DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This is in response to the communications filed on 11 March 2020.
2.  Claims 1-20 are pending in the application.
3.  Claims 1-6, 8-16 and 18-20 have been rejected.
4.  Claims 7 and 17 have been objected to.
Information Disclosure Statement
5.  The examiner has considered the information disclosure statement (IDS) filed on 11 March 2020.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


6.  Claims 8, 9, 18 and 19 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 8 and 18 recites the limitation "the session token" in the claim.  There is insufficient antecedent basis for this limitation in the claim.
Claims 9 and 19 recites the limitation "the organization" in the claim.  There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

7.  Claim(s) 1, 2, 5, 6, 11, 12, 15, 16 and 20 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hadler U.S. Patent No. 10,645,086 B1.
As to claim 1, Hadler discloses a computer implemented method for monitoring resource utilization, the method comprising: 
collecting samples of browser attributes from browsers used by authorized users to access a resource, wherein the samples are collected over a time interval (i.e. collecting data over periods of time) [column 3 line 59 to column 4 line 9]; 
for each of a plurality of users: 
determining statistics describing the browser attributes based on the collected samples for that user (i.e. gathered data is used for statistical modeling purposes) [column 3 line 59 to column 4 line 9]; 
receiving values of browser attributes for a new request received from a user (i.e. determined based on IP address) [column 3, lines 59-65]; 
for each browser attribute corresponding to the new request, determining a browser attribute score based on the received value of the browser attribute and the statistical distribution of the browser attribute for the user (i.e. adjusting the score) [column 4, lines 43-53]; 
aggregating the browser attribute scores for the plurality of browser attributes to determine a score indicating a likelihood that the new request was sent from a new client device different from the client devices used by the user during the time interval (i.e. computing the score) [column 5, lines 1-14]; and 
responsive to determining that the score indicates that the new request was sent by the new client device, requesting credentials for authenticating the request (i.e. requesting authentication) [column 5, lines 1-14]. 
As to claim 2, Hadler discloses the computer implemented method of claim 1, wherein the browser attributes comprise one or more of: an internet protocol (IP) address, a platform, a central processing unit (CPU) class, a platform, or plugins (i.e. criteria being IP address) [column 5, lines 24-43]. 
As to claim 5, Hadler discloses the computer implemented method of claim 1, wherein the browser attribute score for each browser attribute indicates a likelihood of occurrence of the received value of the browser attribute determined based on the statistics of the browser attribute (i.e. based on the computed score) [column 5, lines 15-23]. 
As to claim 6, Hadler discloses the computer implemented method of claim 1, wherein aggregating the browser attribute scores comprises determining a product of the browser attribute scores (i.e. multiplying) [column 6, lines 21-34]. 
As to claim 11, Hadler discloses a non-transitory computer readable storage medium for storing instructions that when executed by a computer processor cause the computer processor to perform steps for monitoring resource utilization, the steps comprising: 
collecting samples of browser attributes from browsers used by authorized users to access a resource, wherein the samples are collected over a time interval (i.e. collecting data over periods of time) [column 3 line 59 to column 4 line 9]; 
for each of a plurality of users: 
determining statistics describing the browser attributes based on the collected samples for that user (i.e. gathered data is used for statistical modeling purposes) [column 3 line 59 to column 4 line 9]; 
receiving values of browser attributes for a new request received from a user (i.e. determined based on IP address) [column 3, lines 59-65]; 
for each browser attribute corresponding to the new request, determining a browser attribute score based on the received value of the browser attribute and the statistical distribution of the browser attribute for the user (i.e. adjusting the score) [column 4, lines 43-53]; 
aggregating the browser attribute scores for the plurality of browser attributes to determine a score indicating a likelihood that the new request was sent from a new client device different from the client devices used by the user during the time interval (i.e. computing the score) [column 5, lines 1-14]; and 
responsive to determining that the score indicates that the new request was sent by the new client device, requesting credentials for authenticating the request (i.e. requesting authentication) [column 5, lines 1-14]. 
As to claim 12, Hadler discloses the non-transitory computer readable storage medium of claim 11, wherein the browser attributes comprise one or more of: an internet protocol (IP) address, a platform, a central processing unit (CPU) class, a platform, or plugins (i.e. criteria being IP address) [column 5, lines 24-43]. 
As to claim 15, Hadler discloses the non-transitory computer readable storage medium of claim 11, wherein the browser attribute score for each browser attribute indicates a likelihood of occurrence of the received value of the browser attribute determined based on the statistics of the browser attribute (i.e. based on the computed score) [column 5, lines 15-23]. 
As to claim 16, Hadler discloses the non-transitory computer readable storage medium of claim 11, wherein aggregating the browser attribute scores comprises determining a product of the browser attribute scores (i.e. multiplying) [column 6, lines 21-34]. 
As to claim 20, Hadler discloses a computer system comprising: 
a computer processor [column 2, lines 28-49]; and 
a non-transitory computer readable storage medium for storing instructions that when executed by a computer processor cause the computer processor to perform steps for monitoring resource utilization [column 2, lines 28-49], the steps comprising: 
collecting samples of browser attributes from browsers used by authorized users to access a resource, wherein the samples are collected over a time interval (i.e. collecting data over periods of time) [column 3 line 59 to column 4 line 9]; 
for each of a plurality of users: 
determining statistics describing the browser attributes based on the collected samples for that user (i.e. gathered data is used for statistical modeling purposes) [column 3 line 59 to column 4 line 9]; 
receiving values of browser attributes for a new request received from a user (i.e. determined based on IP address) [column 3, lines 59-65]; 
for each browser attribute corresponding to the new request, determining a browser attribute score based on the received value of the browser attribute and the statistical distribution of the browser attribute for the user (i.e. adjusting the score) [column 4, lines 43-53]; 
aggregating the browser attribute scores for the plurality of browser attributes to determine a score indicating a likelihood that the new request was sent from a new client device different from the client devices used by the user during the time interval (i.e. computing the score) [column 5, lines 1-14]; and 
responsive to determining that the score indicates that the new request was sent by the new client device, requesting credentials for authenticating the request (i.e. requesting authentication) [column 5, lines 1-14]. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
8.  Claims 3 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hadler U.S. Patent No. 10,645,086 B1 as applied to claims 1 and 11 above, and further in view of Dou US 2015/0269129 A1.
As to claim 3, Hadler does not teach the computer implemented method of claim 1, wherein the statistics describing a browser attribute comprise, for each distinct value of the browser attribute, a measure of frequency of occurrence of the distinct value in the samples of browser attributes. 
Dou teaches that the statistics describing a browser attribute comprise, for each distinct value of the browser attribute, a measure of frequency of occurrence of the distinct value in the samples of browser attributes (i.e. frequency of value in the browser) [0048]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that the statistics describing a browser attribute comprised, for each distinct value of the browser attribute, a measure of frequency of occurrence of the distinct value in the samples of browser attributes. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Dou because it makes adding a bookmark quicker and easier [0018].
As to claim 13, Hadler does not teach the non-transitory computer readable storage medium of claim 11, wherein the statistics describing a browser attribute comprise, for each distinct value of the browser attribute, a measure of frequency of occurrence of the distinct value in the samples of browser attributes. 
Dou teaches that the statistics describing a browser attribute comprise, for each distinct value of the browser attribute, a measure of frequency of occurrence of the distinct value in the samples of browser attributes (i.e. frequency of value in the browser) [0048]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that the statistics describing a browser attribute comprised, for each distinct value of the browser attribute, a measure of frequency of occurrence of the distinct value in the samples of browser attributes. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Dou because it makes adding a bookmark quicker and easier [0018].
9.  Claims 4 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hadler U.S. Patent No. 10,645,086 B1 as applied to claims 1 and 11 above, and further in view of Fermum et al U.S. Patent No. 10,134,159 A1 (hereinafter Fermum).
As to claim 4, Hadler does not teach the computer implemented method of claim 1, wherein the statistics describing a browser attribute comprises, a measure frequency of occurrence of each of a plurality of ranges of values of the browser attribute. 
Fermum teaches that the statistics describing a browser attribute comprises, a measure frequency of occurrence of each of a plurality of ranges of values of the browser attribute (i.e. frequencies of different possible values for the browser) [column 8, lines 25-37].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that the statistics describing a browser attribute would have comprised, a measure frequency of occurrence of each of a plurality of ranges of values of the browser attribute.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Fermum because it improves the flexibility and ease of use of data visualization tools [column 1, lines 39-41].
As to claim 14, Hadler does not teach the non-transitory computer readable storage medium of claim 11, wherein the statistics describing a browser attribute comprises, a measure frequency of occurrence of each of a plurality of ranges of values of the browser attribute. 
Fermum teaches that the statistics describing a browser attribute comprises, a measure frequency of occurrence of each of a plurality of ranges of values of the browser attribute (i.e. frequencies of different possible values for the browser) [column 8, lines 25-37].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that the statistics describing a browser attribute would have comprised, a measure frequency of occurrence of each of a plurality of ranges of values of the browser attribute.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Fermum because it improves the flexibility and ease of use of data visualization tools [column 1, lines 39-41].
10.  Claims 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hadler U.S. Patent No. 10,645,086 B1 as applied to claims 1 and 11 above, and further in view of Ting et al US 2016/0142443 A1 (hereinafter Ting).
As to claim 8, Hadler does not teach the computer implemented method of claim 1, wherein the mitigation action comprises one or more of: 
invalidating the session token; 
requiring user to re-authenticate; or 
logging user out. 
Ting teaches requiring the user to re-authenticate [0026].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that the mitigation action would have comprised requiring the user to re-authenticate.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Ting because it helps keep or promote a higher level of confidence for authentication [0026].
As to claim 18, Hadler does not teach the non-transitory computer readable storage medium of claim 11, wherein the mitigation action comprises one or more of: 
invalidating the session token; 
requiring user to re-authenticate; or 
logging user out. 
Ting teaches requiring the user to re-authenticate [0026].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that the mitigation action would have comprised requiring the user to re-authenticate.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Ting because it helps keep or promote a higher level of confidence for authentication [0026].
11.  Claims 9 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hadler U.S. Patent No. 10,645,086 B1 as applied to claims 1 and 11 above, and further in view of Puertas Calvo et al US 2020/0412717 A1 (hereinafter Puertas Calvo).
As to claim 9, Hadler does not teach determining that the browser that provided the browser attributes is from the organization of the user, the determining based on values of one or more browser attributes including: internet protocol (IP) address or autonomous system number (ASN).  Hadler does not teach wherein unauthorized resource utilization is detected responsive to determining that the browser that provided the browser attributes is from the organization of the user. 
Puertas Calvo teaches determining that the browser that provided the browser attributes is from the organization of the user, the determining based on values of one or more browser attributes including: internet protocol (IP) address or autonomous system number (ASN) (i.e. based on IP address) [0028].  Puertas Calvo teaches wherein unauthorized resource utilization is detected responsive to determining that the browser that provided the browser attributes is from the organization of the user (i.e. the organization that owns the IP) [0028]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that it would have been determined that the browser that provided the browser attributes was from the organization of the user, the determining would have been based on values of one or more browser attributes including: internet protocol (IP) address or autonomous system number (ASN).  Unauthorized resource utilization would have been detected responsive to determining that the browser that provided the browser attributes was from the organization of the user. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Puertas Calvo because it helps provide faster offline detection of compromised authentication credentials [0002].
As to claim 19, Hadler does not teach determining that the browser that provided the browser attributes is from the organization of the user, the determining based on values of one or more browser attributes including: internet protocol (IP) address or autonomous system number (ASN).  Hadler does not teach wherein unauthorized resource utilization is detected responsive to determining that the browser that provided the browser attributes is from the organization of the user. 
Puertas Calvo teaches determining that the browser that provided the browser attributes is from the organization of the user, the determining based on values of one or more browser attributes including: internet protocol (IP) address or autonomous system number (ASN) (i.e. based on IP address) [0028].  Puertas Calvo teaches wherein unauthorized resource utilization is detected responsive to determining that the browser that provided the browser attributes is from the organization of the user (i.e. the organization that owns the IP) [0028]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that it would have been determined that the browser that provided the browser attributes was from the organization of the user, the determining would have been based on values of one or more browser attributes including: internet protocol (IP) address or autonomous system number (ASN).  Unauthorized resource utilization would have been detected responsive to determining that the browser that provided the browser attributes was from the organization of the user. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Puertas Calvo because it helps provide faster offline detection of compromised authentication credentials [0002].
12.  Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hadler U.S. Patent No. 10,645,086 B1 as applied to claim 1 above, and further in view of Thayer US 2018/0278725 A1.
As to claim 10, Hadler does not teach the computer implemented method of claim 1, wherein the online system is a multi-tenant system, further comprising: 
determining that the received browser attributes are from a browser of the tenant of the user. 
Thayer teaches determining that the received browser attributes are from a browser of the tenant of the user (i.e. browser through which the tenant user computing device operates as a client device) [0025].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler so that it would have been determined that the received browser attributes were from a browser of the tenant of the user. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Hadler by the teaching of Thayer because it helps convert single-tenant application for multi-tenant user [0001].
Allowable Subject Matter
13.  Claims 7 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
As to claim 7, the prior art does not disclose, teach or fairly suggest the computer implemented method of claim 1, wherein aggregating the browser attribute scores comprises assigning higher weight to browser attributes representing (1) platform of the client device running the browser or (2) CPU Class of the client device running the browser compared to browser attributes representing (1) user agent of the browser or (2) plugins of the browser. 
As to claim 17, the prior art does not disclose, teach or fairly suggest the non-transitory computer readable storage medium of claim 11, wherein aggregating the browser attribute scores comprises assigning higher weight to browser attributes representing (1) platform of the client device running the browser or (2) CPU Class of the client device running the browser compared to browser attributes representing (1) user agent of the browser or (2) plugins of the browser. 
Relevant Prior Art
14.  The following references have been considered relevant by the examiner:
A.  Shaw et al U.S. Patent No. 10,387,911 B1 directed to detecting suspicious activity in connection with advertisement impressions [abstract].
B.  Jackson et al US 2018/0288060 A1 directed to computer security and, more specifically, to multi-factor authentication [0001].
C.  Estrada US 2009/0006577 A1 directed to tracking statistics related to a container of data [abstract].
Conclusion
15.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793.  The examiner can normally be reached on M-F 7:30-7:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ARAVIND K MOORTHY/            Primary Examiner, Art Unit 2492