DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the RCE filed on 01/13/2021.
Claims 1-22 are currently pending in this application. Claims 1 and 12 have been amended.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/13/2021 has been entered.

Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 01/13/2021 were filed.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.



Response to Arguments
The previous 103 rejections to claims 1-22 have been withdrawn in response to the applicants’ amendments/remarks including the proposed examiner amendments.

Allowable Subject Matter
Claims 1-22 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additional be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner's amendment was given in phone interview with Stephen Terrile (reg. no. 32,946) on 02/18/2021.

IN THE CLAIMS
Claim 1 (Amended): A computer-implemented method for controlling access to a resource, comprising:
receiving a request to access the resource by an entity, the request being received via a protected endpoint environment, the protected endpoint environment comprising an endpoint agent executing on an endpoint device, the endpoint agent being implemented to autonomously decide if a particular action  user behavior, the request being based on a user identity of the entity:
determining whether the request is typical or atypical, the request being typical when an elapsed time between a current resource request time and a previous resource request time is less than a predetermined elapsed time, the request being atypical when the elapsed time between the current resource request time and the previous resource request time is greater than the predetermined elapsed time, wherein the request being atypical providing an indication that access rights of the entity 
if the request is typical, granting access to the requested resource; and
if the request is atypical, controlling access to the requested resource using one or more user access control methods to provide security friction that would otherwise not have been used if the request were typical, the security friction providing a protective effect when the request is atypical.

Claim 12 (Amended): A system comprising:
a hardware processor;
an electronic communication channel coupled to the hardware processor; and
a computer-usable medium embodying computer program code, the computer-usable medium being coupled to the electronic communication channel, the computer program code used for asserting different access control methods to provide different amounts of security friction for access to a resource, hardware processor and configured to implement operations comprising:
receiving a request to access the resource by an entity, the request being received via a protected endpoint environment, the protected endpoint environment comprising an endpoint agent executing on an endpoint device, the endpoint agent being implemented to autonomously decide if a particular action is appropriate for a user behavior, the request being based on a user identity of the entity:
determining whether the request is typical or atypical, the request being typical when an elapsed time between a current resource request time and a previous resource request time is less than a predetermined elapsed time, the request being atypical when the elapsed time between the current resource request time and the previous resource request time is greater than the predetermined elapsed time, wherein the request being atypical providing an indication that access rights of the entity 
if the request is typical, granting access to the requested resource; and
if the request is atypical, controlling access to the requested resource using one or more user access control methods to provide security friction that would otherwise not have been used if the request were typical, the security friction providing a protective effect when the request is atypical.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:

Regarding independent claim 1 and 12,

Biegun et al. (US 2017/0255938 A1) teaches an NFC device configured for receiving a request to perform a transaction. In response to receiving the request, sensor data from one or more sensors of the NFC device is fed into a first classifier. The sensor data comprises environment parameters of the NFC device. The first classifier determines if sensor data provided as input to the first classifier were sensed in a transaction-typical environment or in a transaction-atypical environment. In case the first classifier determines that the sensor data is indicative of a transaction-atypical environment, the first classifier blocks the transaction or requests a user to confirm the transaction and blocks the transaction until the confirmation is received. - see fig. 3; abstract, paras. [0017], [0054] and [0055] of Biegun.

Nguyen et al. (US 10,237,298 B1) teaches a method and a system for a session management, security scoring, and friction management. Sessions may be monitored for commonalities or other attributes or aspects and closed, terminated, or a freeze placed on additional sessions from being initiated. A security score may be provided which is indicative of how secure a user is with respect to one or more ways the user interacts with a resource. One or more suggested actions or score improvement strategies may be suggested to facilitate improvement of a security score for a user. Friction management may be provided by having one or more additional layers of security applied to an account of a user or an entity based on suspicious behavior or other factors – see abstract, figs. 4, 5; columns 7, 17-18 of Nguyen.

Ogawn et al. (US 2015/0215325 A1) teaches a system and method for active continuous data security. An active receiver module, an active marker module, an active transmitter module and an active profiler module work together to monitor data requests, detect suspicious activity and characteristics, and responds to hinder the suspicious activity. A method includes obtaining a characteristic associated with the request for data and comparing the characteristic with a database of known patterns and characteristics to determine if the request is suspicious. A module of the system monitors activity of an IP address to determine for logging into at least x number of different accounts. Such a condition may be modified to evaluate if at least x number of different accounts were accessed within some time period, such as within y seconds. If so, then the action is considered suspicious. If not, the action is considered typical – see abstract, figs. 3, 5, 15 and paras. [0045], [0047] and [0080] of Ogawa.


receiving a request to access the resource by an entity, the request being received via a protected endpoint environment, the protected endpoint environment comprising an endpoint agent executing on an endpoint device, the endpoint agent being implemented to autonomously decide if a particular action is appropriate for a user behavior, the request being based on a user identity of the entity:
determining whether the request is typical or atypical, 
the request being typical when an elapsed time between a current resource request time and a previous resource request time is less than a predetermined elapsed time, 
the request being atypical when the elapsed time between the current resource request time and the previous resource request time is greater than the predetermined elapsed time, wherein the request being atypical providing an indication that access rights of the entity have been compromised;
if the request is atypical, controlling access to the requested resource with security friction providing a protective effect.

Dependent claims 2-11 and 13-22 are allowed as they depend from allowable independent claim 1 or 12.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 






/MAUNG T LWIN/Primary Examiner, Art Unit 2495