PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
 United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov









BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/516,727
Filing Date: 19 Jul 2019
Appellant(s): Corelogic Solutions, LLC



__________________
Marc K. Weinstein
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed June 28, 2022.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 04/05/2022 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”

WITHDRAWN REJECTIONS
The following grounds of rejection are not presented for review on appeal because they have been withdrawn by the Examiner.   The rejection under 35 U.S.C. 112(a) has been withdrawn.

(2) Response to Argument
(a) Claims 1-20 are properly rejected under 35 U.S.C. 101 because the claimed invention is directed to ineligible subject matter.
Independent claim 1 under its broadest reasonable interpretation, recites a judicial exception that is not integrated into practical application.  Specifically, the claim is directed toward the abstract idea of identifying a phishing event for two or more accounts based on: observing logon activity for the two or more accounts, creating a pattern of logon activity using biometric markers, and determining to deny access to affected accounts.  
The step recited in the first clause of claim 1 is equivalent to an observer gathering / observing information within a predetermined time period regarding logon activity or logon attributes being different for each of at least two accounts.  The step also recites that the logon attributes includes a different behavioral biometric signature for each of the at least two accounts.  The observer, such as a network engineer, IT administrator, or cybersecurity analyst, observes the behavior of the logon activity, such as the keystroke input behavior, mouse use characteristics, etc.
The step recited in the second clause of claim 1 is equivalent to the observer noting a pattern of the logon attributes being the same in each of the at least two accounts.  The step also recites that the logon attributes includes having a same behavioral biometric signature.   The observer stores the behavioral biometric signature pattern in a device, such as his mobile phone, for example.
The step recited in the third clause of claim 1 is equivalent to the observer identifying the at least two accounts which match or fit a portion of the behavioral biometric signature pattern he has stored in his mobile phone.
The step recited in the fourth clause of claim 1 is equivalent, in part, to the observer determining to deny access to the at least two accounts based on recognizing that a portion of the behavioral biometric signature pattern matches what the observer has stored in his mobile phone.
The foregoing claim limitations do not require any particular level of accuracy or precision, so nothing in the claim elements preclude these processes from practically being performed in the mind.
This judicial exception is not integrated into a practical application because each of the limitations are recited at a high level of generality.  There is nothing implemented to technologically improve the functionality of what is recited in claim 1.  The judicial exception does not recite elements that are sufficient to amount to significantly more.  The limitations of the claim do not integrate the abstract idea into a practical application.  The claim merely uses a computer as a tool to facilitate the aforementioned mental steps, i.e. gathering/observing information, creating a pattern, identifying the accounts subject to the phishing, and determining to deny access to the accounts.  Even if the gathering and denying steps were considered to not be steps of the mental process, gathering information has been held to be insignificant extra-solution activity and the denying access to the accounts merely comprises an insignificant application of the mental process, akin to cutting hair after first determining a hair style.  As a consequence, claim 1 is directed to one or more abstract ideas without significantly more.
Appellant alleges that “claim 1 limits the claimed invention to a practical application by reciting a technical improvement to protecting user accounts from a phishing attack.”  The Appellant argues that a “denial of access to a hosted web application, installed application, API or identity provider when at least a portion of the pattern matches the logon attributes for the logon activity to each of the at least two accounts both provides a technical improvement and limits the claimed invention to a practical application.”  Merely restating what is recited in claim 1 does not provide any additional limitations that integrate the abstract ideas into a practical application.
Appellant alleges that “the claimed invention plainly does significantly more than merely being directed to an abstract idea” and that the “present application addresses this suboptimal approach by detecting patterns of activity to two or more accounts where that logon activity shares common (i.e., the same) logon attributes, such as the same behavioral biometric signatures.”  Absent any technological detail on how this is performed by a component or structure, the limitations recited in claim 1 are no more than an abstract idea which, as mentioned earlier, can be performed in the human mind.  The limitations do not integrate the abstract idea into a practical application.
Thereafter, Appellant recites the specification by stating that “the present application achieves multiple beneficial technical improvements specifically described in the present application where:  [T]he technical effects may include at least one of: a) preventing a perpetrator of a phishing attack from benefiting from the fruits of their attack by improving the security of a computer system by preventing malicious code, instructions, or messages from allowing an unauthorized user gain access to a plurality of user accounts, b) improving the response time of a computer-based authentication system to prohibit unauthorized access to accounts, and changes to user profiles from unauthorized computer devices that are not associated with the true owner of an account, c) improve the speed at which a processor can detect unauthorized access attempts to multiple accounts by reducing the number of computer steps required to detect a number of accounts affected by phishing attacks by detecting commonalities between the attacks on multiple accounts, and improve the user experience of account holders who are unaffected by a phishing attack on other accounts, by not compelling the unaffected users to change their logon credentials in response to other users whose accounts have been compromised.”  While the Appellant has described the outcome or benefit of the claimed invention, the claim does not positively recite any limitations regarding an implementation of a practical application.  For example, the claim does not recite any limitations regarding how the denying of access is implemented.  Moreover, it is unclear when the denying of access takes place because the last clause is incompletely worded and appears to be missing a conditional limitation.  For at least this reason alone, the claims fails to recite a practical application.
Appellant alleges that “the emphasized portions noted above go well beyond the actions of an observer by providing specific improvements to the technical capabilities and improved operation of a computer.”  Appellant further alleges that “as expressly disclosed by the present application, detecting patterns of activity to two or more accounts where that logon activity shares common (i.e., the same) logon attributes improves the response time of a computer-based authentication system to prohibit both unauthorized access to accounts and changes to user profiles from unauthorized computer devices that are not associated with the true owner of an account.  Examiner notes that none of the features or elements recited in claim 1 improves the operation of a computer.  None of the features or elements recited in claim 1 provide a technological improvement to the functioning of a computer.
Referring to the present application, the Appellant further alleges that the “detection improves the speed at which a processor can detect unauthorized access attempts to multiple accounts by reducing the number of computer steps required to detect a number of accounts affected by phishing attacks by detecting commonalities (i.e., the same logon attributes) between the attacks on multiple accounts.”  While the Appellant references the specification in his attempt to overcome a recitation of abstract ideas, claim 1 does not recite additional elements that integrate the judicial exception into a practical application.  Notably, nowhere does the specification implement a reduction in the number of computer steps required to detect a number of accounts affected by phishing attacks.
Appellant references Enfish LLC vs. Microsoft Corp. which deals with a logical model for a computer database which is not related to matching a behavioral biometric signature pattern.  Furthermore, Appellant references Amdocs (Israel), Ltd. Vs. Openet Telecom, Inc., which deals with an enhancement related to the distribution of network usage records over a network that has nothing to do with matching a behavioral biometric signature pattern.  While the Appellant states that the systems and methods of the present application provides multiple beneficial technical effects, nowhere does the claimed invention recite any steps corresponding to a technological improvement by way of integrating its limitations into a practical application.  Claim 1 merely recites an observer, such as an IT administrator denying access, when identifying a portion of a pattern related to logon attributes including each behavioral biometric signature from each of at least two accounts under some unspecified condition.
Thus, it can be seen that claim 1 recites a mental process without integrating the limitations into a practical application.  Thus, the rejection to independent claim 1 is correct as the claim recites ineligible subject matter.  Furthermore, claims 2-13 have been properly rejected because these claims depend on their respective independent claims.  Appellant applies the same arguments for independent claims 14 and 15 that he uses for claim 1.   Therefore, independent claims 14 and 15 have been properly rejected for the same reasons claim 1 has been properly rejected.  Furthermore, claims 16-20 have been properly rejected since they depend on a properly rejected independent claim 15.

(b) Claims 1-20 are properly rejected under 35 U.S.C. 112(b) as not particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Appellant has not corrected the antecedent basis issues with respect to the terms “logon attributes”, “logon activity”, and “at least two accounts” as recited in claim 1.  There are numerous antecedent basis issues since none of these terms are preceded with a definite article after an indefinite article is used to introduce the term for the first time.  For example, there are several antecedent basis issues with the use of the term “logon activity” in the first clause.  Absence of the use of definite articles after its introduction makes it difficult to tell whether subsequent occurrences of the term is referring back one of its previously recited terms.  For example, absence of the use of definite articles for the term “logon activity” in the second clause causes confusion between elements of the first clause and elements of the second clause.  
Furthermore, in the third clause, it is unclear whether “the logon activity” is referring to one of the terms in the first clause or the second clause.
Similarly, in the fourth clause, it is unclear whether “the logon activity” is referring to the term in one of the terms in the first clause or the second clause or the third clause.
Appellant attempts to justify the absence of prepositions or other identifiers in the use of the foregoing terms by way of improperly characterizing the claimed invention by associating the terms in the first clause with a particular scenario shown in Figure 2 and by associating the terms in the second clause with a particular scenario shown in Figure 3.   
In the final Office action, the Examiner stated that it is unclear what is meant by “the pattern including logon attributes being the same” as recited in the second clause of claim 1.  Examiner had further stated that the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.  However, the Appellant has not responded to Examiner’s comment in the final Office action.
 In the final Office action, the Examiner stated:
The last clause of claim 1 recites “denying access for the identified at least two accounts to a hosted web application, installed application, API or identity provider for a computer attempting to use the logon credentials when at least a portion of the pattern matching the logon attributes, including the behavioral biometric signature, for the logon activity to each of the at least two accounts.”  The last clause in each of claims 1 and 14-15 appears to be an incomplete conditional phrase.  The last clause recites denying access when a condition is met.  However, it is unclear what is meant by: “when at least a portion of the pattern matching the logon attributes, including the behavioral biometric signature, for the logon activity to each of the at least two accounts”.   A number of words are missing in what appears to be a conditional limitation.
Appellant has not amended the last clause of each of claims 1 and 14-15.

 (c) Claims 1-4, 6, 8, 11-12, 14-17, and 19 are properly rejected under 35 U.S.C. 103 as being unpatenable over Zimmermann et al. (US 2018/0027006) in view of Lu et al. (US 2019/0259021).
Appellant alleges that the patterns discussed in Zimmermann are usage patterns to a particular account, not the same logon attributes to at least two accounts, and recognizing an attack when the data about the access is inconsistent with the usage pattern for that particular account, such as timing of the login, location of the login, or frequency of login.  Appellant further alleges that [t]hroughout this description, Zimmermann solely refers to “a compromised account’ or “the compromised account,” not logon activity to two or more accounts or denying access to those two or more accounts when logon attributes including behavioral biometric signature are the same.
Contrary to what Appellant alleges, Zimmerman at [0258] discloses detection types which include matching to pattern detection.  Zimmerman at [0285] discloses the detection of unusual activity based on historical activity patterns and the clustering of accounts to classes on common activity in the detection of unusual activity scenarios.  Zimmerman at [0286] further discloses the detection of an unusual activity use case may include detecting logins from unusual locations and logins at unusual hours or days of week scenarios or login from unusual devices.  Zimmermann at [0286] further discloses collecting a pattern of recent activity and comparing it to a baseline.  
With regard to Appellant’s arguments concerning Lu, the Examiner notes that each user or operator of a mobile device is associated with a payment account and the operator is associated with a behavioral biometric signature which is verified to a historical behavioral biometric signature recorded in the mobile device when the operator accesses his payment account.  Examiner notes that a behavioral biometric signature is unique to each user or operator of the mobile device that is accessing his payment account.  Therefore, the behavioral biometric signatures would be different for different accounts.  
Based on the foregoing reasons, the teachings of Zimmerman (which discloses detection of unusual activity based on historical activity patterns and the clustering of accounts to classes based on common activity) along with the teachings of Lu (which discloses the use of different behavioral biometric signatures for different users of their accounts) correctly rejects claim 1.  Examiner has correctly shown how Zimmerman in combination with Lu renders independent claims 1 and 14-15 obvious.  
Appellant has not provided any arguments specifically directed towards the rejections of dependent claims 2-4, 6, 8, 11-12, 16-17, and 19, but rather has relied on the arguments he has given regarding the rejection of claim 1, upon which they depend.   As shown above, claim 1 is properly rejected.  Therefore, claims 2-4, 6, 8, 11-12, 16-17, and 19 are also properly rejected.

(d) Claims 5, 7, 9, 10, 13, 18, and 20 are properly rejected under 103 as being unpatenable over Zimmermann et al. (US 2018/0027006) in view of Lu et al. (US 2019/0259021) and further in view of Varenhorst (US 2014/0173726) or Bull (US 10796312) or Rotter et al. (US2016/0277439) or Dulkin et al. (US2016/0330220).
Appellant has not provided any arguments specifically directed towards the rejections of dependent claims 5, 7, 9, 10, 13, 18, and 20, but rather has relied on the arguments he has given regarding the rejection of their independent claims (i.e., claims 1 and 14-15) upon which they depend.   As shown above in Examiner’s arguments regarding independent claims 1 and 14-15, these claims have been properly rejected.  Therefore, claims 5, 7, 9, 10, 13, 18, and 20, are also properly rejected.

(3) Conclusion
For the above reasons, it is believed that the rejections should be sustained.

Respectfully submitted,

/R.R./Examiner, Art Unit 3661
Conferees:
/PETER D NOLAN/Supervisory Patent Examiner, Art Unit 3661    
                                                                                                                                                                                                    /JEFF A BURKE/Supervisory Patent Examiner, Art Unit 3664                                                                                                                                                                                                        
Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.