Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-4, 6-11, 13-17, and 19-20 is/are rejected under 35 U.S.C. 102(a)(2) as being antedated by United States Patent Application Publication No.: US 2014/0189829 A1 (McLachlan et al.).

As Per Claim 1: McLachlan et al. teaches: A method for detecting malicious activity within a network, the method comprising:

- receiving, by a network-based authentication system, a network transaction;
	(McLachlan et al., Paragraph [0019], “While compromising the primary authentication method can defeat single factor authentication methods, it is possible to use multi-factor authentication to further secure a system if the primary credentials are compromised. Multi-factor authentication is the use of other means to authenticate the user beyond password based primary authentication methods. Methods of secondary authentication include physical objects such as smart cards, biometrics, pre-selected challenge questions, or one-time passwords. In various embodiments, a mechanism for performing secondary authentication is described which can be used by an online service provider to validate the 

- identifying, by the network-based authentication system, a first attribute of the network transaction;
- selecting, by the network-based authentication system, a first learning statistical model and a second learning statistical model from a plurality of models for handling the network transaction, wherein:
- the first learning statistical model and the second learning statistical model are selected based on the first attribute of the network transaction; and
- each of the first learning statistical model and the second learning statistical model create a likelihood that the network transaction is authentic;
- calculating, using the first learning statistical model, a first score;
- calculating, using the second learning statistical model, a second score;
- comparing, by the network-based authentication system, the first score to a first threshold and the second score to a second threshold;
	(McLachlan et al., Paragraph [0043], “In one embodiment, the confidence logic flow 400 can be configured to use information associated with the device from which the user is attempting to access the account. For example, an operation 440 to determine a device confidence factor can consider if the account has recently been accessed from one or more new devices that have not previously been used to access the account. An operation 450 can determine a network confidence factor based on the network (for example, the device's Internet Protocol (IP) address) through which the user is accessing the account. Additionally, an operation 460 can determine a location confidence factor based on one or more location sensing services (e.g., global positioning system (GPS) sensors). For example, if a unique identifier 
	(McLachlan et al., Paragraph [0044], “In one embodiment, the confidence engine 104 can perform an operation 470 to determine the authentication threshold for a successful secondary authentication. The authentication threshold can be defined as the degree of confidence the authentication challenge system 100 expects before the user can proceed with the selected account activity, based on the assessment of the degree of confidence the system has that the account user is a legitimate user of the account. This threshold can be measured against the systems degree of confidence in the identity of the user. For example, if a user routinely enters a correct password during primary authentication, and the user has recently entered a correct password, and the user is accessing the account from a typical geographic location, using the user's typical network, then if the user attempts to purchase a free application, the authentication threshold for this activity may be set below the confidence level assigned to the unique identifier associated with the user, such that no secondary authentication is triggered. This can also be the case if a legitimate user attempts to use the unique identifier associated with an account to purchase media of the type normally purchased by the user, and the confidence factors indicate a high degree of confidence in the legitimacy of the user.”).
	The listed factors include device confidence factor, network confidence factor and location confidence factor. The historical information (statistics) being used to make the judgment provides the data set the judgments are based off of which is functionally a statistical model in general.


- authenticating, by the network-based authentication system, the network transaction based on comparing the first score to the first threshold and the second score to the second threshold; and
- in response to authenticating the network transaction, completing, by the network-based authentication system, the network transaction.
	(McLachlan et al., Paragraph [0058], “As shown at block 604, the authentication challenge system 100 can request the confidence level of the unique identifier and the authentication threshold from the confidence engine. As shown at block 606, the identifier confidence level and authentication threshold can be used to determine if secondary authentication is performed. In one embodiment, secondary authentication is performed whenever the identifier confidence level is below the authentication threshold. The user is authenticated if the user is able to increase the confidence level associated with the unique identifier above the confidence threshold by supplying a sufficient number of correct or expected answers. In one embodiment, secondary authentication is always performed. If secondary authentication is not performed, and presuming the unique identifier has been subjected to primary authentication within a sufficient timeframe, the account activity is allowed 620 and the system records success.”).
	If confidence levels are above threshold requirements transaction can progress otherwise confidence must be raised or the transaction will be denied.

As Per Claim 2: The rejection of claim 1 is incorporated and further McLachlan et al. teaches: 
- the first learning statistical model and the second learning statistical model comprise one or more aggregation algorithms; and
- the one or more aggregation algorithms are selected from the group consisting of: distinct count, summation, averages, standard deviation, Z-scores, minimums, maximums, and ranges.

	At minimum the confidence measures described would be using ranges.

As Per Claim 3: The rejection of claim 1 is incorporated and further McLachlan et al. teaches: 
- selecting the first learning statistical model, by the network-based authentication system, for a first network transaction based on the first attribute; and
- selecting the second learning statistical model, by the network-based authentication system, for a second network transaction based on a second attribute.
	(McLachlan et al., Paragraph [0043], “In one embodiment, the confidence logic flow 400 can be configured to use information associated with the device from which the user is attempting to access the 
	The device confidence is calculated separately form the location confidence.

As Per Claim 4: The rejection of claim 1 is incorporated and further McLachlan et al. teaches: 
- the first attribute is further selected from the group consisting of:
- a sender identifier;
- a receiver identifier;
- a system administrator identifier; and
- a location.
	(McLachlan et al., Paragraph [0043], “In one embodiment, the confidence logic flow 400 can be configured to use information associated with the device from which the user is attempting to access the account. For example, an operation 440 to determine a device confidence factor can consider if the 
	Sender is device, location is location.

As Per Claim 6: The rejection of claim 1 is incorporated and further McLachlan et al. teaches: 
- determining, by the network-based authentication system, a validity period for the first attribute;
- identifying, by the network-based authentication system, past network transactions comprising the first attribute within the validity period;
- retreiving, by the first learning statistical model, the past network transactions comprising the first attribute;
- calculating, by the first learning statistical model, a past score based on the past network transactions comprising the first attribute, wherein the past score comprises a likelihood that the past network transactions were authentic; and
- calculating, by the first learning statistical model, the first score based on the past score.

	(McLachlan et al., Paragraph [0043], “In one embodiment, the confidence logic flow 400 can be configured to use information associated with the device from which the user is attempting to access the account. For example, an operation 440 to determine a device confidence factor can consider if the account has recently been accessed from one or more new devices that have not previously been used to access the account. An operation 450 can determine a network confidence factor based on the network 
	(McLachlan et al., Paragraph [0057], “FIG. 6 is an example flow diagram of authentication challenge system authorization logic flow 600 according to one embodiment. In one embodiment, the authentication challenge system 100 is enabled when a user requests an account activity that has been flagged as a protected account activity by an online store, or by a user via account preferences or settings, as shown at block 602. In one embodiment, all account activities can be protected by secondary authentication. In one embodiment, specific account activities can be protected by secondary authentication. In one embodiment, some or all account activities are protected whenever an activity confidence factor is determined to be high (e.g., for expensive purchases or when accessing financial information associated with the account) or whenever the confidence level associated with a unique identifier associated with the account is low (e.g., an account has repeated primary authentication failures, or the account purchase history indicates potential fraudulent activities, or other account activities such as app store comments or ratings, indicate a potentially compromised account).”).
	McLachlan et al. runs an ongoing check activated when a user requests an account activity that has been flagged as a protected account activity.

As Per Claim 7: The rejection of claim 1 is incorporated and further McLachlan et al. teaches: 
- calculating, using the first learning statistical model, the first score based on the first attribute;
- calculating, using the second learning statistical model, the second score based on a second attribute;
- calculating, using a third learning statistical model, a third score based on a third attribute; and
- authenticating, by the network-based authentication system, the network transaction by comparing the first score to the first threshold, the second score to the second threshold, and the third score to a third threshold.
	(McLachlan et al., Paragraph [0043], “In one embodiment, the confidence logic flow 400 can be configured to use information associated with the device from which the user is attempting to access the account. For example, an operation 440 to determine a device confidence factor can consider if the account has recently been accessed from one or more new devices that have not previously been used to access the account. An operation 450 can determine a network confidence factor based on the network (for example, the device's Internet Protocol (IP) address) through which the user is accessing the account. Additionally, an operation 460 can determine a location confidence factor based on one or more location sensing services (e.g., global positioning system (GPS) sensors). For example, if a unique identifier associated with an account has recently been accessed from one or more new devices that have not previously been used to access the account, the device can be assessed a low confidence factor. If a device is accessing the account from a new network, the network can be assessed a low confidence factor. If location services indicate that a device is attempting to access the account from a new, or unusual geographic location according to the account history, then the confidence engine 104 can assign a low confidence factor to the location, as this indicates a higher likelihood that the account has been compromised.”).

	The listed factors include device confidence factor, network confidence factor and location confidence factor each with their own corresponding confidence level. 

As Per Claims 8-11 and 13-14: Claims 8-11 and 13-14 are substantially a restatement of the method of claims 1-4, 6-7 as a system and are rejected under substantially the same reasoning.

As Per Claims 15-17 and 19-20: Claims 15-17 and 19-20 are substantially a restatement of the method of claims 1-3 and 6-7 as a non-transitory computer-readable medium and are rejected under substantially the same reasoning.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 5, 12, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No.: US 2014/0189829 A1 (McLachlan et al.).

As Per Claim 5: The rejection of claim 1 is incorporated and further McLachlan et al. does not teach the following limitation: 
- determining, by the network-based authentication system, a country corresponding to the network transaction;
- modifying the first score based on the country corresponding to the network transaction to generate a modified first score;
- averaging, by the network-based authentication system, the modified first score with the first score to generate an averaged first score; and
- comparing, by the network-based authentication system, the averaged first score to the first threshold.
	However Examiner is giving Official Notice that taking into account the country is a simple variation on the consideration of location in confidence rating and would be an obvious interchangeable variation to one of ordinary skill in the art before the effective filing date of the claimed invention readily implemented with expectations of success.

As Per Claim 12: The rejection of claim 8 is incorporated and further claim 12 is substantially a restatement of the method of claim 5 as a system and is rejected under substantially the same reasoning.

As Per Claim 18: The rejection of claim 15 is incorporated and further claim 18 is substantially a restatement of the method of claim 5 as a non-transitory computer-readable medium and is rejected under substantially the same reasoning.

Additional Prior Art
	United States Patent No.: US 9,898,509 B2 (Saperstein et al.) and United States Patent Application Publication No.: US 2013/0133045 A1 (Hayes et al.) are analogous art that show additional teachings about assessing the trust level afforded to a transaction.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN A KAPLAN whose telephone number is (571)270-3170. The examiner can normally be reached 9:00 a.m. - 5:00 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional 





/BENJAMIN A KAPLAN/Examiner, Art Unit 2434