DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The amendment filed 7/8/2021 has been placed of record in the file.
Claims 1, 12, 18, and 20 have been amended.
Claims 1-20 are pending.
The applicant’s arguments with respect to claims 1-17 have been fully considered but they are not persuasive as discussed below.
The applicant’s arguments with respect to claims 18-20 have been considered but are moot in view of the following new grounds of rejection.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/8/2021 has been entered.

Claim Rejections - 35 USC § 103
8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

10.	Claims 1-3, 6-12, 14, 15, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over McGeehan et al. (U.S. Patent Application Publication Number 2010/0211996), hereinafter referred to as McGeehan, in view of Camacho et al. (U.S. Patent Application Publication Number 2003/0208684), hereinafter referred to as Camacho.
McGeehan disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Camacho disclosed techniques for controlling access based on authentication history.  Both systems are directed toward the tracking and managing of previous device authentications.
Regarding claim 1, McGeehan discloses one or more non-transitory computer-readable media storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising: calculating a number of successful authentications for a predetermined number of authentication requests that last originated from a source network address (paragraph 31, gathered historical data, and paragraph 33, session fails authentication); in response to determining that the number of successful authentications compares unfavorably to a threshold at the source network address, adding the source network address to a greylist of suspended network addresses (paragraph 30, list of bad locations, and paragraph 29, list of bad IPs, and paragraph 30, suspicious sessions exceed threshold) such that an authentication request initiated by a requesting application from the source network address is rejected without validating an authentication credential included in the authentication request (paragraph 25, if 
McGeehan does not explicitly state calculating a percentage of successful authentications, where the determining steps assess whether the percentage of successful authentications is less than a predetermined percentage threshold or equal to or greater than the predetermined percentage threshold.  However, utilizing authentication histories in such a way was well known in the art as evidenced by Camacho.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of McGeehan by adding the ability for calculating a percentage of successful authentications, where the determining steps assess whether the percentage of successful authentications is less than a predetermined percentage threshold or equal to or greater than the predetermined percentage threshold as provided by Camacho (see paragraph 96, percentage of time in past successful authentication has occurred, and paragraph 100, authentication score compared to business rules that specify threshold values to determine further processing).  One of ordinary skill in the art would have recognized the benefit that enhancing access techniques for shared resources would assist in protecting against unauthorized access that uses stolen account information (see Camacho, paragraph 12).
Regarding claim 2, the combination of McGeehan and Camacho discloses wherein the authentication requests include an authentication request that is initiated by a requesting 
Regarding claim 3, the combination of McGeehan and Camacho discloses wherein the network resource provider is a wireless carrier network (McGeehan, paragraph 15, wireless communication system).
Regarding claim 6, the combination of McGeehan and Camacho discloses wherein the source network address includes an Internet Protocol (IP) address that is assigned to a user device hosting the requesting application that initiated the authentication request (McGeehan, paragraph 20, internet protocol (IP) address).
Regarding claim 7, the combination of McGeehan and Camacho discloses wherein a successful authentication of a particular authentication request includes validating a corresponding authentication credential included in the particular authentication request as legitimate for obtaining data or services from a network service provider (McGeehan, paragraph 22, login and password information verified).
Regarding claim 8, the combination of McGeehan and Camacho discloses wherein the acts further comprise: receiving an additional authentication request initiated by an additional requesting application at an additional source network address, the additional authentication request including an additional authentication credential (McGeehan, paragraph 14, user logging into website); in response to determining that the additional source network address of the additional authentication request is on the greylist, rejecting the authentication request without validating the additional authentication credential included in the additional authentication request (McGeehan, paragraph 25, if session illegitimate, immediately denied access); and in response to determining that the additional source network address of the additional 
Regarding claim 9, the combination of McGeehan and Camacho discloses wherein the acts further comprise: receiving an additional authentication request initiated by an additional requesting application at and additional source network address, the additional authentication request including an additional authentication credential (McGeehan, paragraph 14, user logging into website); and in response to determining that the additional source network address of the additional authentication request is on a whitelist of authorized network addresses, validating the additional authentication credential to determine whether to grant access to data or services provided by a network resource provider (McGeehan, paragraph 29, list of safe netblocks, and paragraph 22, login and password information verified).
Regarding claim 10, the combination of McGeehan and Camacho discloses wherein the acts further comprise: determining from the greylist a percentage of network addresses in a specific block of network addresses that have been suspended; in response to the percentage of network addresses exceeding an additional percentage threshold, add the specific block of network addresses to the greylist; and in response to the percentage of network addresses not exceeding the additional percentage threshold, keeping remaining network addresses of the specific block that are not currently on the greylist off the greylist (McGeehan, paragraph 33, netblock unsafe if percentage of network addresses considered suspicious is above predefined threshold).
Regarding claim 11, the combination of McGeehan and Camacho discloses wherein the acts further comprise exporting the greylist to a third-party for the third-party to deny additional authentication requests from the suspended network addresses (McGeehan, paragraph 37, trusted third party provides information that netblock is not safe).
Regarding claim 12, McGeehan discloses a system, comprising: one or more processors; and memory having instructions stored therein, the instructions, when executed by the one or more processors, cause the one or more processors to perform acts comprising: calculating a number of successful authentications for a predetermined number of authentication requests that last originated from a source network address (paragraph 31, gathered historical data, and paragraph 33, session fails authentication); in response to determining that the number of successful authentications compares unfavorably to a threshold at the source network address, adding the source network address to a greylist of suspended network addresses (paragraph 30, list of bad locations, and paragraph 29, list of bad IPs, and paragraph 30, suspicious sessions exceed threshold); receiving an authentication request initiated by a requesting application, the authentication request including an authentication credential (paragraph 14, user logging into website); and in response to determining that the authentication request is initiated by the requesting application from the source network address included in the greylist of suspended network addresses, rejecting the authentication request without validating the authentication credential included in the authentication request (paragraph 25, if session illegitimate, immediately denied access); and in response to determining that the authentication request is initiated by the requesting application from another source network address that is absent from the greylist of suspended network addresses, validating the authentication credential to determine 
McGeehan does not explicitly state calculating a percentage of successful authentications, where the determining step assesses whether the percentage of successful authentications is less than a predetermined percentage threshold.  However, utilizing authentication histories in such a way was well known in the art as evidenced by Camacho.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of McGeehan by adding the ability for calculating a percentage of successful authentications, where the determining step assesses whether the percentage of successful authentications is less than a predetermined percentage threshold as provided by Camacho (see paragraph 96, percentage of time in past successful authentication has occurred, and paragraph 100, authentication score compared to business rules that specify threshold values to determine further processing).  One of ordinary skill in the art would have recognized the benefit that enhancing access techniques for shared resources would assist in protecting against unauthorized access that uses stolen account information (see Camacho, paragraph 12).
Regarding claim 14, the combination of McGeehan and Camacho discloses wherein the source network address includes an Internet Protocol (IP) address that is assigned to a user device hosting the requesting application (McGeehan, paragraph 20, internet protocol (IP) address).
Regarding claim 15, the combination of McGeehan and Camacho discloses wherein the acts further comprise: in response to determining that an additional source network address of an additional authentication request initiated by an additional requesting application is on a whitelist 
Regarding claim 17, the combination of McGeehan and Camacho discloses wherein the acts further comprise in response to determining that the percentage of successful authentications is equal to or greater than the predetermined percentage threshold, keeping the source network address off the greylist of suspended network addresses (McGeehan, paragraph 30, number of suspicious session not above threshold, and Camacho, paragraph 96, percentage of time in past successful authentication has occurred, and paragraph 100, authentication score compared to business rules that specify threshold values to determine further processing).

11.	Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over McGeehan in view of Camacho, further in view of Balasubramanian et al. (U.S. Patent Application Publication Number 2009/0245176), hereinafter referred to as Balasubramanian.
The combination of McGeehan and Camacho disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Balasubramanian disclosed techniques for managing blacklists and whitelists of devices.  Both systems are directed toward the managing of lists for access control.
Regarding claim 4, the combination of McGeehan and Camacho does not explicitly state wherein the acts further comprise removing the source network address from the greylist following an expiration of a predetermined time period.  However, managing device lists in such a way was well known in the art as evidenced by Balasubramanian.  Since the inventions 
Regarding claim 5, the combination of McGeehan and Camacho does not explicitly state wherein the adding the source network address includes: determining a number of times that the source network address has been previously added to the greylist of suspended network addresses; adding the source network address to the greylist for a random amount of time that is less than or equal to a predetermined time duration threshold following a determination that the number of times is less than or equal to a predetermined threshold number of times; and adding the source network address to the greylist for an extended period of time that is longer than the predetermined time duration threshold following a determination that the number of times is greater than the predetermined threshold number of times.  However, managing device lists in such a way was well known in the art as evidenced by Balasubramanian.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of McGeehan and Camacho by adding the ability that the adding the source network address includes: determining a number of times that the source network address has been previously added to the greylist of suspended network addresses; adding the source network address to the greylist for a random amount of time that is less than or equal to a predetermined time duration .

12.	Claims 13 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over McGeehan in view of Camacho, further in view of Toomim et al. (U.S. Patent Application Publication Number 2009/0288150), hereinafter referred to as Toomim.
The combination of McGeehan and Camacho disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Toomim disclosed techniques for controlling access to shared resources.  Both systems are directed toward the managing of lists for access control.
Regarding claim 13, the combination of McGeehan and Camacho does not explicitly state wherein the acts further comprise, while the source network address is on the greylist: receiving an account recovery request from the requesting application; and providing the requesting application with access to at least one of a user identifier recovery function or a password recovery function.  However, account recovery options were commonplace in access control systems as evidenced by Toomim.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing 
Regarding claim 16, the combination of McGeehan and Camacho does not explicitly state wherein the acts further comprise: receiving a subsequent authentication request initiated by an additional requesting application at an additional source network address; and in response to determining that the additional source network address of the subsequent authentication request is on the greylist of suspended network addresses, granting the additional requesting application access to a decoy interface.  However, utilizing a decoy in access control systems was well known in the art as evidenced by Toomim.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of McGeehan and Camacho by adding the ability that the acts further comprise: receiving a subsequent authentication request initiated by an additional requesting application at an additional source network address; and in response to determining that the additional source network address of the subsequent authentication request is on the greylist of suspended network addresses, granting the additional requesting application access to a decoy interface as provided by Toomim (see paragraph 196, blacklisted user shown dummy content).  One of ordinary skill in the art would have recognized the benefit .

13.	Claims 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over McGeehan in view of Balasubramanian, further in view of Aihara et al. (U.S. Patent Application Publication Number 2018/0262971), hereinafter referred to as Aihara.
The combination of McGeehan and Balasubramanian disclosed techniques for authentication based on the reputation of user locations.  In an analogous art, Aihara disclosed techniques for managing blacklists of devices.  Both systems are directed toward the managing of lists for access control.
Regarding claim 18, McGeehan discloses a computer-implemented method, comprising: determining from a greylist of suspended network addresses a percentage of network addresses in a specific block of network addresses that have been suspended (paragraph 33, percentage of network addresses considered suspicious), the specific block of network addresses including at least one network address that is currently on the greylist of suspended network addresses and one or more remaining network addresses that are not currently on the greylist of suspended network addresses (paragraph 33, reputations of individual network addresses within netblock); in response to the percentage of network addresses in the specific block that have been suspended exceeding a percentage threshold, adding the specific block of network addresses to the greylist of suspended network addresses (paragraph 33, netblock unsafe if percentage of network addresses considered suspicious is above predefined threshold); and in response to the percentage of network addresses not exceeding the percentage threshold, keeping the one or more remaining network addresses of the specific block that are not currently on the greylist of 
McGeehan does not explicitly state wherein adding the specific block sets an amount of suspension time that the at least one network address of the specific block currently has on the greylist to a new amount of suspension time.  However, managing device lists in such a way was well known in the art as evidenced by Balasubramanian.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of McGeehan by adding the ability that adding the specific block sets an amount of suspension time that the at least one network address of the specific block currently has on the greylist to a new amount of suspension time as provided by Balasubramanian (see paragraph 96, time for removing list entry).  One of ordinary skill in the art would have recognized the benefit that removing a device from a list would allow for re-evaluation of the device after a period of time (see Balasubramanian, paragraph 96).
The combination of McGeehan and Balasubramanian does not explicitly state that the setting is a resetting an amount of suspension time.  However, managing device lists in such a way was well known in the art as evidenced by Aihara.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of McGeehan and Balasubramanian by adding the ability that adding the specific block resets an amount of suspension time that the at least one network address of the specific block currently has on the greylist to a new amount of suspension time as provided by Aihara (see paragraph 153, modifies information on improper device with new blocking starting time).  One of ordinary skill in the art 
Regarding claim 19, the combination of McGeehan, Balasubramanian, and Aihara discloses wherein the specific block is a subnet of network addresses (McGeehan, paragraph 25, set of IP addresses grouped together).
Regarding claim 20, the combination of McGeehan, Balasubramanian, and Aihara discloses wherein, prior to the specific block of network addresses that includes the at least one network address being added to the greylist, an amount of suspension time that the at least one network address in the specific block of network addresses remains on the greylist is dependent on a number of times that the at least one network address was previously on the greylist (Balasubramanian, paragraph 96, time for removing list entry based on number of times device is added to list).

Response to Arguments
14.	In the remarks, the applicant has argued:
<Argument 1>
The combination of McGeehan and Camacho does not disclose the features of independent claim 1 because it does not disclose that the threshold is “at a source network address” as recited in claim 1.
<Argument 2>
Combining the teachings of McGeehan and Camacho would change the principle operation of McGeehan.
number of suspicious sessions against a threshold.  As such, it is maintained that one of ordinary skill in the art would have looked to Camacho to simply adjust McGeehan’s system to incorporate a percentage of suspicious sessions.  See the citations to Camacho in the above rejection.
16.	In response to argument 2, it is maintained that combining the teachings of McGeehan and Camacho would not change the principle operation of McGeehan.  The combination of references simply replaces McGeehan’s number of properly authenticated, legitimate sessions with Camacho’s percentage of properly authenticated, legitimate sessions.  Simply replacing the type of threshold analysis (total number versus percentage) in McGeehan would in no way change the system’s principle operation as the threshold analysis would still be carried out.  Regarding the applicant’s statements around “illegitimate activity” in McGeehan, it is noted that McGeehan explicitly ties the concept of legitimate or illegitimate to session attributes, such as location, and as such, the session does not need to first be established and active before 

Conclusion
17.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812.  The examiner can normally be reached on Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Victor Lesniewski/Primary Examiner, Art Unit 2493