DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 1-12-21 and 8-10-20 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-10, 12-20 are rejected under 35 USC 102(a)(1) as being anticipated by Wasiq (US Patent 10,911,483 B1).
As per claims 1, 15, 18, Wasiq discloses A computer-implemented method for identifying a malicious user, comprising: 
Obtaining, with at least one processor, a plurality of service requests for a service provided by a processing system, wherein each service request of the plurality of service requests is associated with a requesting user and a requesting system (column 2, lines 1-5, 17-23, Receiving request data based on request for a web service. Authorized users are identified); 

Providing, with at least one processor, the plurality of service requests to the processing system (column 3, lines 12-20); 

Receiving, with at least one processor, from the processing system, a plurality of service responses associated with the plurality of service requests, wherein each service response of the plurality of service responses includes response data associated with an acceptance or a denial of the service at the processing system inserted as a header value in a HyperText Transfer Protocol (HTTP) response of that service response (column 7, lines 48-54, column 11, lines 16-19, Request may receive a reject response based on suspicious IP addresses or throttling access to resources); 

Identifying, with at least one processor, the requesting user as malicious based on the plurality of service requests and the plurality of service responses (column 1, lines 56-60, column 5, lines 43-50).  

As per claims 2, 16, 19, Wasiq discloses The computer-implemented method of claim 1, further comprising: 
receiving, with at least one processor, at least one further service request from the requesting user (column 5, lines 60-65); 
based on identifying the requesting user as malicious, at least one of flagging and blocking, with at least one processor, the at least one further service request (column 8, lines 11-15).   

As per claims 3, 17, 20, Wasiq discloses The computer-implemented method of claim 1, further comprising: 
modifying, with at least one processor, the plurality of service responses by removing the response data associated with the acceptance or the denial of the service for each service response inserted as the header value in the HTTP response of that service response (column 7, lines 48-54, column 11, lines 16-19); 
providing, with at least one processor, the plurality of modified service responses to the requesting user (column 7, lines 48-54, column 11, lines 16-19).  

As per claims 4, Wasiq discloses The computer-implemented method of claim 1, further comprising: 
receiving, with at least one processor, the plurality of service requests from the requesting system (column 3, lines 12-20); 
generating, with at least one processor, the plurality of service responses (column 7, lines 48-54).  

As per claims 5, Wasiq discloses The computer-implemented method of claim 4, further comprising: 
receiving, with at least one processor, at least one further service request associated with the requesting user from the requesting system (column 5, lines 43-50); 
in response to receiving the at least one further service request, providing, with at least one processor, an indication that the requesting user is malicious to the requesting system (column 5, lines 43-50).  

As per claims 6, Wasiq discloses The computer-implemented method of claim 5, wherein the indication that the requesting user is malicious includes a HyperText Transfer Protocol (HTTP) response (column 19, lines 13-20).  

As per claim 7, Wasiq discloses The computer-implemented method of claim 1, wherein the requesting user is identified as malicious based on at least one threshold and at least one of a number of the acceptances included in the plurality of service responses with respect to a number of the plurality of service requests and a number of the denials included in the plurality of service responses with respect to the number of the plurality of service requests (column 2, lines 32-40).  

As per claim 8, Wasiq discloses The computer-implemented method of claim 7, wherein the at least one threshold dynamically changes with respect to at least one parameter associated with the plurality of service requests (column 6, lines 3-10).  

As per claim 9, Wasiq discloses The computer-implemented method of claim 1, wherein each service request of the plurality of service requests is received by the requesting system within a first time period, and wherein the requesting user is identified as malicious within a second time period after the first time period (column 10, lines 7-23).  

As per claim 10, Wasiq discloses The computer-implemented method of claim 9, further comprising: 
obtaining, with at least one processor, within the second time period, a further service request for the service provided by the processing system, wherein the further service request is associated with the requesting user and the requesting system; and automatically denying, with at least one processor, the further service request (column 5, lines 43-50).  


As per claim 12, Wasiq discloses The computer-implemented method of claim 1, further comprising: 
determining, with at least one processor, a fingerprint associated with the requesting user based on a first service request of the plurality of service requests (column 14, lines 49-60); 
determining, with at least one processor, a further fingerprint based on a further service request ( column 14, lines 49-60); and 
determining, with at least one processor, that the further service request is associated with the same requesting user based on the fingerprint and the further fingerprint (column 14, lines 49-60).  

As per claim 13, Wasiq discloses The computer-implemented method of claim 1, wherein the service provided by the processing system includes a transaction authorization service, and wherein the plurality of service requests includes a plurality of transaction authorization service requests associated with a plurality of transactions between the requesting user and the requesting system (column 4, lines 30-36).  

As per claim 14, Wasiq discloses The computer-implemented method of claim 1, further comprising: 
in response to identifying the requesting user as malicious, implementing, with at least one processor, at least one cyberattack against the requesting user (column 7, lines 50-55, column 8, lines 5-15).

Allowable Subject Matter
Claim 11 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BARBARA BURGESS ANYAN whose telephone number is (571)272-3996. The examiner can normally be reached IFP M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on 571-272-4001. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



May 7, 2022
/BARBARA B Anyan/Primary Examiner, Art Unit 2457