Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
This is in response to the amendments filed 12/28/2020.  Claims 1, 2, 8, 9, 15 and 16 have been amended.   Claims 1-20 are pending and have been considered below.

Priority
16730364, filed 12/30/2019 is a continuation of 15081184, filed 03/25/2016 ,now U.S. Patent #10523686 and having 1 RCE-type filing therein; 15081184 Claims Priority from Provisional Application 62138789, filed 03/26/2015.

Drawings
The drawings filed on 12/30/2019 are accepted.

Specification
The specification filed on 12/30/2019 is accepted.

Response to Arguments
Applicant’s arguments, with respect to 35 USC § 101 Rejection, remarks pages 9-16 have been fully considered and are persuasive.  The rejection has been
Applicant’s arguments, with respect to “Double Patenting Rejection “, remarks page 16 have been fully considered and are persuasive.  The rejection has been withdrawn in view of the filing and approval of a Terminal Disclaimer with respect to the parent patent. 
Applicant’s arguments with respect to newly amended independent claims such as prior art of record falling to teach the newly added limitations, remarks pages 16-18 have been considered but are moot in view of the newly found prior art to Yen et al U.S. Yen et al U.S. 9231,962 B1 see rejection below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 8-13 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bajenov et al U.S. 2013/0254857 A1 in view of Truskovsky et al U.S. 2014/0337937 A1 in further view of Yen et al U.S. 9231,962 B1.
Claims 1, 8 and 15: Bajenov et al teaches a method to facilitate securing web services from unauthorized access, an apparatus one or more computer-readable storage media; and program instructions stored on the one or more computer-readable storage media that, when executed by a computing system, direct the computing system to at least, One or more computer-readable storage media having program instructions 
monitoring user interactions with a web service (par.4, 25, wherein the session manager to handle sessions created by the client device 104 during interactions with the website 116. For example, a session is created by the session manager, when a user uses his client device to log into the website. The session manager 216 can also fetch web pages from the web server 208);
generating sets of the user interactions Fig. 4, par.4, 13, 14, a source location of the first login attempt is identified);
comparing the credentials used to access the web service per originator with compromised credentials stored in a database to identify one or more user accounts of the web service associated with art originator that used the compromised credentials found in the database (par. 4, 33, the submitted login information is compared to information recorded within the suspicious login information database 220 to determine if, for example, the information is known to have been compromised, or if submitted login information is associated with a previous suspicious login attempt. At step 316, the source of the login information, supplied by the session manager 216 as explained above, is compared to information recorded within the suspicious login information database 220.); and
par. 35-37, At step 340 an additional security challenge may be provided to the user as a means of overcoming the suspicious characteristics associated with the login information and/or the source of the login information. Wherein the level of authentication required for a session is determined based on the degree of suspiciousness associated with the login information, the source location, or both. For example, as part of an enhanced authentication process, the authentication manager 212 may request a preselected set of security related questions for which the user has previously provided answers, require the user to enter a security code that is sent to the user through email or an SMS message sent to the user's mobile phone, a social CAPTCHA system can be applied by the authentication manager).
Bajenov et al fails to teach, however Truskovsky et al in a similar field of endeavor teaches: 
processing the sets of the user interactions that are  to identify credentials used to access the web service per originator (par.28-30, the monitoring comprises recording an identity of each of the plurality of credentials accessed within the period).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Bajenov et al with Truskovsky et al in order to provide the ability for detecting unauthorized access to credentials of a credential store on a computing device, as suggested by Truskovsky et al abstract.
The combination does not explicitly teaches, however Yen et al in a similar field of endeavor teaches 
generating sets of the user interactions per originator by grouping the user interactions per origination based on information associated with the user interactions that uniquely identifies each originator (Fig.4, col.5, lines 12-22, col.6, lines 33-60, col.7, 50-65, identifying one or more communities, wherein a community corresponds to a group of one or more users and one or more hosts that exhibit a specified level of interaction) 
processing the sets of user interaction that are grouped per originator(Fig.4, col.5, lines 12-22, col.6, lines 33-60, col.7, 50-65, generating a set of profiles, wherein the set comprises a profile corresponding to each of multiple users and a profile corresponding to each of the multiple hosts)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Bajenov et al with the additional features of Yen et al in order to provide the ability for identifying suspicious user authentication attempts that result from credential compromise, as suggested by Yen et al col.2, lines 45-65.
Claims 2, 9 and 16:   the combination teaches:
 	wherein monitoring the user interactions with the web comprises monitoring traffic flows associated with secure access to the wen service (Bajenov et al, par.38, Truskovsky et al, par.17, 28, 33, and 91).
 The same motivation to modify Bajenov et al in view of Truskovsky et al applied to claim 1 above applies.
Claim 3, 10 and 17: the combination teaches:
 	 wherein applying the security measures for at least the one or more user accounts of the web service associated with the originator comprises increasing a level of authentication required for the one or more user accounts to access the web service (Bajenov et al,par.35-37).
Claims 4, 11 and 18: the combination teaches:
 	wherein applying the security measures for at least the one or more user accounts of the web service associated with the originator comprises blocking access to the web service for all access attempts associated with the originator (Bajenov et al par.38).
Claims 5, 12 and 19:    the combination teaches:
 wherein applying the security measures for at least the one or more user accounts of the web service associated with the originator comprises sending automatic password reset notifications to owners of the one or more user accounts (Bajenov et al par.35-37,Truskovsky et al, (par.108-114).
Bajenov et al in view of Truskovsky et al applied to claim 1 above applies.
Claims 6, 13 and 20: the combination teaches:
 	determining other user accounts of the web service having passwords found in a same credential data source as the compromised credentials used by the one or more user accounts associated with the originator that used the compromised credentials(Bajenov et al, Fig. 4, par.39-40, 42), and
responsively sending automatic password reset notifications to owners of the other user accounts (Truskovsky et al, par.108-114).
The same motivation to modify Bajenov et al in view of Truskovsky et al applied to claim 1 above applies.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Bajenov et al U.S. 2013/0254857 A1 in view of Truskovsky et al U.S. 2014/0337937 A1 in further view of Yen et al U.S. 9231,962 B1 and Mathes et al U.S. 8,695,097 B1.
Claims 7 and 14:    the combination fails to teach: 
comprising receiving a credential query transmitted from an authorized user of the web service, responsively comparing legitimate credentials of the authorized user received in the credential query with the compromised credentials in the database, and transferring a notification for delivery' to the authorized user that indicates whether or not the legitimate credentials of the authorized user appear in the database of compromised credentials.
Mathes et al in a similar field of endeavor teaches: 
comprising receiving a credential query transmitted from an authorized user of the web service (col.6, lines 20-55),
 	responsively comparing legitimate credentials of the authorized user received in the credential query with the compromised credentials in the database (col.6, lines 20-55), and 
transferring a notification for delivery' to the authorized user that indicates whether or not the legitimate credentials of the authorized user appear in the database of compromised credentials (col.6, lines 20-55).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Bajenov et al with the additional features of Mathes et al in order to provide the ability for detecting and preventing computer fraud, as suggested by Mathes et al col.2, lines 5- 30.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Yen et al teaches methods, apparatus and articles of manufacture for identifying suspicious user logins in enterprise networks are provided herein. A method includes processing log data derived from one or more data sources associated with an enterprise network, wherein the enterprise network comprises multiple hosts; 
Maxwell et al U.S. 2017/0214712 A1 teaches systems and methods are disclosed for analyzing a plurality of failed login records that correspond to failed login attempts detected by a computing system, to identify suspicious patterns of activity that can facilitate the supplementation of password blacklists for improving account security. To accomplish the foregoing, failed login records that include information associated with failed login attempts are obtained for analysis. The failed login records are analyzed to identify a set of failed login records that show initial characteristics of a suspicious pattern of activity. The information included in the set of failed login records are further analyzed to determine whether a suspicious pattern of activity is actually present. When a suspicious pattern of activity is identified in the set of failed login records, the passwords used in the failed login attempts are stored in password blacklists associated with the account identifier(s) with which the passwords were used. 
Irving JR. et al U.S. 2016/0087964 A1 teaches a credential management system is described that provides a way to disable and/or rotate credentials, such as when a credential is suspected to have been compromised, while minimizing potential impact to various systems that may depend on such credentials. The credentials may be disabled temporarily at first and the availability of various resources is monitored for changes. If .

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685.  The examiner can normally be reached on 6:30-3:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






Saturday, March 6, 2021

/FATOUMATA TRAORE/              Primary Examiner, Art Unit 2436