behavior characteristics of the deceived users and samples of existing behavior characteristics of the honest users.
Zoldi teaches determining deceived users and honest users based on the samples of existing behavior characteristics of the plurality of existing users (0075] the values of the raw biometric profile variables associated with the fraud (deceived) and non-fraud (honest) exemplars and Fig 3, [0076] Each record in the tables contains the values of the biometric variables which can be used to determine the likelihood of observing a value of the biometric profile variable value in the fraud or non-fraud table.); and training a logistic regression model for obtaining the plurality of predetermined weights, wherein the logistic regression model is trained by separately using samples of existing behavior characteristics of the deceived users and samples of existing behavior characteristics of the honest users (Fig 3 shows characteristic for fraud (deceived user) and non-fraud (honest user), [0084] using a linear or logistic regression model to determine the score blending, or binning both scores and determining the probability of fraud. The regression approach is one that is most easily implemented given ongoing fraud and non-fraud data aggregation, [0086] training based on fraud and non-fraud exemplars would allow the .alpha..sub.i to be learned from historical data., [0087])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have included determining deceived users and honest users based on the samples of existing behavior characteristics of users; and training a logistic regression model for obtaining the plurality of predetermined weights, wherein the logistic regression model is trained 


Regarding Claims 7, 14 and 21,    Singh as modified by Liao, Zoldi and Hawthorn teaches the method according to claim 1, 
Singh teaches wherein the plurality of standard weights are obtained based on normal distributions of total weights of all users determined based on the samples of the existing behavior characteristics of the plurality of existing users(Fig 11 shows statistical /normal distribution of risk scores, absolute weights (mean/ standard deviation) and standard weight 2%-34%, Col 7 lines 62-66 "Risk Distribution of Identity Population".  This produces a graph or chart that shows the score distribution of all users.  This can be a graph/plot of number of users v/s score, i.e. statistical ideal is a bell curve.).

Claims 2, 9, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Singh et al. (US 9,984,344 B2) in view of Liao et al. (US 8,065,234 B2), further in view of Zoldi et. al. (US 2016/0225048 A1) and Hawthorn et al. (US 2015/0229664 A1) as applied to claims 1, 8 and 15, further in view of Bushnaq (US 2007/0006315 A1)

Regarding Claims 2, 9 and 16,    Singh as modified by Liao, Zoldi and Hawthorn teaches the method according to claim 1, further comprising:
Singh discloses generating a statistical or normal distribution for risk score/dimension (Fig 11). However, Singh/Liao do not teach establishing an equilateral portrait of security awareness of the first user by using the plurality of risk dimensions as vertices based on the plurality of standard weights, displaying the plurality of standard weights at locations of the equilateral portrait that shows a correspondence between the plurality of standard weights and the plurality of risk dimensions wherein the equilateral portrait visually displays a risk distribution of the user in each of the plurality of risk dimensions.
Bushnaq teaches establishing an equilateral portrait of security awareness of the user by using the plurality of risk dimensions as vertices based on the plurality of standard weights, wherein the equilateral portrait visually displays a risk distribution of the user in each of the plurality of risk dimensions (Fig 1 # 120,128 and [ 0016] Risk surface 100 has a risk surface area 102 calculated as the area subtended by four normalized vectors (104, 106, 108, and 110) defining different risk factor areas located on a pair of diagonals (112, and 114) drawn between the vertices of a square boundary 116.  In this manner, risk surface area 102 describes a quadrilateral or "diamond" form.  The risk surface area 102, corresponding to a risk computation, may be displayed in various other formats including a rectangle, a cube, and one or more area charts.  [0124] a risk surface area 102 that may be calculated as the area subtended by the four normalized vectors (having values between 0-9) drawn out along the diagonals (112, 114) in a square 116 (equilateral portrait). Bushnaq teaches displaying the plurality of standard weights at locations of the equilateral portrait that shows a correspondence between the plurality of standard weights and the plurality of risk dimensions.(Fig 2 # 226, 224 normalized value, [0031] a risk normalized numerical value 226 may be represented as superimposed over risk surface)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have included establishing an equilateral portrait of security awareness of the user by using the plurality of risk dimensions as vertices based on the plurality of standard weights, displaying the plurality of standard weights at locations of the equilateral portrait that shows a correspondence between the plurality of standard weights and the plurality of risk dimensions wherein the equilateral portrait visually displays a risk distribution of the user in each of the plurality of risk dimensions, as disclosed by Bushnaq in the system disclosed by Singh/Liao, for the motivation of providing a network asset risk assessment ([0002]) and providing a risk surface are comprising a two dimensional representation of risk ([0016] Bushnaq)



Response to Arguments
Applicant's arguments filed 7/27/21 have been fully considered but they are not persuasive.
Applicant has amended Claims 1, 8 and 13 to overcome the 35 U.S.C 101 rejections. Examiner withdraws the 35 U.S.C. 101 rejections with respect to these and all depending claims unless otherwise indicated.
Regarding 103 rejection, Applicant’s arguments with respect to claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Muddu et al. (US 2017/0134415 A1) discuses detect security related anomalies and threats in a computer network environment.  The security platform is "big data" driven and employs machine learning to perform security analytics.  The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats.
Dalal (US 2014/0297495 A1) discusses dynamically displaying multiple market risk categories
Sanin (US 8,918904) discloses the identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user. 
Yampolskiy (US 9,294498) discloses calculating cybersecurity risk score for entity.
Ananthanpillai (US 10,223,760) discloses risk data visualization
Terada (US 2017/0169452) discloses calculating a risk value based on psychological characteristic information indicating psychological characteristics unique to a user, and behavior characteristic information indicating behavior characteristics unique to the user in a predetermined time period obtained from a behavior history in the predetermined time period
Lewis (US 7,970,701) discloses evaluating fraud risk in e-commerce transactions including comparison of the current transaction against known fraudulent transactions, and a search of a transaction history database to identify abnormal patterns, name and address changes, and defrauders.
Larcom (US 8,478,708) discusses method for determining the risk posed by a web user.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGEETA BAHL whose telephone number is (571)270-7779.  The examiner can normally be reached on 7:30 - 4PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached on 571-272-6782.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/SANGEETA BAHL/Primary Examiner, Art Unit 3629