DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/26/2021 has been entered.

Response to Amendment
This action is in response to the communications and remarks filed on 2/26/2021. Claims 1-19 are presently pending for examination.

Response to Arguments
Applicant’s arguments, see pages 9-13, filed 2/26/2021, regarding the U.S.C. 102 and 103 rejections of Claims 1-19 have been fully considered and are not persuasive.  Applicant argues that "Sahar merely teaches that once the new user performs electronic activity, which is tracked, the new user is re-classified to a different 
Thus, Sahar fails to disclose performing all of the claimed first clustering, second clustering, and third clustering. Specifically, for example, Sahar fails to disclose perfonning a third clustering by specifying and clustering a plurality of candidate users that satisfy a predetermined condition from the plurality of belonging clusters, each of the plurality of candidate users being from a respective partial candidate user group of each of the specified belonging clusters, each candidate user of the plurality of candidate users being specified based on (i) applying a classification model to specify a predetermined candidate user in the partial candidate user group of the specified belonging cluster, and (ii) the acquired context information on the target user."
Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees.  Sahar teaches [Column 6, lines 40-46, FIG. 4 illustrates an example process run by the group adjustment manager 170.  Sometime after the new user has been classified, e.g., after the adjustment period 172 and after the new user 114 has performed additional activities that change the activity-related authentication factors 152, the group adjustment manager 170 initiates the reclassification of the user as a member of another group - this teaches that a user is initially in a group and then classified into a different group based on activities and then once again re-classified into another different group or sub-group based on further activities.  This is the 1st, 2nd, 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-7, 10, and 12-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Sahar et al., (US 10587596 B1) hereinafter referred to as Sahar.
Regarding Claims 1, 18, and 19, Sahar discloses An authentication apparatus comprising: a processor operatively coupled to a memory, the processor being programmed to: acquire context information on a target user, which is a target for authentication; [Column 5, lines 32-41, the new user 114 performs some activity on the user device 110. For example, suppose that the new user 114 stores a document on a particular server having an IP address. Then the authentication server 120 stores activity-related authentication factors 152 that include the IP address, other identifying information of particular server, a time and date of access, an IP address from which the access attempt took place, a geolocation from which the access attempt took place, the type of action (saving a document), and so on] 
perform a first clustering by clustering groups of users of a plurality of users into a plurality of cluster groups based on information related to the plurality of cluster groups; [Abstract, Along these lines, when a new user enrolls in an authentication system, the authentication system places the new user in a group of new users that have not made any requests and are assumed to be high risks of making fraudulent requests] 
perform second clustering by specifying and clustering sub-sets of the plurality of users from each of the plurality of cluster groups of users to form a plurality of belonging clusters of users, one of the plurality of belonging clusters including [Column 6, lines 47-56, the group adjustment manager receives new activity-related authentication factors that describe new activities of the new user 114. At 414, the group adjustment manager 170 causes the distance computation manager 156 to compute distances between the new authentication factors and new authentication factors describing activities performed by each member of each group. At 416, the group adjustment manager 170 causes the group selection manager to reclassify the new user 114 as a member of another group based on the computed distance – the current group (cluster) that the new user belongs to is determined along with the new group (cluster) that the new user should be reclassified into] 
the second clustering performed in each of the plurality of cluster groups being performed on a candidate user group of the plurality of users that becomes a candidate for authentication based on a type related to an element included in the context information and based on the acquired context information on the target user; [Column 5, lines 42-48, the group classification manager 150 selects a group in which to classify the user 114. Here, activity-related authentication factors 152 have been stored in the memory 126. The group classification manager 150 will compare these activity-related authentication factors 152 to similar such factors in each group – the context information is the “activity-related authentication factors” such as those taught by (Column 5, lines 32-41) above]
perform a third clustering by specifying and clustering a plurality of candidate users that satisfy a predetermined condition from the plurality of belonging clusters, each of the plurality of candidate users being from a respective partial candidate user group of each of the specified belonging clusters, each candidate user of the plurality of candidate users being specified based on (i) applying a classification model to specify a predetermined candidate user in the partial candidate user group of the specified belonging cluster, and (ii) the acquired context information on the target user; [Column 6, lines 40-46, FIG. 4 illustrates an example process run by the group adjustment manager 170. Sometime after the new user has been classified, e.g., after the adjustment period 172 and after the new user 114 has performed additional activities that change the activity-related authentication factors 152, the group adjustment manager 170 initiates the reclassification of the user as a member of another group - this teaches that a user is initially in a group and then classified into a different group based on activities and then once again re-classified into another different group or sub-group based on further activities. This is the 1st, 2nd, and 3rd classification or clustering of the user and includes at least 3 different groups] 
and authenticate the target user based on information related to the specified candidate user associated with each of the plurality of the cluster groups. [Column 7, lines 8-15, the authentication server 120 performs, in response to receiving the request, an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource]
Regarding Claim 2, Sahar discloses wherein the processor is programmed to specify the belonging cluster that is the cluster to which the target user belongs in each of the plurality of the cluster groups, based on the information related to the plurality of the cluster groups each of which is based on a different type. [Column 5, lines 42-48, the group classification manager 150 selects a group in which to classify the user 114. Here, activity-related authentication factors 152 have been stored in the memory 126. The group classification manager 150 will compare these activity-related authentication factors 152 to similar such factors in each group – the context information is the “activity-related authentication factors”]
Regarding Claim 3, Sahar discloses wherein in accordance with the element associated with each of the plurality of cluster groups, the processor is programmed to specify the belonging cluster that is the cluster to which the target user belongs in each of the plurality of the cluster groups based on the plurality of cluster groups in each of which a number of clusters included in each of the plurality of cluster groups is determined. [Column 5, lines 42-48, the group classification manager 150 selects a group in which to classify the user 114. Here, activity-related authentication factors 152 have been stored in the memory 126. The group classification manager 150 will compare these activity-related authentication factors 152 to similar such factors in each group – the context information is the “activity-related authentication factors”]
Regarding Claim 4, Sahar discloses wherein the processor is programmed to specify a number of clusters in each of the plurality of cluster groups in accordance with the element associated with each of the plurality of cluster groups. [Column 5, lines 12-18, The group adjustment manager 170 is a software construct configured to reclassify the new user 114 as a member of a new group as defined by the group definitions 154. Such a reclassification may occur in response to new activity being performed by the new user. Alternatively, a reclassification may be performed after a predefined adjustment period 172 – teaches that a new group (cluster) can be created which changes the number of clusters]
Regarding Claim 5, Sahar discloses wherein the processor is programmed to specify a candidate user that satisfies a predetermined condition of a classification score that is output by the classification model associated with the belonging cluster in one of the plurality of cluster groups, as a candidate user associated with the one of the plurality of cluster groups. [Column 8, lines 10-24, If the user is assigned to the wrong group, the profile that is assigned to him would be incorrect and the deviations and assigned risk scores would also be incorrect. Hence, it is important to decide which group is indeed the group the user belongs to. The standard way to assign a user to a group is based on the user location, professional role, or position in the organizational chart. For example, a user in Country X will be assigned to the Country X group; a sales person will be assigned to the sales group; or a combination of the two--a sales person in Country X will be assigned to the Country X-sales group. A simpler approach is to generate groups of employees that report, not necessarily directly, to the same manager and assign the new user to a group based on his manager – the group (cluster) has a risk score assigned to it based on the roles and attributes of the members of that group (cluster) wherein each of the members also inherit that score]
Regarding Claim 6, Sahar discloses wherein the processor is programmed to specify a plurality of candidate users that satisfy a predetermined condition of a classification score that is output by the classification model associated with the belonging cluster in one of the plurality of cluster groups, as candidate users associated with the one of the plurality of cluster groups. [Column 8, lines 10-24, If the user is assigned to the wrong group, the profile that is assigned to him would be incorrect and the deviations and assigned risk scores would also be incorrect. Hence, it is important to decide which group is indeed the group the user belongs to. The standard way to assign a user to a group is based on the user location, professional role, or position in the organizational chart. For example, a user in Country X will be assigned to the Country X group; a sales person will be assigned to the sales group; or a combination of the two--a sales person in Country X will be assigned to the Country X-sales group. A simpler approach is to generate groups of employees that report, not necessarily directly, to the same manager and assign the new user to a group based on his manager – the group (cluster) has a risk score assigned to it based on the roles and attributes of the members of that group (cluster) wherein each of the members also inherit that score]
Regarding Claim 7, Sahar discloses wherein the processor is programmed to change a number of the candidate users to be specified in each of the cluster groups in accordance with a number of the plurality of cluster groups. [Column 6, lines 66-67 through Column 7, lines 1-3, the authentication server 120 classifies, based on the first set of authentication factors, the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors – the authentication server assesses the members of the group (cluster) based on the activities they’ve performed and the set of attributes they share. These are the “predetermined conditions”. There can be any number of group (cluster) members (candidates) assessed]
Regarding Claim 10, Sahar discloses wherein the processor is programmed to authenticate the target user based on a predetermined score that is associated with the candidate user associated with each of the plurality of cluster groups. [Column 8, lines 10-24, If the user is assigned to the wrong group, the profile that is assigned to him would be incorrect and the deviations and assigned risk scores would also be incorrect. Hence, it is important to decide which group is indeed the group the user belongs to. The standard way to assign a user to a group is based on the user location, professional role, or position in the organizational chart. For example, a user in Country X will be assigned to the Country X group; a sales person will be assigned to the sales group; or a combination of the two--a sales person in Country X will be assigned to the Country X-sales group. A simpler approach is to generate groups of employees that report, not necessarily directly, to the same manager and assign the new user to a group based on his manager – the group (cluster) has a risk score assigned to it based on the roles and attributes of the members of that group (cluster) wherein each of the members also inherit that score]
Regarding Claim 12, Sahar discloses wherein the processor is programmed to specify the belonging cluster that is the cluster to which the target user belongs in each of the plurality of cluster groups based on the information related to the plurality of the cluster groups that include the cluster group in which clustering is performed on the candidate user group based on the type related to an attribute of a user. [Column 5, lines 42-48, the group classification manager 150 selects a group in which to classify the user 114. Here, activity-related authentication factors 152 have been stored in the memory 126. The group classification manager 150 will compare these activity-related authentication factors 152 to similar such factors in each group – the context information is the “activity-related authentication factors”]
Regarding Claim 13, Sahar discloses wherein the processor is programmed to specify the belonging cluster that is the cluster to which the target user belongs in each of the plurality of cluster groups based on the information related to the plurality of the cluster groups that include the cluster group in which clustering is performed on the candidate user group based on the type related to an action history of the user. [Column 5, lines 42-48, the group classification manager 150 selects a group in which to classify the user 114. Here, activity-related authentication factors 152 have been stored in the memory 126. The group classification manager 150 will compare these activity-related authentication factors 152 to similar such factors in each group – the context information is the “activity-related authentication factors”] [Column 5, lines 32-41, the new user 114 performs some activity on the user device 110. For example, suppose that the new user 114 stores a document on a particular server having an IP address. Then the authentication server 120 stores activity-related authentication factors 152 that include the IP address, other identifying information of particular server, a time and date of access, an IP address from which the access attempt took place, a geolocation from which the access attempt took place, the type of action (saving a document), and so on]
Regarding Claim 14, Sahar discloses wherein the processor is programmed to specify the belonging cluster that is the cluster to which the target user belongs in each of the plurality of cluster groups based on the information related to the plurality of the cluster groups that include the cluster group in which clustering is performed on the candidate user group based on the type related to a terminal device used by the user. [Column 5, lines 42-48, the group classification manager 150 selects a group in which to classify the user 114. Here, activity-related authentication factors 152 have been stored in the memory 126. The group classification manager 150 will compare these activity-related authentication factors 152 to similar such factors in each group – the context information is the “activity-related authentication factors”] [Column 5, lines 32-41, the new user 114 performs some activity on the user device 110. For example, suppose that the new user 114 stores a document on a particular server having an IP address. Then the authentication server 120 stores activity-related authentication factors 152 that include the IP address, other identifying information of particular server, a time and date of access, an IP address from which the access attempt took place, a geolocation from which the access attempt took place, the type of action (saving a document), and so on]
Regarding Claim 15, Sahar discloses wherein the processor is programmed to specify the belonging cluster that is the cluster to which the target user belongs in each of the plurality of cluster groups based on the information related to the plurality of the cluster groups that include the cluster group in which clustering is performed on the candidate user group based on the type related to a communication environment of the user. [Column 5, lines 42-48, the group classification manager 150 selects a group in which to classify the user 114. Here, activity-related authentication factors 152 have been stored in the memory 126. The group classification manager 150 will compare these activity-related authentication factors 152 to similar such factors in each group – the context information is the “activity-related authentication factors”] [Column 5, lines 32-41, the new user 114 performs some activity on the user device 110. For example, suppose that the new user 114 stores a document on a particular server having an IP address. Then the authentication server 120 stores activity-related authentication factors 152 that include the IP address, other identifying information of particular server, a time and date of access, an IP address from which the access attempt took place, a geolocation from which the access attempt took place, the type of action (saving a document), and so on – this includes things such as IP address, particular server, time and date of access, and geolocation which are the “communication environment”]
Regarding Claim 16, Sahar discloses wherein the processor is programmed to specify the target user from the candidate users for each of the belonging clusters associated with each of the plurality of cluster groups based on the classification model that includes a plurality of judgment models associated with each of the users in the partial candidate user group that belongs to the specified belonging cluster. [Column 6, lines 66-67 through Column 7, lines 1-3, the authentication server 120 classifies, based on the first set of authentication factors, the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors – the authentication server assesses the members of the group (cluster) based on the activities they’ve performed and the set of attributes they share. These are the “predetermined conditions”]
Regarding Claim 17, Sahar discloses wherein the processor is programmed to specify the target user from the candidate users for each of the belonging clusters associated with each of the plurality of cluster groups based on the classification model that is a multi-class classification model of the partial candidate user group that belongs to the specified belonging cluster. [Column 6, lines 66-67 through Column 7, lines 1-3, the authentication server 120 classifies, based on the first set of authentication factors, the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors – the authentication server assesses the members of the group (cluster) based on the activities they’ve performed and the set of attributes they share. These are the “predetermined conditions”]
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 8-9  are rejected under 35 U.S.C. 103 as being unpatentable over Sahar, as applied to Claim 1, above, in view of Chen et al., (US 20110295903 A1) hereinafter referred to as Chen.
Regarding Claim 8, Sahar discloses wherein the processor is programmed to authenticate the target user [Column 7, lines 8-15, the authentication server 120 performs, in response to receiving the request, an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource]
Sahar does not explicitly teach based on a frequency of appearance of each of the candidate users from among the candidate users associated with each of the plurality of cluster groups.
Chen teaches based on a frequency of appearance of each of the candidate users from among the candidate users associated with each of the plurality of cluster groups. [paragraph 0067, the saliency of a node measures the prominence of it within the scope of a cluster, for example, the frequency of a node n, f(n)] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Chen with the disclosure of Sahar. The motivation or suggestion would have been to determine the importance (saliency) of the members of the cluster. (paragraph 0067)
Regarding Claim 9, Sahar discloses wherein the processor is programmed to authenticate the target user [Column 7, lines 8-15, the authentication server 120 performs, in response to receiving the request, an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource]
Sahar does not explicitly teach as a most frequently appearing candidate user from among the candidate users associated with each of the plurality of cluster groups.
Chen teaches as a most frequently appearing candidate user from among the candidate users associated with each of the plurality of cluster groups. [paragraph 0067, the saliency of a node measures the prominence of it within the scope of a cluster, for example, the frequency of a node n, f(n) – since the frequency of nodes is assessed, there would be a determination of the most frequent node] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Chen with the disclosure of Sahar. The motivation or suggestion would have been to determine the importance (saliency) of the members of the cluster. (paragraph 0067)

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Sahar, as applied to Claim 1, above, in view of Nechyba et al., (US 8559684 B1) hereinafter referred to as Nechyba.
Regarding Claim 11, Sahar does not explicitly teach wherein the processor is programmed to authenticate the target user as a candidate user having a maximum predetermined score from among the candidate users associated with each of the plurality of cluster groups.
Nechyba teaches wherein the processor is programmed to authenticate the target user as a candidate user having a maximum predetermined score from among the candidate users associated with each of the plurality of cluster groups. [Column 8, lines 51-54, the threshold similarity score for user 120 may be based at least in part on the minimum similarity score and/or the maximum similarity score generated for user 120 when compared to the plurality of individuals 204] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Nechyba with the disclosure of Sahar. The motivation or suggestion would have been to determine similarity scores with other users (Column 8, lines 51-54)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923.  The examiner can normally be reached on M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANDREW J STEINLE/Primary Examiner, Art Unit 2497