Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are pending. 
Claims 1-18 and 20 are elected for examination.
Claim 19 is withdrawn. 
Claim Rejections - 35 USC § 101

4.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim(s) 1-18, and 20 is/are rejected under 35 U.S.C. § 101 because the claimed invention is directed to mental processes (which is an abstract idea) without significantly more. The limitation “obtaining data processing features of a data processing unit with regard to the data operation behavior; and recognizing the data operation behavior based on the data processing features”, as drafted in claim 1, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components.  That is, other than reciting “A behavior recognition method, comprising: detecting a data operation behavior” nothing in the claim element precludes these steps from practically being performed in the mind. For example, but for the “recognizing the data operation behavior based on the data 
This judicial exception is not integrated into a practical application. In particular, the additional elements recited in the independent claims–i.e. “detecting a data operation behavior” are nothing more than insignificant extra-solution activities (i.e. a pre-solution activity is a step of gathering data for use in a claimed process, and a post-solution activity is an element that is not integrated into the claim as a whole, See MPEP 2106.05 (g)). Further, the A behavior recognition method is recited at a high-level of generality such that it amounts to no more than mere instructions to apply the exception using a generic computer component. Moreover, adding the words “apply it” (or an equivalent) with the judicial exception, or merely using a computer as a tool to perform an abstract idea (e.g., processor, memory, computer, CRSM having program code) does not integrate the abstract idea into a practical application.  See Subject Matter Eligibility Guidance, 84 Fed. Reg. 4 (2019-01-07); MPEP 2106.05(f). Also, the combination of these additional elements merely defines performing these functions on a generic computer component and do not constitute an improvement in technology.  Further, the claimed invention merely outputting the similarity (recited at a high level of generality) for a user to decide the next steps. Therefore, the claim is directed to an abstract idea. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


5.	Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.  In these claims applicants mention “data operation behavior”, and “data processing features” which is generally narrative and indefinite with the invention.  Applicants do not point out clearly which options include in the present invention by these vague terms. Any ordinary skill in the art could not “data operation behavior”, and “data processing features”. “data operation behavior”, and “data processing features” could be indefinite choices of elements which is impossible for any ordinary skill in the art would able to interpret. Similarly, examiner fail to understand what is the meets and bounds of the claim limitations by using the indefinite elements like “data operation behavior”, and “data processing features”. Which is operation and processing of data examiner should consider as particular to behavior, or features? Therefore, these limitations with these ambiguous terms are indefinite with the present application. The examiner will interpret these terms and limitations with the regarding claims as best understood for applying the appropriate art for rejection purposes. Appropriate correction needs to overcome the rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Tin et al hereafter Tin (US pat. App. Pub. 20170091461) and in view of Scott (Intl pub. WO 2017/147236 A1).  
7.	As per claims 1, and 20, Tin discloses a behavior recognition method, and an apparatus comprising: detecting a data operation behavior; obtaining data processing of a data processing unit with regard to the data operation behavior; and recognizing the data operation behavior based on the data processing features (paragraphs: 17, and 40-42, wherein it emphasizes that detecting a malicious data operating behavior and obtaining data processing option of a data processing unit with regard to the data operation behavior. Then, recognizing the malicious data operation behavior based on the data processing option). Although, Tin mention data processing of a data processing unit with regard to the data operation behavior. In the same field of endeavor, Wachdorf discloses data processing features (paragraphs: 10, 14, and 17).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Scott’s teachings of data processing features with the teachings of Tin, for the purpose of effectively protecting the data operation from unauthorized intruders. 
8.	As per claim 2, Tin discloses the method, wherein obtaining data processing features of a data processing unit with regard to the data operation behavior comprises: obtaining processing attribute information of the data processing unit; and determining change data of processing attribute information before and after data processing, designated as data processing features of the data processing behavior (paragraphs: 12, 33, 45).

10.	As per claim 4, Tin discloses the method, wherein the data processing features comprise at least one of data change information, interaction change information, execution status change information, and unit attribute change information of processing units (paragraphs: 9, 31).
11.	As per claim 5, Tin discloses the method, wherein obtaining data processing features of a data processing unit with regard to the data operation behavior comprises: determining at least one data processing unit involved in a data processing procedure; and monitoring data processing features of the at least one data processing unit (paragraphs: 16, 35).
12.	As per claim 6, Tin discloses the method, wherein the data processing unit comprises external memory, internal memory, a cache or a processor (paragraphs: 18, 59).
13.	As per claim 7, Tin discloses the method, wherein recognizing the data operation behavior based on the data processing features comprises: determining the data operation behavior as conforming to a behavior type corresponding to an attack behavior (paragraphs: 49, 53).
14.	As per claim 8, Tin discloses the method, wherein determining the data operation behavior as conforming to a behavior type corresponding to an attack behavior 
15.	As per claim 9, Tin discloses the method, wherein recognizing the data operation behavior based on the data processing features comprises: determining, based on the data processing features satisfying data processing features corresponding to data encryption operations, the data operation behavior as including a data encryption operation (paragraphs: 20, 41).
16.	As per claim 10, Tin discloses the method, wherein recognizing the data operation behavior based on the data processing features comprises: determining, based on the data processing features satisfying target data processing features corresponding to a feature operation behavior, the data operation behavior as including the feature operation behavior (paragraphs: 11, 34).
17.	As per claim 11, Tin discloses the method, further comprising: obtaining the target data processing features in at least one manner among statistical analysis, machine learning, and behavior pattern analysis (paragraphs: 17, 37).
18.	As per claim 12, Tin discloses the method, wherein the feature operation behavior is an attack behavior, and further comprising: blocking, if the data operation behavior is determined as including the feature operation behavior, execution of the data operation behavior (paragraphs: 14, 30).
19.	As per claim 13, Tin discloses the method, further comprising before blocking execution of the data operation behavior: notifying regarding the feature operation behavior, and receiving feedback information confirming that the feature operation behavior includes an attack behavior (paragraphs: 43, 56).

21.	As per claim 15, Tin discloses the method, wherein detecting the data operation behavior further comprises: detecting a data operation behavior of an external device (paragraphs: 32, 38).
22.	As per claim 16, Tin discloses the method, further comprising before detecting the data operation behavior: receiving a user registration request of the external device, and completing a user registration flow of the external device based on a public key and a certificate of each of the current device and the external device (paragraphs: 28, 44).
23.	As per claim 17, Tin discloses the method, wherein the public key and private key of the current device are saved on a built-in trusted chip (paragraphs: 47, 58).
24.	As per claim 18, Tin discloses the method, the method further comprising: obtaining public keys and certificates of each of the external device and the current device from a platform certification authority, utilized to complete a user registration flow of the external device (paragraphs: 52, 60).
Citation of References
25. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action: 

Sanchez Charles (US pat. App. Pub. 20170083815): elaborates that identify behavioral anomalies with process models of different scopes and/or different degrees of precision. For meaningful behavioral evaluation of an actor (i.e., a user or a device), these multiple process models are constructed with different sets of event logs of a system. A model of a scope of an individual actor and a model of a scope of a group of actors are constructed and used for evaluation. These models of different scope expand “normal” behavior of an actor to include behavior of the group of actors. Although these process models of different scopes likely have different precision, additional models of different precision and/or different scopes can be constructed and used for behavioral evaluation.   
Conclusion
26.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590.  The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436