Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
				DETAILED ACTION
Claims 1-20 are presented for examination.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-8, 11, 12, 15, 16, 19 and 20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Knecht et al., US Pub. No.20170359349.
As to claim 1, Knecht discloses a method to mitigate data from being compromised via an unauthorized API login event, comprising: 
storing in a database license attributes of a user license, user profile attributes, historical login attributes, and database content change attributes and receiving an API login request (recording the application usage, file history, file data, user information, and/or user behavior using the API scanner, see abstract, fig.1, [0048] to [0049]),
comparing features of the API login request to at least one of the database license attributes, user profile attributes, historical login attributes, and database content change attributes against a predetermined threshold (detecting and processing API user request, see [0049] to [0051]),
detecting whether the API login request is an unauthorized API login request based on a result of the comparison and in response to the API login request being detected as an unauthorized API login request, limiting unauthorized retrieval of data from the database  (implementing benchmark data analysis works to prohibit unauthorized access/downloading of data from cloud service, see [0052] to [0053]).As to claim 2, Knecht discloses the license attributes of the user license include at least one of a licensed device category, and a licensed IP address range (see [0040] to [0042]). As to claim 3, Knecht discloses the license attributes of the user license include a licensed geography of a device that makes the API login request (see [0040] to [0044]). As to claim 4, Knecht discloses the license attributes of the user license include a usage type for a device that makes the API login request, the usage type being one of a replication usage, proxy usage, or direct usage (resource usage, see [0040] to [0042]).
As to claim 5, Knecht discloses the restriction on at least one of a number of data records requested, or a period of time between data requests, or a period of time between data requests (see [0060] to [0062]).. As to claim 6, Knecht discloses the historical login attributes include for a particular licensed device that makes the API login request include an identification of the particular licensed device in the API login request (see [0050] to [0052]). As to claim 7, Knecht discloses the historical login attributes include, for a particular licensed device that makes the API login request, a client application fingerprint (see [0048] to [0050]). As to claim 8, Knecht discloses the client application fingerprint includes at least one of a historical timing between API request activity, a historical order of requests, and a combination of API request activity and order of requests (see [0062] and [0073]). As to claim 11, Knecht discloses the historical login attributes include, for a particular licensed device that is making the API login request, a cadence of past data requests performed via API activity (see [0050] to [0052]). As to claim 12, Knecht discloses wherein the cadence includes a recognized pattern of requested volumes over time (user behavioral patterns, see [0050]). As to claim 15, Knecht discloses the database license attributes include, for a particular licensed device that is making the API login request, a volume of requests performed via API activity (see [0050] to [0052]). As to claim 16, Knecht discloses the detecting includes comparing the number of requests in the API login request to a threshold, and in response to a determination that the API login request is more different than the threshold, generating an alert that the API login request requires mitigation activity to avoid a potential compromise of data in the database to an unauthorized device (see [0064] to [0070]). As to claim 17, Knecht discloses wherein the limiting includes at least one of determining that the detecting resulted in a false positive and placing an account associated with login credentials for the API login request on watch; determining that an API breach likely occurred and generating an alert message to database administrators to implement enhanced API risk mitigation steps; and locking down the account (blocking unusual account behavior, see [0052] to [0054]).
Claims 19 and 20 are rejected for the same reasons set forth in claims 1 and 1 respectively.
Allowable Subject Matter
Claims 9, 10, 13, 14 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
	The following is a statement of reasons for the indication of allowable subject matter:   None of the cited prior art discloses or teaches a method to mitigate data from being compromised via an unauthorized API login event, comprising a combination of: calculating a historical distribution of at least one attribute of the client application fingerprint, comparing the API login request to the historical distribution to determine whether attributes of the API login request are more different than a predetermined amount from a standard statistical behavior of client application footprint, and in response to a determination that the API login request is more different than the predetermined amount, generating an alert that the API login request requires mitigation activity to avoid a potential compromise of data in the database to an unauthorized device.                                                        Conclusion
6.     Any inquiry concerning this communication or earlier communications from the examiner should be directed to Khanh Dinh whose telephone number is (571) 272-3936. The examiner can normally be reached on Monday through Friday from 8:00 A.m. to 5:00 P.m.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kevin Bates, can be reached on (571) 272-3980.   The fax phone number for this group is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).


Any response to this action should be mailed to:
Commissioner for patents
P O Box 1450
Alexandria, VA 22313-1450




/KHANH Q DINH/               Primary Examiner, Art Unit 2458