DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/27/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 29 and 30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because they are both directed to software per se and signals per se. The term “computer” does not limit the system to hardware. Computer systems can be virtualized, e.g. a virtual machine or virtual PC. Furthermore, the term computer-readable medium” may be directed to signals as no definition to this term is given in the filed specifications. Software and/or signals are not patentable subject matter. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 18-20, 23, 24, and 26-28 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 18-20, the phrase “may assign/use at least/be used to determine” is indefinite. It is unclear if the following features are part of the claimed invention.
Regarding claim 19, the limitation “wherein the machine learning engine (used to determine whether the source is a bot or a non-bot)” is indefinite. In parent claim 16, the machine learning engine is used to assign categories to bots and not for determining the bot/non-bot status of the source.
Regarding claims 23, 24, and 26, the phrase "e.g." renders the claim indefinite because it is unclear whether the limitation following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).
wherein any one or more of steps (a)-(d) and/or any one of more of steps (I)-(IV)” is indefinite. None of the preceding claims to 27 or 28 contain steps (c), (d), or (I)-(IV).

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 16, 17, 21-26, and 28-30 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by US 2017/0244737 to Kuperman et al. (hereinafter, “Kuperman”).
As per claim 16: Kuperman discloses: A method of processing web requests directed to a website (“A system (and method, and computer readable storage medium storing computer program instructions) is configured for protecting web applications at a host by analyzing web application behavior to detect malicious client requests.” [Kuperman, ¶0020]), the method including: (i) receiving a plurality of web requests directed to the website (a proxy 205 ; (ii) for each of the plurality of web requests, identifying a source from which the web request has originated (identifying known non-malicious and known malicious clients from the requests [Kuperman, ¶0039]); (iii) for at least one web request identified as having originated from a given source: determining whether the source is a bot or a non-bot based on the at least one web request (the proxy 205 analyzes canvas events to detect human activities and indications of non-human actors, that can include non-malicious or malicious bots [Kuperman, ¶0044]); if the source is determined to be a bot, using a machine learning engine to assign one of a plurality of predetermined bot categories to the source based on the at least one web request (“On its own, an indication of a non-human actor does not mean a request is malicious as many non-malicious bots such as web crawlers operation in conjunction with search engines to index web pages. However, this attribute value provides the model generator 209 with an additional input factor that may be weighed against other attributes associated with a request in identifying whether the request implicates a malicious bot as opposed to a non-malicious bot.” [Kuperman, ¶0044] – therefore, the predetermined categories for the bots are malicious and non-malicious).

As per claim 17: Kuperman discloses all limitations of claim 16. Furthermore, Kuperman discloses: wherein the machine learning engine uses at least one model and/or algorithm that has been trained by the machine learning engine using historical web request data to assign one of the plurality of predetermined bot categories to the source, wherein the historical web request data includes previous web requests directed to the website (the model generator 209 may retrain on newly classified and previous known requests to create a newly trained model 205 [Kuperman, ¶0053]; the attribute of distinguishing between a malicious and non-malicious bot in [Kuperman, ¶0044], are used for training the model 205 using various algorithms, such as logistic regression, neural networks, and the like [Kuperman, ¶0049, 0054-0055]).

As per claim 21: Kuperman discloses all limitations of claim 16. Furthermore, Kuperman discloses: wherein the machine learning engine assigns one of a plurality of predetermined bot categories to the source based indirectly on the at least one request, using information describing the at least one request, wherein the information describing the at least one web request is extracted from the at least one web request before being passed to the machine learning engine (the attribute collector is configured to collect associated attributes to the requests, such as static attribute features directly from the request [Kuperman, ¶0041] and derived attributes that are inferred [Kuperman, ¶0051, 0052]; attributes are used to train the model [Kuperman, ¶0054]).

As per claim 22: Kuperman discloses all limitation of claim 16. Furthermore, Kuperman discloses: wherein a proxy server is configured to manage web requests directed to the website and responses to web requests issued by the website, wherein the proxy server is configured to receive web requests directed to the website, and to direct each response issued by the website to the source to which the response is directed (the proxy 20 manages 

As per claim 23: Kuperman discloses all limitations of claim 22. Furthermore, Kuperman discloses: wherein the method includes: (a) if the source is determined to be a non-bot, the proxy server passing the/each subsequent web request sent by the source on to a web server hosting the website; and (b) if the source is determined to be a bot, the proxy server not passing one or more (e.g. a subset of or all) subsequent web requests sent by the source on to a web server hosting the website (a web application firewall 110 within the proxy 205 permits or denies requests and/or future requests from clients based on classifications [Kuperman, ¶0085]).

As per claim 24: Kuperman discloses all limitations of claim 22. Furthermore, Kuperman discloses: wherein the method includes: (I) if a first bot category is assigned to the source, the proxy server passing the/each subsequent web request sent by the source on to a web server hosting the website; and (II) if a second bot category is assigned to the source, the proxy server not passing one or more (e.g. a subset of or all) subsequent web requests sent by the source on to a web server hosting the website (the proxy distinguishes between requests in order to permit non-malicious clients access to the host of the web application [Kuperman, ¶0038]; as discussed in claim 16, a non-human client/actor does not necessary mean it is a malicious client, which can be further distinguished by the model as non-malicious bots (“first bot category”) or malicious bots (“second bot category”)).

As per claim 25: Kuperman discloses all limitations of claim 16. Furthermore, Kuperman discloses: wherein the method includes: (c) if the source is determined to be a non-bot, the website issuing a response that contains website content configured for a non-bot to the/each subsequent web request sent by the source; and (d) if the source is determined to be a bot, the website not issuing a response to one or more subsequent web requests sent by the source and/or the website issuing responses that contain website content configured for a bot to one or more subsequent web requests sent by the source (permitting access to the functionality of the web application 120, or denying access to the functionality of the web application, based on the label/classification of the requests [Kuperman, ¶0038, 0058]).

As per claim 26: Kuperman discloses all limitations of claim 16. Furthermore, Kuperman discloses: wherein the method includes: (III) if a first bot category is assigned to the source, the website issuing a response that contains website content configured for the first bot category to the/each subsequent web request sent by the source; and (IV) if a second bot category is assigned to the source, the website not issuing a response to one or more (e.g. a subset of or all) subsequent web requests sent by the source and/or the website issuing responses that contain website content configured for the second bot category to one or more subsequent web requests sent by the source (permitting access to the functionality of the web application 120, or denying access to the functionality of the web application, based on the label/classification of the requests [Kuperman, ¶0038, 0058]; as discussed in claim 16, a non-human client/actor does not necessary mean it is a malicious client, which can be further first bot category”) or malicious bots (“second bot category”)).

As per claim 28: Kuperman discloses all limitations of claim 23. Furthermore, Kuperman discloses: wherein any one or more of steps (a)-(d) and/or any one or more of steps (I)-(IV) is dependent on a rate of web requests directed to the website (client request rate per minute at time of request receipt is one of the attributes used by model generator 209 [Kuperman, ¶0052]).

As per claim 29: Kuperman discloses all limitations of claim 16. Furthermore, Kuperman discloses: A computer system for processing web requests directed to a website, wherein the computer system includes a machine learning engine, wherein the computer system is configured to carry out a method according to claim 16 (a system [Kuperman, ¶0020]).

As per claim 30: Kuperman discloses all limitations of claim 16. Furthermore, Kuperman discloses: A computer-readable medium having computer-executable instructions configured to cause a computer system to perform a method according to claim 16 (computer readable storage medium storing computer program instructions [Kuperman, ¶0020]).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 18 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Kuperman in view of US 2016/0191554 to Kaminsky (hereinafter, “Kaminsky”).
As per claim 18: Kuperman discloses all limitations of claim 16. Kuperman does not disclose assigning “a confidence level” to the bot categories as recited in claim 18. However, Kaminsky is directed to analogous art of evaluating web browser behavior to distinguish automated browser agents (bots) and human activities [Kaminsky, ¶0008]. Therefore, Kuperman in view of Kaminsky disclose: wherein the machine learning engine may assign one or the predetermined bot categories to the source along with a confidence level associated with the assigned bot category, wherein the confidence level associated with the assigned bot category represents a level of confidence that the assigned bot category is correct (performance metric for visitors to a given web page are compiled and aggregated for remote analysis, wherein the analysis results in probabilities of the likelihood a visitor was human or an automated agent, including the particular type/class of bot [Kaminsky, ¶0034]; therefore, the 
Hence, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to compute probabilities to the classification of the requesting clients in Kuperman, which would have improved the accuracy of identifying malicious and non-malicious clients. According to [Kuperman, ¶0082], malicious/non-malicious classifications are discrete (e.g. a “1” or a “0”) without providing a level of confidence or likelihood a client is malicious or non-malicious, which would have provided a more granular analysis to determining a category of a bot.

As per claim 27: Kuperman discloses all limitations of claim 23. The same motivation for incorporating Kaminsky with Kuperman in claim 18 is also applicable to claim 27. Therefore, Kuperman in view of Kaminsky disclose: wherein any one or more of steps (a)-(d) and/or any one or more of steps (I)-(IV) is dependent on a confidence level associated with the assigned bot category (performance metric for visitors to a given web page are compiled and aggregated for remote analysis, wherein the analysis results in probabilities of the likelihood a visitor was human or an automated agent, including the particular type/class of bot [Kaminsky, ¶0034]; therefore, the bot categories (e.g. malicious or non-malicious) as discussed in claim 16 with Kuperman would have been assigned probabilities).

Claims 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kuperman in view of US 10,326,789 to Vines et al. (hereinafter, “Vines”).
As per claim 19: Kuperman discloses all limitations of claim 16. Furthermore, Kuperman discloses using code injection and device fingerprinting to determine if a client is a human actor or a bot [Kuperman, ¶0042]. This method of detecting if a client (“source”) is a human actor or a bot is distinct from the elements recited in claim 19. However, Vines is directed to analogous art of classifying human or bot traffic in a network [Vines, col. 2, lines 59-64]. Therefore, Vines discloses: wherein the machine learning engine (used to determine whether the source is a bot or a non-bot) may use at least one model and/or algorithm that has been trained by the machine learning engine using historical web request data to determine whether the source is a bot or a non-bot based on the at least one web request (a human confidence module 130 utilizes machine learning or a predefined model to determine bot behavior and human behavior [Vines, col. 8, lines 11-24]; historical traits and sessions are analyzed by the human confidence module 130 [Vines, col. 7, lines 21-26 & 38-46]).
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to utilized any method for distinguishing between human and bot actions in a network in Kuperman. The method of detecting humans and bots in Kuperman would have been replaced with the machine learning method of Vines. The method of Vines is adaptive to evolving patterns of humans and bots and provides a more granular result in the form of confidence levels/ratings [Vines, col. 3, lines 18-39].  

As per claim 20: Kuperman discloses all limitations of claim 16. The same motivation for incorporating Vines with Kuperman in claim 19 is also applicable to claim 20. Therefore, Kuperman in view of Vines disclose: wherein a machine learning engine may be used to determine whether the source is a bot or a non-bot based on the at least one web request (a proxy service 112 processes HTTP requests to determine if their origin is from a human user or a bot [Vines, col. 5, lines 17-50]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2012/0210420: Detection of spam bots by the type of protocol and data transfer behavior.
US 2011/0208714: Identifying low-rate search bot traffic within query logs.
US 2008/0080518: The flow records of suspicious hosts are analyzed to detect bots.
N. Algiriyage, S. Jayasena, G. Dias, A. Perera and K. Dayananda, "Identification and characterization of crawlers through analysis of web logs," 2013 IEEE 8th International Conference on Industrial and Information Systems, 2013, pp. 150-155, doi: 10.1109/ICIInfS.2013.6731972. (Web logs are analyzed to distinguish between known web crawlers, suspicious web crawlers, and other crawlers.)
D. Doran, "Detection, Classification, and Workload Analysis of Web Robots,' University of Connecticut, Doctoral Dissertations, April 18, 2014. 215 pages. (Web robots are classified by resource, functional, characteristics, and workload analysis.)


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        3-11-2022