Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the reply filed by Applicant on 6/22/2022. Claims 1-18 are pending. This Office Action is Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 8/1/2022, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.


Response to Arguments
	A) Applicant’s amendments and arguments with regards to the 35 USC 101 rejection of claims 1, 7 and 13 for being and Abstract idea, has been considered and deemed persuasive.  As a result this rejection has been withdrawn.
	
	B) Applicant’s arguments with respect to claim(s) 1, 7 and 13 have been considered but are moot because the new ground of rejection does not rely on the same exact references applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Allowable Subject Matter
Claims 5, 11 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.




Claims 1, 7 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yan et al. (US 2020/0137092) in view of Chi et al (US 2002/0130907) and Solano et al. (US 2021/0264003).

As per claim 1, Yan teaches a method for detecting fraud associated with a browsing session comprising operating at least one hardware processor to automatically: obtain user flow data associated with the browsing session at a website based on information extracted from a server hosting the website (Yan, Paragraph 0043 recites “the system retrieves one or more characteristics of the web browser session (205) and determines whether the one or more characteristics change (210) during the session.” And Paragraph 0040-0041 recites “A web browser session may involve a user system (e.g., user system 12 illustrated in FIGS. 1A and 1B) communicating (e.g. via a web browser operating on user system 12) a server computer system (e.g., implemented by system 16 illustrated in FIGS. 1A and 1B) or other system monitored by the server computer system, such as over a network (e.g., network 14 in FIGS. 1A and 1B). For example, a user may utilize a web browser operating on the user's computing device (e.g., user device 12 in FIG. 1A) to interface with a web site hosted by system 16, entering authentication information such as the user's user name and password to access the site and thereby associating the user with the web browser session.”  Yan teaches the use of a server system which is being interpreted to be a hosting website, since it is communicating with a user browser.).
But fails to teach construct a directed graph representative of the browsing session associated with the user data flow.
	However, in an analogous art Pirolli (by way of Chi) teaches construct a directed graph representative of the browsing session associated with the user data flow (Pirolli col. 3 lines 10-23 Fig. l e.g. (4) FIG.1 is a block diagram 100 illustrating the structural linkage and content of a collection of hypermedia linked documents. Documents PO, Pl, P2, P3, P4, P5 and P6, are indexed and shown as 102, 104, 106, 108, 110, 112 and 114. Documents PO-P6 are linked as shown by hypermedia links 120, 122, 124, 126, 128, 130 and 132. The hypermedia links may be any type of linked from one document to another, including hypertext links. An example of the kind of document shown in PO-P6 (102-114) is a web site. Content items 144-154 are located in documents PO-P6 as shown. The content of documents associated with these hypermedia links is usually presented to the user by some proximal cue such as a snippet of text or a graphic [as constructing a first directed graph representative of the first browsing session (e.g. Fig. 1), wherein directed edges of the first directed graph are transitions between web pages and one or more nodes of the first directed graph are the identified clusters of web page identifiers] ) .
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to use Chi’s Method for visualizing user path through a web site and a path's associated information scent with Yan’s detecting anomalous web browser sessions because the use of creating a graph of user activity is a good visual tool to be seen.
And fails to teach compute a set of [[graph]] feature values [[for the directed graph]]; and based on the computed set of [[graph]] feature values, determine whether the [[browsing]] session is legitimate or fraudulent by applying a machine learning classifier to the computed set of [[graph]] feature values, wherein the machine learning classifier is trained to differentiate between [[graph]] feature values associated with [[browsing]] activity of legitimate users and the [[graph]] feature values associated with the [[browsing]] activity of fraudulent users [[browsing]].
However, in an analogous art Solano teaches compute a set of [[graph]] feature values [[for the directed graph]] (Solano, Paragraph 0040 recites “In some embodiments, multimodal biometric data can be utilized to authenticate the user logging into an account. In one embodiment, the extracted vectors of features are fused into a composite, combined vector of features at the feature level into a vector of login features. In one implementation, the above-described vector of mouse features is fused with the above-described vector of keyboard features to generate a vector of login features. In this example, the vector of login features includes a total of 284 features (e.g., the sum of 272 and 12) for each user login session. The vector of login features represents a behavioral biometric profile of the user. In one implementation, a user biometric profile is generated based on the vector of the login features.”); 
and based on the computed set of [[graph]] feature values, determine whether the [[browsing]] session is legitimate or fraudulent by applying a machine learning classifier to the computed set of [[graph]] feature values, wherein the machine learning classifier is trained to differentiate between [[graph]] feature values associated with [[browsing]] activity of legitimate users and the [[graph]] feature values associated with the [[browsing]] activity of fraudulent users [[browsing]] (Solano, Paragraph 0050 recites “ In one implementation, a first difference vector computed from biometric data associated with historical login sessions of the legitimate user is computed. A second different vector computed from biometric data associated with historical login sessions of illegitimate users is computed. In other words, the first different vector trains the machine learning model to recognize the unique biometric information associated with the legitimate user; while the second difference vector trains the machine learning model to recognize biometric information as not being associated with the legitimate user. In implementation, the first difference vector may be positive training data, and the second difference vector may be negative training data.” And Paragraph 0063 recites “At 506, the user is authenticated with the machine learning model, based on the received login event input. In some embodiments, authentication of the user for the account comprises initiating a process of secondary authentication for the user. In some embodiments, the authentication of the user includes application in conjunction with other risk-based authentication techniques. In some embodiments, authentication of the user for the account comprises granting the user access to the account upon successful authenticating the user as the legitimate user of the account. In some embodiments, authentication of the user for the account comprises denying the user access to the account upon failing to authenticate the user as the legitimate user of the account.” Examiner Note:  Solano is relied on to teach the use of machine learning algorithms to determine legitimate users.  It is not relied up on teach graphs or browsing sessions. Pirolli and Yan teach those respectively.  It would have been obvious to a person of ordinary skill in the art to use Solano’s machine learning algorithm to use the teachings of Yan and Pirroli to teach the recited limitations.).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to use Solano’s keyboard and mouse based behavioral biometrics to enhance password-based login authentication using machine learning model with Yan’s detecting anomalous web browser sessions because the use of using machine learning algorithms, will be efficient in maintaining current feature values to determine legitimate users. 

Regarding claims 7 and 13, claims 7 and 13 are directed to a system and a non-transitory readable medium associated with the method of claim 1. Claims 7 and 13 are of similar scope to claim 1, and are therefore rejected under similar rationale.

Claims 2-4, 5, 6, 8-10, 12, 14-16 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yan et al. (US 2020/0137092), Chi et al (US 2002/0130907) and Solano et al. (US 2021/0264003) and in further view of Turgeman et al. (US 2017/0085587).

	As per claim 2, Yan in combination with Chi and Solano teaches the method of claim 1, but fails to teach prior to obtaining the user flow data associated with the browsing session at the website: generating a training set by: obtaining the user flow data associated with multiple browsing sessions of multiple users at the website, wherein some of the multiple browsing sessions are labeled as legitimate, and a remainder of the multiple browsing sessions are labeled as fraudulent, for each of the multiple browsing sessions, automatically constructing a directed graph representative of the respective browsing session, for each of the multiple directed graphs, automatically computing the set of graph feature values and defining the training set as comprising the computed sets of graph feature values  and the labels, wherein each of the computed sets of graph feature values is associated with one of the labels; and training the machine learning classifier based on the training set.
	However, in an analogous art Turgeman further teaches prior to obtaining the user flow data associated with the browsing session at the website: generating a training set by: obtaining the user flow data associated with multiple browsing sessions of multiple users at the website, wherein some of the multiple browsing sessions are labeled as legitimate, and a remainder of the multiple browsing sessions are labeled as fraudulent, for each of the multiple browsing sessions, automatically constructing a directed graph representative of the respective browsing session, for each of the multiple directed graphs, automatically computing the set of graph feature values and defining the training set as comprising the computed sets of graph feature values  and the labels, wherein each of the computed sets of graph feature values is associated with one of the labels; and training the machine learning classifier based on the training set (Turgeman, Paragraph 0080 recites “Furthermore, a Rule Engine 262 may utilize machine learning in order to extrapolate or to subsequently identify, in real time, similar suspicious or fraudulent behaviors or interactions, which may then be used by the user interactions analyzer module 203 to generate or to trigger real-time alarms or alerts with regard thereto, in view of the rules generated by the Rule Engine 262.” Which teaches the use of machine learning technology.  By using machine learning technology, it would be inherent to have training data.  The individual features are taught in the rejection of claim 1.).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to use Turgeman’s device, method, and system of generating fraud-alerts for cyber-attacks with Yan’s detecting anomalous web browser sessions because the use of machine learning technology would relieve the burden on human interaction.  

	As per claim 3, Yan in combination with Chi, Solano and Turgeman teaches the method of claim 2, Turgeman further teaches automatically constructing a legitimate global directed graph representative of those of the multiple browsing sessions labeled as legitimate; automatically computing the set of graph feature values  characterizing differences between the legitimate global directed graph and each of the multiple directed graphs of the browsing sessions that are labeled as legitimate; automatically constructing a fraudulent global directed graph representative of those of the multiple browsing sessions labeled as fraudulent; and automatically computing the set of graph feature values  characterizing differences between the fraudulent global directed graph and each of the multiple directed graphs of the browsing sessions that are labeled as fraudulent, wherein the training is further defined as comprising the computed sets of graph feature values  that characterize the differences (Turgeman, Paragraph 0080 recites “Furthermore, a Rule Engine 262 may utilize machine learning in order to extrapolate or to subsequently identify, in real time, similar suspicious or fraudulent behaviors or interactions, which may then be used by the user interactions analyzer module 203 to generate or to trigger real-time alarms or alerts with regard thereto, in view of the rules generated by the Rule Engine 262.” Which teaches the use of machine learning technology.  By using machine learning technology, it would be inherent to have training data.  The individual features are taught in the rejection of claim 1.).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to use Turgeman’s device, method, and system of generating fraud-alerts for cyber-attacks with Yan’s detecting anomalous web browser sessions because the use of machine learning technology would relieve the burden on human interaction.  

As per claim 4, Yan in combination with Chi, Solano and Turgeman teaches the method of claim 2, Yan further teaches wherein the obtained user flow data associated with the browsing session at a website, and the user flow data of the training set, each separately comprise multiple ones of the following transition: a URL (Uniform Resource Locator) of a referrer page at the website, a URL of a target page at the website, and time spent on the target page (Yan, Paragraph 0043 recites “the system retrieves one or more characteristics of the web browser session (205) and determines whether the one or more characteristics change (210) during the session.” And Paragraph 0040-0041 recites “A web browser session may involve a user system (e.g., user system 12 illustrated in FIGS. 1A and 1B) communicating (e.g. via a web browser operating on user system 12) a server computer system (e.g., implemented by system 16 illustrated in FIGS. 1A and 1B) or other system monitored by the server computer system, such as over a network (e.g., network 14 in FIGS. 1A and 1B). For example, a user may utilize a web browser operating on the user's computing device (e.g., user device 12 in FIG. 1A) to interface with a web site hosted by system 16, entering authentication information such as the user's user name and password to access the site and thereby associating the user with the web browser session.”).
  
	As per claim 6, Yan in combination with Chi and Solano teaches the method of claim 1, but fails to teach responsive to classification of the browsing session as fraudulent: automatically terminating the browsing session and suspending a user account associated with the browsing session.
	However, in an analogous art Turgeman further teaches , responsive to classification of the browsing session as fraudulent: automatically terminating the browsing session and suspending a user account associated with the browsing session (Turgeman, Paragraph 0089 recites “The system may then proceed to trigger a fraud mitigation module 479 to take the suitable measures; for example, to place a temporary "hold" or "freeze" on the account, or to place an automated (or manual) telephone call to the customer to authenticate recent transactions, or to send an email message and/or text message or other notification that requires the account owner to authenticate or to call the customer service.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to use Turgeman’s device, method, and system of generating fraud-alerts for cyber-attacks with Yan’s detecting anomalous web browser sessions because the use of machine learning technology would relieve the burden on human interaction.  

Regarding claims 8 and 14, claims 8 and 14 are directed to a system and a non-transitory readable medium associated with the method of claim 2. Claims 8 and 14 are of similar scope to claim 2, and are therefore rejected under similar rationale.

Regarding claims 9 and 15, claims 9 and 15 are directed to a system and a non-transitory readable medium associated with the method of claim 3. Claims 9 and 15 are of similar scope to claim 3, and are therefore rejected under similar rationale.

Regarding claims 10 and 16, claims 10 and 16 are directed to a system and a non-transitory readable medium associated with the method of claim 4. Claims 10 and 16 are of similar scope to claim 4, and are therefore rejected under similar rationale.

Regarding claims 12 and 18, claims 12 and 18 are directed to a system and a non-transitory readable medium associated with the method of claim 6. Claims 12 and 18 are of similar scope to claim 6, and are therefore rejected under similar rationale.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439