Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 have been examined.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 6, 7, 9, 14, 15, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Eldardiry et al. (20150235152) in view of Fan (20090049547). 
As per claims 1, 9, 17,
Eldardiry discloses  a method for detecting hacking activities, the method comprising:

identifying one or more attributes of each interaction in a sequence of interactions between one or more users and bank services during a predetermined time period (par 24, 25) Eldardiry discloses categorizing users’ activities based on features describing the activities.
categorizing the one or more users into a plurality of groups based on the identified attributes, wherein each of the plurality of groups includes users performing the sequence of interactions with the bank services during the predetermined time period (par 10, 11, 24); and 
calculating a degree of anomaly for each of the plurality of groups based on a total number of users associated with a corresponding sequence of interactions and a number of users associated with the corresponding sequence of interactions during the predetermined time period (par 10, 11, 24, 49).
	Eldardiry does not explicitly disclose:
comparing the calculated degree of anomaly with a predetermined threshold; and
detecting hacking activity in response to determining that the calculated degree of anomaly exceeds the predetermined threshold.
However, Fan discloses:
comparing the calculated degree of anomaly with a predetermined threshold (par 56); and
detecting hacking activity in response to determining that the calculated degree of anomaly exceeds the predetermined threshold (par 56).
Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date to add Fan’s comparing the calculated degree of anomaly with a predetermined threshold; and detecting hacking activity in response to determining that the calculated degree of anomaly exceeds the predetermined threshold to Eldardiry’s method of detecting hacking activities. One would be motivated to do this in order to provide methods of detecting unauthorized intrusions in a network (Fan par 2, 4).
As per claims 6, 14,
Eldardiry discloses the degree of anomaly is calculated using a TF (Term Frequency)-IDF (Inverse Document Frequency) value (par 49).
As per claims 7, 15,
Eldardiry discloses detecting the hacking activity further comprises comparing an observed interaction parameter value with a predetermined interaction parameter value (par 49).

Claims 2-4, 8, 10-12, 16, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Eldardiry et al. (20150235152) in view of Fan (20090049547) further in view of Outwater (20070174080).
As per claims 2, 10, 18,
The Eldardiry and Fan combination discloses the claim invention as in claim 1, 9 and 17. The combination does not explicitly disclose:
the one or more attributes comprise at least: an action to be performed by the user during the interaction with the bank services, a context of the action to be performed by the user during the interaction with the bank services.
However, Outwater discloses:
the one or more attributes comprise at least: an action to be performed by the user during the interaction with the bank services, a context of the action to be performed by the user during the interaction with the bank services (par 13, 46, 47).
Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date to add Outwater’s the one or more attributes comprise at least: an action to be performed by the user during the interaction with the bank services, a context of the action to be performed by the user during the interaction with the bank services to Eldardiry’s method of detecting hacking activities. One would be motivated to do this in order to provide improved security during electronic transactions (Outwater par 2).
As per claims 3, 11, 19,
	Outwater further discloses:
	the action to be performed by the user comprises at least: user’s navigation of a bank services website having a plurality of webpages, focusing on a navigational element of one of the plurality of webpages, entering data into one of the plurality of webpages, interacting with an interface element of one of the plurality of webpages (par 11, 32). Outwater discloses an online banking system that a user navigates.
Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date to add Outwater’s the action to be performed by the user comprises at least: user’s navigation of a bank services website having a plurality of webpages, focusing on a navigational element of one of the plurality of webpages, entering data into one of the plurality of webpages, interacting with an interface element of one of the plurality of webpages to Eldardiry’s method of detecting hacking activities. One would be motivated to do this in order to provide improved security during electronic transactions (Outwater par 2).
As per claims 4, 12, 20,
	Outwater further discloses:
	the context of the action to be performed comprises at least: browser information identifying a browser employed by the user for the interaction with the bank services, application information identifying one or more applications interacting with the browser, device information identifying a device employed by the user for the interaction with the bank services (par 11, 32). 
Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date to add Outwater’s the context of the action to be performed comprises at least: browser information identifying a browser employed by the user for the interaction with the bank services, application information identifying one or more applications interacting with the browser, device information identifying a device employed by the user for the interaction with the bank services to Eldardiry’s method of detecting hacking activities. One would be motivated to do this in order to provide improved security during electronic transactions (Outwater par 2).
As per claims 8, 16,
	Outwater further discloses:
	the interaction parameter comprises one or more of: a number of sessions established between the browser and a server providing the bank services during the predetermined time period, a number of sessions established between the browser and the server exhibiting a predetermined sequence of interactions, a speed of navigation in the browser, a speed/frequency of user input events, a number of unique users interacting with the bank services during the predetermined time period (par 11, 32). 
Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date to add Outwater’s the interaction parameter comprises one or more of: a number of sessions established between the browser and a server providing the bank services during the predetermined time period, a number of sessions established between the browser and the server exhibiting a predetermined sequence of interactions, a speed of navigation in the browser, a speed/frequency of user input events, a number of unique users interacting with the bank services during the predetermined time period to Eldardiry’s method of detecting hacking activities. One would be motivated to do this in order to provide improved security during electronic transactions (Outwater par 2).
Claims 5, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Eldardiry et al. (20150235152) in view of Fan (20090049547) further in view of Park et al. (20190132337).
As per claims 5, 13,
	The Eldardiry and Fan combination discloses the claim invention as in claim 1 and 9. The combination does not explicitly disclose:
categorizing the one or more users into the plurality of groups is performed by a cloud-computing service.
However, Park discloses:
categorizing the one or more users into the plurality of groups is performed by a cloud-computing service (par 25) where Park discloses the cyber security monitoring is done in a cloud computing environment.
Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date to add Park’s categorizing the one or more users into the plurality of groups is performed by a cloud-computing service to Eldardiry’s method of detecting hacking activities. One would be motivated to do this in order to identify, categorize, and manage online cyber-security threats to consumers. (Park par 1).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALVIN L BROWN whose telephone number is (571)270-5109. The examiner can normally be reached Mon - Fri 8:00AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Abhishek Vyas can be reached on (571) 270-1836. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALVIN L BROWN/Primary Examiner, Art Unit 3621