Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

         DETAILED ACTION	

1.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 13 July 2022 has been entered.
2.	Claims 1, 7, 11, 17, 21 and 26 are amended.
3.	Claims 1-29 have been rejected and pending.
 
           Responses to the Argument

4.	The applicant’s arguments filed on 13 July 2022 are moot in view of new ground of rejection rendered.	

Claim Rejections - 35 USC § 103
	
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-29 are rejected under 35 U.S.C §103 as being unpatentable over Martin et al. (US Publication No. 20180004948), hereinafter Martin and in view of Hamilton et al. (US Publication No. 20180096329), hereinafter Hamilton.

In regard to claim 1: 
accessing data associated with one or more communications of a first entity on a network (Martin, ¶25). 
determining one or more behaviors based on the data associated with the one or more communications of the first entity (Martin, ¶53).
determining one or more sequences of the one or more behaviors of the first entity (Martin, ¶75).
determining, by a processing device, a profile of the first entity based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the first entity (Martin, ¶76, 88).
 Martin does not explicitly suggest, determining a state machine of the profile of the first entity, wherein the state machine is associated with the classification against which the one or more behaviors can be matched; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶14, 36-37).
detecting a second entity coming onto the network (Martin, ¶59).
Martin does not explicitly suggest, and classifying, responsive to detecting the second entity coming onto the network, the second entity as a compromised entity based on the state machine of the profile of the first entity; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶16, 96).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of behavior profiling of Martin with the use of state machine disclosed in Hamilton to detect and prevent fraudulent transaction, stated by Hamilton at para.29, 36.

In regard to claim 2:
wherein the profile comprises a sequence of behaviors associated with the classification (Martin, ¶73).

In regard to claim 3:
wherein the profile further comprises an attribute associated with the entity (Martin, ¶15).

In regard to claim 4: 
wherein the one or more communications associated with the entity are accessed from at least one of a log, traffic data, information from an external system, or classification information (Martin, ¶24).

In regard to claim 5: 
wherein the classification information is based on an attribute associated with the entity (Martin, ¶15).

In regard to claim 6:
wherein the one or more sequences of behavior comprises a plurality of behaviors associated with a period of time (Martin, ¶26).

In regard to claim 7:
wherein at least one state of the state machine is associated with an occurrence of a first behavior (Martin, ¶23).

In regard to claim 8:
wherein the profile comprises a plurality of rules, wherein the plurality of rules comprises at least one conditional rule (Martin, ¶26).

In regard to claim 9:
wherein the storing comprises uploading the profile to a remote system (Martin, ¶30, 59).

In regard to claim 10:
further comprising: validating the profile (Martin, ¶23).

In regard to claim 11:
a memory (Martin, ¶117).
and a processing device, operatively coupled to the memory, to: access data associated with one or more communications of  a first entity on a network (Martin, ¶25, 117).
determine one or more behaviors based on the data associated with the one or more communications of the first entity (Martin, ¶53).
determine one or more sequences of the one or more behaviors of the first entity; -3-Attorney's Docket No. F102152 1190US.1 (IS_071)PATENT determine a profile of the first entity based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the first entity (Martin, ¶75-76, 88).
 Martin does not explicitly suggest, determining a state machine of the profile of the first entity, wherein the state machine is associated with the classification against which the one or more behaviors can be matched; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶14, 36-37).
Martin does not explicitly suggest, detect a second entity coming onto the network; and classify, responsive to detecting the second entity coming onto the network, the second entity as a compromised entity based on the state machine of the profile of the first entity; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶16, 96).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of behavior profiling of Martin with the use of state machine disclosed in Hamilton to detect and prevent fraudulent transaction, stated by Hamilton at para.29, 36.

In regard to claim 12:
wherein the profile comprises a sequence of behaviors associated with the classification (Martin, ¶73). 

In regard to claim 13: 
wherein the profile further comprises an attribute associated with the entity (Martin, ¶15).

In regard to claim 14:
wherein the one or more sequences of behavior comprises a plurality of behaviors associated with a period of time (Martin, ¶116).

In regard to claim 15:
wherein the profile comprises a state machine, wherein at least one state of the state machine is associated with an occurrence of a first behavior (Martin, ¶23, 26).

In regard to claim 16:
wherein the profile comprises a plurality of rules, wherein the plurality of rules comprises at least one conditional rule (Martin, ¶26).
 
In regard to claim 17:
access data associated with one or more communications of [[an]] a first entity on a network (Martin, ¶117, 25).
determine one or more behaviors based on the data associated with the one or more communications of the first entity (Martin, ¶53). -4-Attorney's Docket No. F102152 1190US.1 (IS_071)PATENT
 Martin does not explicitly suggest, determining a state machine of the profile of the first entity, wherein the state machine is associated with the classification against which the one or more behaviors can be matched; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶14, 36-37).
determine one or more sequences of the one or more behaviors of the first entity (Martin, ¶75).
Martin does not explicitly suggest, determine, using the processing device, a profile of the first entity based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the first entity using the state machine associated with the at least one entry profile; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶16, 96).
detect a second entity coming onto the network (Hamilton, ¶59).
Martin does not explicitly suggest, and classify, responsive to detecting the second entity coming onto the network, the second entity as a compromised entity based on the state machine of the profile of the first entity; ; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶70, 16, 96).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of behavior profiling of Martin with the use of state machine disclosed in Hamilton to detect and prevent fraudulent transaction, stated by Hamilton at para.29, 36.

In regard to claim 18:
wherein the profile comprises a sequence of behaviors associated with the classification (Martin, ¶73).

In regard to claim 19:
wherein the profile further comprises an attribute associated with the entity (Martin, ¶15).
 
In regard to claim 20:
wherein the one or more sequences of behavior comprises a plurality of behaviors associated with a period of time (Martin, ¶26).

In regard to claim 21:
access data associated with one or more communications of a first entity on a network (Martin, ¶25, 117).
determine one or more behaviors based on the data associated with the one or more communications of the first entity (Martin, ¶53). -4-Attorney's Docket No. F102152 1190US.1 (IS_071)PATENT 
determine one or more sequences of the one or more behaviors of the first entity (Martin, ¶53).
determine, using the processing device, a profile of the first entity based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the first entity (Martin, ¶53, 75).
Martin does not explicitly suggest, determining a state machine of the profile of the first entity, wherein the state machine is associated with the classification against which the one or more behaviors can be matched; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶14, 36-37).
Martin does not explicitly suggest, determining, by a processing device, a classification of the entity based on a matching of a behavior sequence of at least one entity profile of the one or more entity profiles with the one or more behaviors determined from the data associated with the one or more communications of the entity using the state machine associated with the at least one entity profile; however, in a same field of endeavor Hamilton discloses this method (Hamilton, ¶14, 36-37).
In regard to claim 22:
wherein at least one of the entity profiles further comprises an attribute (Martin, ¶15). 

In regard to claim 23:
wherein the one or more communications associated with the entity are accessed from at least one of a log, traffic data, information from an external system, or classification information (Martin, ¶24).

In regard to claim 24: 
wherein the classification information is based on an attribute associated with the entity (Martin, ¶15).

In regard to claim 25:
wherein at least one of the one or more behavior sequences is associated with a period of time (Martin, ¶26, 15).

In regard to claim 26:
wherein at least one state of the state machine is associated with an occurrence of a first behavior (Martin, ¶23).

In regard to claim 27:
wherein the profile comprises a plurality of rules, and wherein the plurality of rules comprises at least one conditional rule (Martin, ¶26).

In regard to claim 28:
wherein data associated with the one or more communications of the entity comprises information associated with an environment comprising the entity (Martin, ¶30).

In regard to claim 29:
applying a policy based on the classification of the entity (Martin, ¶26, 10). 

   Conclusion

6.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Monjour Rahim whose telephone number is (571)270-3890. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (in USA or CANANDA) or 571-272-1000.

/Monjur Rahim/
Patent Examiner
United States Patent and Trademark Office
Art Unit: 2436; Phone: 571.270.3890
E-mail: monjur.rahim@uspto.gov
Fax: 571.270.4890