DETAILED ACTION

Currently pending claims are 1 – 20.


Claim Objection
Claim 15 is objected to because of the following informalities (and Examiner respectfully request to correct as follows): “at least one processor” should be replaced with “at least one hardware processor (or at least one processor device)” – Examiner notes this is because a computer processor could be a software processor (e.g. a Microsoft WORD processor).  Appropriate correction(s) is (are) required.  // “A computer processor” may include the “software processor” (e.g. a word processor) //

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 15 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter where “A computer readable storage medium” as recited in the claim, may be reasonably interpreted as being intended to include communication media that include signals / carrier waves which “bear" instructions as claimed according to the disclosure of the specification (SPEC: Para [0078]: communication media embodies computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave).  Such embodiments of the "manufacture" are not computer elements which define structural and functional interrelationships between the instructions and the rest of the computer that permit the functionality of the instructions to be realized / executed upon access by a hardware processor.  Examiner respectfully suggests an amendment of the claim language such as either (a) “A computer-readable storage device” or (b) “A non-transitory computer-readable storage medium” having program instructions recorded thereon”.    Appropriate correction(s) is (are) required and any other claims not addressed are objected by virtue of their dependency.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 6, 8 – 13 and 15 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by McLachlan et al. (U.S. Patent 2014/0189829). 

As per claim 1, 8 & 15, McLachlan teaches a method, comprising: 
detecting an authentication process with respect to a resource (McLachlan: Abstract & Figure 1 / E-100); 
determining a plurality of features associated with the authentication process (McLachlan: see above & Para [0043] / [0044] and Para [0007]: determining a plurality of authentication features associated with a unique user account, when attemptting to access the resource, including a device, a network (IP address), a location, a challenging question and etc., utilized during the authentication process); 
matching the plurality of features to previously-collected features to determine a match score for the plurality of features (McLachlan: see above & Para [0043] / [0044] and Para [0026]: (a) a set of previously-collected features associated with a unique user account has recently been accessed from a particular device, a particular network and/or a particular location (e.g. from a new network / LOC or a typical network / LOC), wherein (b) a determined confidence factor (confidence level) constitutes a confidence score and (c) an assigned identity confidence level (score), being considered as a likelihood (that the user account has been compromised), w.r.t. the unique user account constitutes a match score associated with a risk level for the plurality of authentication features); 
determining a risk level of the authentication process that is indicative of a likelihood that credentials utilized for the authentication process have been compromised based on the match score (McLachlan: see above); and 
performing an authentication-related action based on the risk level (McLachlan: see above & Figure 6 / E-618, E-620 & E-622 and Para [0060]: allowing / denying the requested account activity based on the determined confidence level (score)). 

As per claim 2 – 3, 9 – 10 and 16 – 17, McLachlan teaches preventing / granting access to the resource responsive to the determined risk level being a relatively high (low) risk level (McLachlan: see above & Figure 6 / E-618, E-620 & E-622 and Para [0060]: allowing / denying the requested account activity based on the determined confidence level (score)).

As per claim(s) 4, 11 and 18, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale.

As per claim 5, 12 and 19, McLachlan teaches determining whether the IP address belongs to a particular tenant network based on historical information associated with the IP address with respect to the tenant network (McLachlan: see above & Para [0043]: a plurality of authentication features associated with a unique user account including the network / (IP address) associated with the customer (tenant) utilized during the authentication process when attempt to access the resource); 
in response to determining that the IP address belongs to the particular tenant, designating the risk level to be a relatively low risk level; and in response to determining that the IP address does not belong to the particular tenant, designating the risk level to be a relatively high risk level (McLachlan: see above & Para [0043] / [0044]: assigning a risk level based on a particular customer (tenant) network – e.g. from a new network or a typical network).  

As per claim 6, 13 and 20, McLachlan teaches wherein each of the previously-collected features is associated with statistical information, the statistical information comprising at least a frequency at which a particular feature of the previously-collected features has been used for authentication for a particular user (McLachlan: see above & Para [0007] / [0044] / [0043]: (e.g.) (a) a frequency at which a particular feature of the previously-collected features such as a certain challenge question to be asked that reflects the difficulty level of the challengin question responsive to a confidence level (score) associated with an authentication process and/or (b) accessing from a new network or from a new location never being requested to access the system – i.e. with a frequency associated with statistical information almost equivalent to zero).  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 7 and 14 are rejected under 35 U.S.C.103 as being unpatentable over McLachlan et al. (U.S. Patent 2014/0189829), in view of Crajek et al. (U.S. Patent 2018/0069867).  


As per claim 7 and 14, Crajek (& McLachlan) teaches for each feature of the plurality of features: 
determining a match pattern from a plurality of different match patterns for the feature based on the statistical information (McLachlan: see above & Para [0007] / [0044] / [0043]: see above (claim 6)) || (Crajek: Para [0033]: (a) a plurality of different match patterns include (e.g.) features such as (a) from a GPS location that the user has previously never used at a time when the user has never requested to access the system (e.g. a different match pattern representative of occasional inactive or rare), and may generate a score of "10" out of a possible value of "50" and (b) from a known device, and generate a score of "35" out of a possible value of "35" (e.g. a different match pattern representative of frequent active) – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0057] / [0058] / [0030]: a set of different match patterns including frequent active, frequent inactive, occasional active, occasional inactive or rare). 
assigning a weight to the feature based on the determined match pattern and a determined strength of the feature (Crajek: Para [0033]: see above: assigning a weight that indicates a strength of the match as a strength-based weight such as assigning "10" out of a possible value of "50" for occasional inactive or rare (or) assigning "35" out of a possible value of "35" for frequent active – this is consistent with the disclosure of the instant specification (SPEC.PG-PUB: Para [0057] / [0058] / [0030]: determining and assigning a strength-based weight indicating a strength of the match); and 
determining a match score for the feature based on the assigned weight and the determined strength of the feature (Crajek: Para [0033]: see above: determining a combinational confidence score based on the determined strength of the authentication feature(s)); and 
determining a cumulative match score based on the match scores determined for the plurality of features, the cumulative match score being the match score on which the risk level is based (Crajek: Para [0033]: see above: determining a combinational confidence score based on the determined strength of the authentication feature(s)) || (McLachlan: see above & Para [0043] / [0044] and Para [0026]: determining a likelihood (that the user accoune has been compromised), associated with the unique user account that constitutes a cumulative match score w.r.t. a risk level for the plurality of authentication features).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of assigning a weight to the feature based on the determined match pattern, from a plurality of different match patterns for the feature based on the statistical information, and a determined strength of the feature because Crajek’s teaching can alternatively, effectively and securely evaluate and assign, in an authentication process, a weight that indicates a strength of the match as a strength-based weight such as assigning "10" out of a possible value of "50" for occasional inactive or rare (or) assigning "35" out of a possible value of "35" for frequent active (see above) within the McLachlan’s system of utilizing a plurality of authentication features associated with a unique user account including a device, a network (IP address), a location, a challenging question and etc., during the authentication process when attempt to access the resource (see above). 



Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2284 – 2021
---------------------------------------------------