DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The amendment filed 3/3/2021 has been placed of record in the file.
Claims 1-12, 15, 17, 18, and 20 have been amended.
The rejection of claims 1-11 under 35 U.S.C. 101 is withdrawn in view of the amendment.
Claims 1-20 are pending.
The applicant’s arguments with respect to claims 1-20 have been fully considered but they are not persuasive as discussed below.

Claim Rejections - 35 USC § 102
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
8.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

9.	Claims 18 and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by McGeehan et al. (U.S. Patent Application Publication Number 2010/0211996), hereinafter referred to as McGeehan.
Regarding claim 18, McGeehan discloses a computer-implemented method, comprising: determining from a greylist of suspended network addresses a percentage of network addresses in a specific block of network addresses that have been suspended (paragraph 33, percentage of network addresses considered suspicious); in response to the percentage of network addresses in the specific block that have been suspended exceeding a percentage threshold, adding the specific block of network addresses to the greylist of suspended network addresses such that an authentication request initiated from a network address in the specific block of network addresses is rejected without validating an authentication credential included in the authentication request (paragraph 33, netblock unsafe if percentage of network addresses considered suspicious is above predefined threshold, and paragraph 25, if session illegitimate, immediately denied access); and in response to the percentage of network addresses not exceeding the percentage threshold, keeping remaining network addresses of the specific block that are not currently on the greylist of suspended network addresses off the greylist (paragraph 33, netblock unsafe if percentage of network addresses considered suspicious is above predefined threshold).
Regarding claim 19, McGeehan discloses wherein the specific block is a subnet of network addresses (paragraph 25, set of IP addresses grouped together).

Claim Rejections - 35 USC § 103
10.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

11.	Claims 1-3, 6-12, 14, 15, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over McGeehan in view of Camacho et al. (U.S. Patent Application Publication Number 2003/0208684), hereinafter referred to as Camacho.
McGeehan disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Camacho disclosed techniques for controlling access based on authentication history.  Both systems are directed toward the tracking and managing of previous device authentications.
Regarding claim 1, McGeehan discloses one or more non-transitory computer-readable media storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising: calculating a number of successful authentications for a predetermined number of authentication requests that last originated from a source network address (paragraph 31, gathered historical data, and paragraph 33, session fails authentication); in response to determining that the number of successful authentications compares unfavorably to a threshold, adding the source network address to a greylist of suspended network addresses (paragraph 30, list of bad locations, and paragraph 30, suspicious sessions exceed threshold) such that an authentication request initiated by a requesting application from the source network address is rejected without validating an authentication credential included in the authentication request (paragraph 25, if session illegitimate, immediately denied access); and in response to determining that the number of successful authentications compares favorably to the threshold, keeping the source network address off the greylist of suspended network addresses (paragraph 30, number of suspicious sessions not above threshold).
McGeehan does not explicitly state calculating a percentage of successful authentications, where the determining steps assess whether the percentage of successful 
Regarding claim 2, the combination of McGeehan and Camacho discloses wherein the authentication requests include an authentication request that is initiated by a requesting application on a user device to obtain data or a service from a network resource provider (McGeehan, paragraph 14, user logging into website).
Regarding claim 3, the combination of McGeehan and Camacho discloses wherein the network resource provider is a wireless carrier network (McGeehan, paragraph 15, wireless communication system).
Regarding claim 6, the combination of McGeehan and Camacho discloses wherein the source network address includes an Internet Protocol (IP) address that is assigned to a user 
Regarding claim 7, the combination of McGeehan and Camacho discloses wherein a successful authentication of a particular authentication request includes validating a corresponding authentication credential included in the particular authentication request as legitimate for obtaining data or services from a network service provider (McGeehan, paragraph 22, login and password information verified).
Regarding claim 8, the combination of McGeehan and Camacho discloses wherein the acts further comprise: receiving an additional authentication request initiated by an additional requesting application at an additional source network address, the additional authentication request including an additional authentication credential (McGeehan, paragraph 14, user logging into website); in response to determining that the additional source network address of the additional authentication request is on the greylist, rejecting the authentication request without validating the additional authentication credential included in the additional authentication request (McGeehan, paragraph 25, if session illegitimate, immediately denied access); and in response to determining that the additional source network address of the additional authentication request is absent from the greylist of suspended network addresses, validating the additional authentication credential to determine whether to grant the additional requesting application access to data or services provided by a network resource provider (McGeehan, paragraph 58, if session not suspicious, uses simple authentication process).
Regarding claim 9, the combination of McGeehan and Camacho discloses wherein the acts further comprise: receiving an additional authentication request initiated by an additional requesting application at and additional source network address, the additional authentication 
Regarding claim 10, the combination of McGeehan and Camacho discloses wherein the acts further comprise: determining from the greylist a percentage of network addresses in a specific block of network addresses that have been suspended; in response to the percentage of network addresses exceeding an additional percentage threshold, add the specific block of network addresses to the greylist; and in response to the percentage of network addresses not exceeding the additional percentage threshold, keeping remaining network addresses of the specific block that are not currently on the greylist off the greylist (McGeehan, paragraph 33, netblock unsafe if percentage of network addresses considered suspicious is above predefined threshold).
Regarding claim 11, the combination of McGeehan and Camacho discloses wherein the acts further comprise exporting the greylist to a third-party for the third-party to deny additional authentication requests from the suspended network addresses (McGeehan, paragraph 37, trusted third party provides information that netblock is not safe).
Regarding claim 12, McGeehan discloses a system, comprising: one or more processors; and memory having instructions stored therein, the instructions, when executed by the one or more processors, cause the one or more processors to perform acts comprising: calculating a number of successful authentications for a predetermined number of authentication requests that 
McGeehan does not explicitly state calculating a percentage of successful authentications, where the determining step assesses whether the percentage of successful authentications is less than a predetermined percentage threshold.  However, utilizing authentication histories in such a way was well known in the art as evidenced by Camacho.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of McGeehan by adding the ability for calculating a percentage of successful 
Regarding claim 14, the combination of McGeehan and Camacho discloses wherein the source network address includes an Internet Protocol (IP) address that is assigned to a user device hosting the requesting application (McGeehan, paragraph 20, internet protocol (IP) address).
Regarding claim 15, the combination of McGeehan and Camacho discloses wherein the acts further comprise: in response to determining that an additional source network address of an additional authentication request initiated by an additional requesting application is on a whitelist of authorized network addresses, validating an additional authentication credential included in the additional authentication request to determine whether to grant the additional requesting application access to data or services provided by the network resource provider (McGeehan, paragraph 29, list of safe netblocks, and paragraph 22, login and password information verified).
Regarding claim 17, the combination of McGeehan and Camacho discloses wherein the acts further comprise in response to determining that the percentage of successful authentications is equal to or greater than the predetermined percentage threshold, keeping the source network address off the greylist of suspended network addresses (McGeehan, paragraph 30, number of suspicious session not above threshold, and Camacho, paragraph 96, percentage of .

12.	Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over McGeehan in view of Camacho, further in view of Balasubramanian et al. (U.S. Patent Application Publication Number 2009/0245176), hereinafter referred to as Balasubramanian.
The combination of McGeehan and Camacho disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Balasubramanian disclosed techniques for managing blacklists and whitelists of devices.  Both systems are directed toward the managing of lists for access control.
Regarding claim 4, the combination of McGeehan and Camacho does not explicitly state wherein the acts further comprise removing the source network address from the greylist following an expiration of a predetermined time period.  However, managing device lists in such a way was well known in the art as evidenced by Balasubramanian.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of McGeehan and Camacho by adding the ability that the acts further comprise removing the source network address from the greylist following an expiration of a predetermined time period as provided by Balasubramanian (see paragraph 96, time for removing list entry).  One of ordinary skill in the art would have recognized the benefit that removing a device from a list would allow for re-evaluation of the device after a period of time (see Balasubramanian, paragraph 96).
Regarding claim 5, the combination of McGeehan and Camacho does not explicitly state wherein the adding the source network address includes: determining a number of times that the .

s 13 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over McGeehan in view of Camacho, further in view of Toomim et al. (U.S. Patent Application Publication Number 2009/0288150), hereinafter referred to as Toomim.
The combination of McGeehan and Camacho disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Toomim disclosed techniques for controlling access to shared resources.  Both systems are directed toward the managing of lists for access control.
Regarding claim 13, the combination of McGeehan and Camacho does not explicitly state wherein the acts further comprise, while the source network address is on the greylist: receiving an account recovery request from the requesting application; and providing the requesting application with access to at least one of a user identifier recovery function or a password recovery function.  However, account recovery options were commonplace in access control systems as evidenced by Toomim.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of McGeehan and Camacho by adding the ability that the acts further comprise, while the source network address is on the greylist: receiving an account recovery request from the requesting application; and providing the requesting application with access to at least one of a user identifier recovery function or a password recovery function as provided by Toomim (see paragraph 131, password recovery).  One of ordinary skill in the art would have recognized the benefit that enhancing access techniques for shared resources would assist in providing a more expedient approach for controlling access (see Toomim, paragraph 7).
Regarding claim 16, the combination of McGeehan and Camacho does not explicitly state wherein the acts further comprise: receiving a subsequent authentication request initiated by an additional requesting application at an additional source network address; and in response to determining that the additional source network address of the subsequent authentication request is on the greylist of suspended network addresses, granting the additional requesting application access to a decoy interface.  However, utilizing a decoy in access control systems was well known in the art as evidenced by Toomim.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of McGeehan and Camacho by adding the ability that the acts further comprise: receiving a subsequent authentication request initiated by an additional requesting application at an additional source network address; and in response to determining that the additional source network address of the subsequent authentication request is on the greylist of suspended network addresses, granting the additional requesting application access to a decoy interface as provided by Toomim (see paragraph 196, blacklisted user shown dummy content).  One of ordinary skill in the art would have recognized the benefit that enhancing access techniques for shared resources would assist in providing a more expedient approach for controlling access (see Toomim, paragraph 7).

14.	Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over McGeehan in view of Balasubramanian.
McGeehan disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Balasubramanian disclosed techniques for managing blacklists 
Regarding claim 20, McGeehan does not explicitly state wherein an amount of time that the network address in the specific block of network addresses remains on the greylist is dependent on a number of times that the network address was previously on the greylist.  However, managing device lists in such a way was well known in the art as evidenced by Balasubramanian.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of McGeehan by adding the ability that an amount of time that the network address in the specific block of network addresses remains on the greylist is dependent on a number of times that the network address was previously on the greylist as provided by Balasubramanian (see paragraph 96, time for removing list entry based on number of times device is added to list).  One of ordinary skill in the art would have recognized the benefit that removing a device from a list would allow for re-evaluation of the device after a period of time (see Balasubramanian, paragraph 96).

Response to Arguments
15.	In the remarks, the applicant has argued:
<Argument 1>
McGeehan does not disclose the features of independent claim 12 because he does not disclose “rejecting the authentication request without validating the authentication credential included in the authentication request” as recited in claim 12.

<Argument 2>
McGeehan does not disclose the features of independent claim 18 because he does not disclose rejecting an authentication request “in response to the percentage of network addresses in the specific block that have been suspended exceeding a percentage threshold” as recited in claim 18.
<Argument 3>
The combination of McGeehan and Camacho does not disclose the features of independent claim 1 because it does not disclose rejecting an authentication request “in response to determining that the percentage of successful authentications is less than a predetermined percentage threshold” as recited in claim 1.
<Argument 4>
The combination of McGeehan, Camacho, and Balasubramanian does not disclose the features of dependent claim 5 because it does not disclose “adding the source network address to the greylist for a random amount of time” as recited in claim 5.
16.	In response to argument 1, the combination of McGeehan and Camacho does disclose the features as recited in claim 12.  The rejection cites McGeehan, paragraph 25, which shows that if a session is determined to be illegitimate, access is immediately denied.  This is seen to meet the limitation at hand as McGeehan does not consider the login credentials in this scenario.  Whether McGeehan’s system definitively denies access at this point or whether it offers a separate enhanced authentication procedure (as described in paragraph 58) before denying access, it is clear that authentication is rejected without consideration of the login credentials.  In such a scenario, McGeehan makes clear that it has been determined that the credentials are compromised.  See again, inter alia, paragraph 25.  As such, the credentials themselves cannot be 
17.	In response to argument 2, McGeehan does disclose the features as recited in claim 18.  The rejection cites paragraph 33, which shows that a netblock is determined to be unsafe if the percentage of network addresses considered suspicious in the netblock is above a predefined threshold.  This is seen to meet the limitation at hand as McGeehan’s system processes sessions based on netblock classification and, as such, unsafe netblocks may be subject to denied access, enhanced authentication, etc.  In arguing the “percentage of suspended network addresses” aspect of the claim, the applicant has failed to consider this previously cited teaching.
18.	In response to argument 3, the combination of McGeehan and Camacho does disclose the features as recited in claim 1.  The rejection cites McGeehan, paragraph 30, which shows consideration of whether the number of suspicious sessions is above a threshold or not, as well as Camacho, paragraph 96, which shows calculation of a percentage of past successful authentications, and paragraph 100, which shows comparison of authentication scores to threshold values.  Since McGeehan already teaches consideration of the number of suspicious sessions against a threshold, it is maintained that one of ordinary skill in the art would have looked to Camacho to simply adjust McGeehan’s system to incorporate a percentage of suspicious sessions.  The applicant argues that “Camacho does not remedy the deficiencies of 
19.	In response to argument 4, the combination of McGeehan, Camacho, and Balasubramanian does disclose the features as recited in claim 5.  The rejection cites Balasubramanian, paragraph 96, which shows the ability to set times for removing list entries.  This is seen to meet the limitation at hand as Balasubramanian teaches setting list entry timers based on a variety of factors, including the number of times a device is added to a list.  Although Balasubramanian does not explicitly state a timer set at random, he does explicitly state that times for removing list entries can be determined “using substantially any timing mechanism.”  See again, paragraph 96.  Given the teachings of Balasubramanian, and the explicit variety of ways in which list entries timers are set in his disclosure, it is maintained that one of ordinary skill in the art would have known how to set a timer based on the number of times a device is added, including simply making the timer random within certain threshold boundaries of time.  The claim requires consideration of time thresholds, already taught by Balasubramanian, and simply setting a random time is seen as an obvious variation of such teachings.

Conclusion
20.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
21.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812.  The examiner can normally be reached on Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 




/Victor Lesniewski/Primary Examiner, Art Unit 2493