&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11818219.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,818,219 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Session management system</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Aashish Sheshadri,  San Jose, CA (US);  Gurudatha Baliga,  Chandler, AZ (US); and  Michael Hodgdon,  Maricopa, AZ (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  PAYPAL, INC.,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  PayPal, Inc.,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Sep.  2, 2021, as Appl. No. 17/446,824.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0062052 A1, Mar.  2, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 67/141</b></i> (2022.01); <i><b>H04L 9/40</b></i> (2022.01); <i><b>H04L 41/22</b></i> (2022.01); <i><b>H04L 67/143</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 67/141</b></i> (2013.01)&#xa0;[<i><b>H04L 41/22</b></i> (2013.01); <i><b>H04L 63/168</b></i> (2013.01); <i><b>H04L 67/143</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11818219-20231114-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system, comprising:<div class="claim_text">a non-transitory memory storing instructions; and</div>
                <div class="claim_text">one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising:<div class="claim_text">accessing a session log comprising a recording of user interactions of a user during a session with an application instance in a computing environment;</div>
                  <div class="claim_text">cleansing the session log to remove a portion of content included in the session log;</div>
                  <div class="claim_text">generating, based on the cleansing, a cleansed session log;</div>
                  <div class="claim_text">converting the cleansed session log into a session vector representation using a finite dictionary built from a plurality of session logs associated with a plurality of users that have interacted with the computing environment;</div>
                  <div class="claim_text">generating a user model for the user using the session vector representation and a plurality of other session vector representations associated with the user, wherein the user model includes an average user vector that is a single vector calculated as an average of the plurality of other session vector representations associated with the user;</div>
                  <div class="claim_text">determining that a new session vector representation of a new session log of a new session does not satisfy a predetermined similarity threshold with the average user vector; and</div>
                  <div class="claim_text">performing, based on the determining that the new session vector representation does not satisfy the predetermined similarity threshold, a security action, wherein the performing the security action comprises:<div class="claim_text">determining a value of a distance between the new session vector representation and the average user vector;</div>
                    <div class="claim_text">evaluating, at least in part based on a comparison of the value of the distance with a predefined value, how far the new session vector representation is from the average user vector; and</div>
                    <div class="claim_text">selecting, based on a result of the evaluating, one type of security action from a plurality of types of security actions to perform.</div>
                  </div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>