DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to amendment filed on 9/3/2021.  Claims 1, 8, and 15 have been amended by the Applicant. Claims 1-20 have been examined.  This office action is Final.

Response to Amendments
Applicant’s arguments, see REM, filed 9/3/2021, with respect to the rejection(s) of claim(s) under Rane (2010/0185870) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of NECHYTAYLO et al (2015/0128233).
On pages 8-9, the Applicant states that the double patenting rejection be held in abeyance until the claims are determined to be allowable.  Therefore, the Examiner has maintained the non-statutory double patenting rejection with rationale listed below in the office action.  The Applicant is urged to filed the electronic terminal disclaimer to further compact prosecution.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrinegrounded in public policy (a policy reflected in the statute) so as to prevent the unjustified orimproper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). " ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). 
      All limitations recited in claims 1-14, and 16-20 of the instant application are encompassed by limitations recited in claims 1-14, and 16-20 respectively of Patent no. 10,530,807.
     Claim 15 of 10,530,807 patent does not disclose the following limitation(s), U.S. Patent No. 8,862,551 (“Lim”) discloses the following limitation(s):
determine a travel time between two physical locations determined based on a first location reference in the list and a second location reference in the list; determination that the travel time exceeds a travel time threshold (Lim: col. 3, lines 5-32, col. 97, lines 1-28, col. 99, lines 7-30, determine a travel time between two locations, calculates a travel time based on the distance between two locations and uses a threshold).
The Supreme Court in KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d 1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness which are consistent with the proper “functional approach” to the determination of obviousness as laid down in Graham. One such rational given by the Supreme Court and that may relied upon 
The 10,530,807 patent discloses all the structural elements of the claimed computer-implemented method except for determine a travel time between two physical locations determined based on a first location reference in the list and a second location reference in the list; determination that the travel time exceeds a travel time threshold, which is disclosed in Lim. 
Thus, one of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated, to update the system of the ‘807’ patent with the system/method of determine a travel time between two physical locations determined based on a first location reference in the list and a second location reference in the list; determination that the travel time exceeds a travel time threshold in Lim and thereby gaining, predictably, the benefits of detects information fraud by analyzing activity data to detect behavioral patterns and anomalies (Lim: col. 98, lines 18-20). 

     All limitations recited in claims 3-7, 10-15, and 17-20 of the instant application are encompassed by limitations recited in claims 3-7, 10-15, and 17-20 respectively of Patent no. 10,270,801.
     The 10,270,801 patent discloses all the structural elements of the claimed computer-implemented method/system except a first account identifier in the list is different than a second account identifier in the list; determine a first location reference in the list and a second location reference in the list are indicative of a same location; and a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login 
attempts for a predefined duration based on one or more temporal references in the list.
Claims 1 and 8 of 10,270,801 patent does not disclose the following limitation(s), U.S. Patent Publication No. (2016/0173485) (“Popoveniuc et al”) discloses the following limitation(s):
     a first account identifier in the list is different than a second account identifier in the list (Popoveniuc: See Fig. 3, Account1-Account 8 (i.e. discloses several different account identifiers, this includes a first and second account identifier that are different in the list).  
     Thus, one of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated, to update the system/method of the ‘801’ patent thereby gaining, predictably, by differentiating between malicious activity and some form of inadvertent activity that poses no actual threat it becomes possible to set more sensitive thresholds to lock out malicious password guessing more quickly (Popoveniuc: para. 0011).

     Claims 1 and 8 of 10,270,801 patent does not disclose the following limitation(s), U.S. Patent Publication No .(2016/0197907) (“Bajenov et al”) discloses the following limitation(s):
determine a first location reference in the list and a second location reference in the list are indicative of a same location (Bajenov: See Fig. 4, para. 0014, 0033, 0043, determining whether attempts to access multiple user accounts for a single source location (i.e. common source location (i.e. same/identical location) in the list, thus the Examiner asserts that multiple attempts includes at least two, first location reference and second location reference in the list are indicative of a same location); and a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list (Bajenov: para. 0033, 0043, a number of generate records in the list of compromised logins (i.e. failed login attempts) for a predefined duration based on one or more temporal references (i.e. frequency of submissions, time of day at which the submissions are received or interval between submissions originating from a source location; discloses receives multiple sets of login information from a single source location over a relatively short period of time).
The Supreme Court in KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d 1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness which are consistent with the proper “functional approach” to the determination of obviousness as laid down in Graham. One such rational given by the Supreme Court and that may relied upon to support a conclusion of obviousness included: “combining prior art elements according to known methods to yield predictable results”. 
Thus, one of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated, to update the system/method of the ‘801’ patent with the system/method of Bajenov to include determine a first location reference in the list and a second location reference in the list are indicative of a same location, and a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list and thereby gaining, predictably, the integrity of websites and user accounts can be maintained, thereby, limiting security breaches (Bajenov: para. 0004, 0013).





Application 16/734,630
Patent 10,530,807
Patent 10,270,801
1.    A computer-implemented method, comprising: 

obtaining a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts;
determining that:


a first location reference in the list and a second location reference in the list are indicative of a same location,
a first account identifier in the list associated with the first location reference is different than a second account identifier in the list associated with the second location reference, and
a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list;
based on the determination, modifying a password blacklist to include a first piece of password data; and

upon receiving a new password submitted by a user for adoption in association with an account identifier associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist. 


2.    The computer-implemented method of claim 1, comprising determining that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country.



3.    The computer-implemented method of claim 1, comprising determining that two or more account identifiers in the list are identical.



4.    The computer-implemented method of claim 1, comprising; determining a defined suspicious pattern of activity type; and, the method comprising: modifying the password blacklist to include a reference to the defined suspicious pattern of activity type.


5.    The computer-implemented method of claim 1, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

6.    The computer-implemented method of claim 1, wherein each corresponding temporal reference in the list includes a timestamp associated with one of the plurality of detected failed login attempts.

7.    The computer-implemented method of claim 1, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.

8.    A non-transitory computer-readable medium storing instructions that, when executed, cause performance of operations comprising: obtaining a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts;
determining that a first account identifier in the list is identical to a second account identifier in the list, that a first piece of password data in the list is different than a second piece of password data in the list, and that a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list;
based on the determination, modifying a password blacklist to include the first piece of password data; and
employing the password blacklist to prevent an adoption association of the first piece of password data in association with at least one account identifier associated with the password blacklist.











9.    The non-transitory computer-readable medium of claim 8, the operations determining that a first location reference is associated with a first country and a second location reference is associated with a second country different than the first country.




10.    The non-transitory computer-readable medium of claim 8, the operations comprising determining that two or more account identifiers in the list are identical.



11.    The non-transitory computer-readable medium of claim 8, the operations comprising:
determining on a defined suspicious pattern of activity type; and,  
modifying the password blacklist to include a reference to the defined suspicious pattern of activity type.


12.    The non-transitory computer-readable medium of claim 8, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

13.    The non-transitory computer-readable medium of claim 8, wherein each corresponding temporal reference in the list includes a timestamp associated with one of the plurality of detected failed login attempts.

14.    The non-transitory computer-readable medium of claim 8, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.
15.    A system comprising: a hardware processor; and
memory storing instructions that, when executed by the hardware processor, cause the hardware processor to:
obtain a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts;
determine a travel time between two physical locations determined based on a first location reference in the list and a second location reference in the list, 
based on a determination that the travel time exceeds a travel time threshold, modify a password blacklist to include a first piece of password data; and employ the password blacklist to prevent an association of the first piece of password data with at least one account identifier associated with the password blacklist.
















16.    The system of claim 15, the instructions, when executed by the hardware processor, causing the hardware processor to determine that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country.


17.    The system of claim 15, the instructions, when executed by the hardware processor, causing the hardware processor to determine that two or more account identifiers in the list are identical.




18.    The system of claim 15, the instructions, when executed by the hardware processor, causing the hardware processor to:

determine a defined suspicious pattern of activity type; and
modify the password blacklist to include a reference to the defined suspicious pattern of activity type.


19.    The system of claim 15, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

20.    The system of claim 15, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.

1. A computer-implemented method, comprising: 

obtaining a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts; determining that 



a first location reference in the list is identical to a second location reference in the list, that a first account identifier in the list is different than a second account identifier in the list, and that a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list; selecting a password blacklist from a plurality of password blacklists based on a determination that an average travel time between two physical locations determined based on the first location reference and the second location reference exceeds a calculated duration between two or more temporal references in the list; modifying the password blacklist to include a first piece of password data; and employing the password blacklist to prevent an association of the first piece of password data with at least one account identifier associated with the password blacklist.





2. The computer-implemented method of claim 1, the selecting the password blacklist from the plurality of password blacklists based on a determination that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country.

3. The computer-implemented method of claim 1, the selecting the password blacklist from the plurality of password blacklists based on a determination that two or more account identifiers in the list are identical.

4. The computer-implemented method of claim 1, the selecting the password blacklist from the plurality of password blacklists based on a defined suspicious pattern of activity type, the method comprising: modifying the password blacklist to include a reference to the defined suspicious pattern of activity type.

5. The computer-implemented method of claim 1, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts
.
6. The computer-implemented method of claim 1, wherein each corresponding temporal reference in the list includes a timestamp associated with one of the plurality of detected failed login attempts

7. The computer-implemented method of claim 1, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.

8. A non-transitory computer-readable medium storing instructions that, when executed, cause performance of operations comprising: obtaining a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts; determining that a first account identifier in the list is identical to a second account identifier in the list, that a first piece of password data in the list is different than a second piece of password data in the list, and that a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list; selecting a password blacklist from a plurality of password blacklists based on a determination that an average travel time between two physical locations determined based on a first location reference and a second location reference exceeds a calculated duration between two or more temporal references in the list; modifying the password blacklist to include the first piece of password data; and employing the password blacklist to prevent an association of the first piece of password data with at least one account identifier associated with the password blacklist.

9. The non-transitory computer-readable medium of claim 8, the selecting the password blacklist from the plurality of password blacklists based on a determination that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country.

10. The non-transitory computer-readable medium of claim 8, the selecting the password blacklist from the plurality of password blacklists based on a determination that two or more account identifiers in the list are identical.

11. The non-transitory computer-readable medium of claim 8, the selecting the password blacklist from the plurality of password blacklists based on a defined suspicious pattern of activity type, the operations comprising: modifying the password blacklist to include a reference to the defined suspicious pattern of activity type.

12. The non-transitory computer-readable medium of claim 8, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

13. The non-transitory computer-readable medium of claim 8, wherein each corresponding temporal reference in the list includes a timestamp associated with one of the plurality of detected failed login attempts.

14. The non-transitory computer-readable medium of claim 8, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.
15. A system comprising: a processor; and a computer-readable medium storing instructions that, when executed by the processor, cause the processor to: obtain a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts; determine that a first account identifier in the list is identical to a second account identifier in the list, that a first location reference in the list is different than a second location reference in the list, and that a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list; select a password blacklist from a plurality of password blacklists based on a determination that an average travel time between two physical locations determined based on the first location reference and the second location reference exceeds a calculated duration between two or more temporal references in the list; modify the password blacklist to include a first piece of password data; and employ the password blacklist to prevent an association of the first piece of password data with at least one account identifier associated with the password blacklist.

16. The system of claim 15, the selecting the password blacklist from the plurality of password blacklists based on a determination that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country.


17. The system of claim 15, the selecting the password blacklist from the plurality of password blacklists based on a determination that two or more account identifiers in the list are identical.




18. The system of claim 15, the selecting the password blacklist from the plurality of password blacklists based on a defined suspicious pattern of activity type, the computer-readable medium storing instructions that, when executed by the processor, cause the processor to: modify the password blacklist to include a reference to the defined suspicious pattern of activity type.

19. The system of claim 15, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

20. The system of claim 15, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.
1. A computer-implemented method, comprising: 

obtaining, by a computing device, a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts; determining, by the computing device, that a first piece of password data in the list is identical to a second piece of password data in the list, and that 

a first location reference in the list is different than a second location reference in the list, wherein the first location reference and the second location reference are included in a pair of records in the list and are sequentially-ordered based on two or more temporal references in the list; based on the determination, accessing, by the computing device, a publicly-available travel resource to identify an average travel time between two physical locations determined based on the first location reference and the second location reference; modifying, by the computing device, a password blacklist to include the first piece of password data based on a determination that the average travel time exceeds a calculated duration between the two or more temporal references; and employing, by the computing device, the password blacklist to prevent an association of the first piece of password data with at least one account identifier associated with the password blacklist.



2. The computer-implemented method of claim 1, comprising selecting the password blacklist from a plurality of password blacklists based on the determination that the average travel time exceeds the calculated duration between the two or more temporal references.



3. The computer-implemented method of claim 1, comprising selecting the password blacklist from a plurality of password blacklists based on a determination that two or more account identifiers in the list are identical.

4. The computer-implemented method of claim 1, comprising: selecting the password blacklist from a plurality of password blacklists based on a defined suspicious pattern of activity type; and modifying the password blacklist to include a reference to the defined suspicious pattern of activity type.

5. The computer-implemented method of claim 1, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

6. The computer-implemented method of claim 1, wherein each corresponding temporal reference in the list includes a timestamp associated with one of the plurality of detected failed login attempts.

7. The computer-implemented method of claim 1, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.


8. A non-transitory computer-readable medium storing instructions that, when executed, cause performance of operations comprising: obtaining a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts; determining that a first piece of password data in the list is identical to a second piece of password data in the list, and that a first location reference in the list is different than a second location reference in the list, wherein the first location reference and the second location reference are included in a pair of records in the list and are sequentially-ordered based on two or more temporal references in the list; based on the determination, accessing a publicly-available travel resource to identify an average travel time between two physical locations determined based on the first location reference and the second location reference; modifying a password blacklist to include the first piece of password data based on a determination that the average travel time exceeds a calculated duration between the two or more temporal references; and employing the password blacklist to prevent an association of the first piece of password data with at least one account identifier associated with the password blacklist.

9. The non-transitory computer-readable medium of claim 8, the operations comprising selecting the password blacklist from a plurality of password blacklists based on the determination that the average travel time exceeds the calculated duration between the two or more temporal references.



10. The non-transitory computer-readable medium of claim 8, the operations comprising selecting the password blacklist from a plurality of password blacklists based on a determination that two or more account identifiers in the list are identical.

11. The non-transitory computer-readable medium of claim 8, the operations comprising: selecting the password blacklist from a plurality of password blacklists based on a defined suspicious pattern of activity type; and modifying the password blacklist to include a reference to the defined suspicious pattern of activity type.


12. The non-transitory computer-readable medium of claim 8, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

13. The non-transitory computer-readable medium of claim 8, wherein each corresponding temporal reference in the list includes a timestamp associated with one of the plurality of detected failed login attempts.


14. The non-transitory computer-readable medium of claim 8, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.

15. A system comprising: a processor; and a computer-readable medium storing instructions that, when executed by the processor, cause the processor to: obtain a list that includes a record generated for each of a plurality of detected failed login attempts, each record including a corresponding account identifier, a corresponding piece of password data, a corresponding location reference, and a corresponding temporal reference associated with one of the plurality of detected failed login attempts; determine that a first piece of password data in the list is identical to a second piece of password data in the list, and that a first location reference in the list is different than a second location reference in the list, wherein the first location reference and the second location reference are included in a pair of records in the list and are sequentially-ordered based on two or more temporal references in the list; based on the determination, access a publicly-available travel resource to identify an average travel time between two physical locations determined based on the first location reference and the second location reference; modify a password blacklist to include the first piece of password data based on a determination that the average travel time exceeds a calculated duration between the two or more temporal references; and employ the password blacklist to prevent an association of the first piece of password data with at least one account identifier associated with the password blacklist.

16. The system of claim 15, the computer-readable medium storing instructions that, when executed by the processor, cause the processor to select the password blacklist from a plurality of password blacklists based on the determination that the average travel time exceeds the calculated duration between the two or more temporal references.

17. The system of claim 15, the computer-readable medium storing instructions that, when executed by the processor, cause the processor to select the password blacklist from a plurality of password blacklists based on a determination that two or more account identifiers in the list are identical.

18. The system of claim 15, the computer-readable medium storing instructions that, when executed by the processor, cause the processor to: select the password blacklist from a plurality of password blacklists based on a defined suspicious pattern of activity type; and modify the password blacklist to include a reference to the defined suspicious pattern of activity type.

19. The system of claim 15, wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts.

20. The system of claim 15, wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 3-8, and 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Popoveniuc et al (2016/0173485) and in view of Bajenov et al (2016/0197907), and further in view of Nechytaylo et al (2015/0128233).
As per claim 1, Popoveniuc discloses a computer-implemented method, comprising: 
obtaining a list that includes a record generated for each of a plurality of detected failed login attempts (Popoveniuc: See Fig. 2 and Fig. 3, obtaining a list (#300) that includes a record (#312a-312i) for each of a plurality of detected failed login attempts), each record including a corresponding account identifier (Popoveniuc: para. 0041-0042, 0055, See Fig. 2, account identifier #214a-214b, 214d-214i, See Fig. 3, acccount1-account8), a corresponding piece of password data (Popoveniuc: para. 0043, 0059, See Fig. 2 #204 attempted credential (i.e. piece of password data); See Fig. 3 attempted credential #302 (i.e. piece of password data), and a corresponding temporal reference associated with one of the plurality of detected failed login attempts (Popoveniuc: para. 0044, 0053, 0056, 0059, See Fig. 2 #206 Timestamp (i.e. temporal reference), See Fig. 3 #306 Timestamp (i.e. temporal reference)); that a first account identifier in the list is different than a second account identifier in the list (Popoveniuc: See Fig. 3, Account1-Account 8 (i.e. discloses several different account identifiers, this includes a first and second account identifier that are different in the list).
Popoveniuc does not explicitly disclose a record includes a corresponding location reference; determining that a first location reference in the list and a second location reference in the list are indicative of a same location, and that a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list.
However, in analogous art of Bajenov discloses a record includes a corresponding location reference (Bajenov: 0005, 0014, record includes a source location (i.e. location reference));
determining that a first location reference in the list and a second location reference in the list are indicative of a same location (Bajenov: See Fig. 4, para. 0014, 0033, 0043, determining whether attempts to access multiple user accounts for a single source location (i.e. common source location (i.e. same/identical location) in the list, thus the Examiner asserts that multiple attempts includes at least two, first location reference and second location reference in the list are indicative of a same location), and that a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list (Bajenov: para. 0033, 0043, a number of generate records in the list of compromised logins (i.e. failed login attempts) for a predefined duration based on one or more temporal references (i.e. frequency of submissions, time of day at which the submissions are received or interval between submissions originating from a source location; discloses receives multiple sets of login information from a single source location over a relatively short period of time).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include a record includes a corresponding location reference; determining that a first location reference in the list and a second location reference in the list are indicative of a same location, and that a number of generated records in the list that are indicative of the same location exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list of Bajenov with the method of Popoveniuc, the motivation is that integrity of websites and user accounts can be maintained, thereby, limiting security breaches (Bajenov: para. 0004, 0013).
Bajenov and Popoveniuc does not explicitly disclose modifying a password blacklist to include a first piece of password data; and upon receiving a new password submitted by a user for adoption in associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist.  
However, in analogous art of Nechytaylo discloses modifying a password blacklist to include a first piece of password data (Nechytaylo: see abstract, para. 0105, modifying a password blacklist to include a vector (i.e. first piece of password data), the gesture based password is converting the password to a vector and forwards the vector to the blacklist server); and upon receiving a new password submitted by a user for adoption in associated with the password blacklist (Nechytaylo: para. 0082, user selects a new password submits by the new password for adoption), employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password (Nechytaylo: para. 0109-0110, 0127, employing the blacklist to prevent adoption of the new password (i.e. new gesture password)). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modifying a password blacklist to include a first piece of password data; and upon receiving a new password submitted by a user for adoption in associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist of Nechytaylo with the method of Popoveniuc-Bajenov that includes associating passwords with account identifiers, the motivation is that this is an efficient security measure that prevents users from choosing passwords that are common or easy for a third party to determine (Nechytaylo: para. 0004). 
As per claim 3, Popoveniuc, Bajenov, and Nechytaylo disclose the computer-implemented method of claim 1.  Popoveniuc discloses comprising determining that two or more account identifiers in the list are identical (Popoveniuc: See Fig. 2, #214a-214b, #214d-#214h, account identifier the same (i.e. Account1).
As per claim 4, Popoveniuc, Bajenov, and Nechytaylo disclose the computer-implemented method of claim 1.
           The combination of Bajenov and Nechytaylo further discloses determining a defined suspicious pattern of activity type (Bajenov: para. 0007, 0010, determining a defined suspicious pattern of activity type (i.e. suspicious characteristics of the source location being the same source); and modifying the password blacklist (Nechytaylo: see abstract, para. 0105, modifying a password blacklist to include a vector (i.e. first piece of password data), the gesture based password is converting the password to a vector and forwards the vector to the blacklist server) (i.e. Bajenov: para. 0027, modifying the suspicious login information database to identify by using word suspicious, the suspicious pattern of activity type is source location), 
Same motivation as claim 1.

As per claim 5, Popoveniuc, Bajenov, and Nechytaylo disclose the computer-implemented method of claim 1.
Popoveniuc does not explicitly disclose wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts. 
However, in analogous art of Bajenov discloses wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts (Bajenov: para. 0019, 0033, network address (i.e. IP address)). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts of Bajenov with Popoveniuc, and Nechytaylo, the motivation is that this is an efficient security measure of determining if a malicious party is making multiple attempts from same source location using same IP address (Bajenov: para. 0033).

As per claim 6, Popoveniuc, Bajenov, and Nechytaylo disclose the computer-implemented method of claim 1.  Popoveniuc further discloses wherein each corresponding temporal reference in the list includes a timestamp associated with one of the plurality of detected failed login attempts (Popoveniuc: See Figs. 2-3, fig. 2 #206 timestamp, fig. 3 #306,  para. 0048-0049, 0053, 0056, 0059). 

As per claim 7, Popoveniuc, Bajenov, and Nechytaylo disclose the computer-implemented method of claim 1.  Popoveniuc further discloses wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts (Popoveniuc: para. 0028, 0034-0035, password hash).

           As per claim 8, Popoveniuc discloses a non-transitory computer-readable medium storing instructions that, when executed, cause performance of operations comprising: 
obtaining a list that includes a record generated for each of a plurality of detected failed login attempts (Popoveniuc: See Fig. 2 and Fig. 3, obtaining a list (#300) that includes a record (#312a-312i) for each of a plurality of detected failed login attempts), each record including a corresponding account identifier (Popoveniuc: para. 0041-0042, 0055, See Fig. 2, account identifier #214a-214b, 214d-214i, See Fig. 3, acccount1-account8), a corresponding piece of password data (Popoveniuc: para. 0043, 0059, See Fig. 2 #204 attempted credential (i.e. piece of password data); See Fig. 3 attempted credential #302 (i.e. piece of password data), and a corresponding temporal reference associated with one of the plurality of detected failed login attempts (Popoveniuc: para. 0044, 0053, 0056, 0059, See Fig. 2 #206 Timestamp (i.e. temporal reference), See Fig. 3 #306 Timestamp (i.e. temporal reference)); 
(Popoveniuc: See Fig. 2 #202 Account, Account identifier #214a-214b), that a first piece of password data in the list is different than a second piece of password data in the list (Popoveniuc: See Fig. 2, #204 Attempted Credential). 
Popoveniuc does not explicitly disclose that a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list; based on the determination.
 However, in analogous art of Bajenov, discloses that a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list (Bajenov: para. 0033, 0043, a number of generate records in the list of compromised logins (i.e. failed login attempts) for a predefined duration based on one or more temporal references (i.e. frequency of submissions, time of day at which the submissions are received or interval between submissions originating from a source location; discloses receives multiple sets of login information from a single source location over a relatively short period of time). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include that a number of generated records in the list exceeds a predefined threshold of failed login attempts for a predefined duration based on one or more temporal references in the list; based on the determination of Bajenov with the method of Popoveniuc, the motivation is that integrity of websites and user accounts can be maintained, thereby, limiting security breaches (Bajenov: para. 0004, 0013).
Popoveniuc and Bajenov does not explicitly disclose modifying a password blacklist to include a first piece of password data; and upon receiving a new password submitted by a user 
However, in analogous art of Nechytaylo discloses modifying a password blacklist to include a first piece of password data (Nechytaylo: see abstract, para. 0105, modifying a password blacklist to include a vector (i.e. first piece of password data), the gesture based password is converting the password to a vector and forwards the vector to the blacklist server); and upon receiving a new password submitted by a user for adoption in associated with the password blacklist (Nechytaylo: para. 0082, user selects a new password submits by the new password for adoption), employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist (Nechytaylo: para. 0109-0110, 0127, employing the blacklist to prevent adoption of the new password (i.e. new gesture password)). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to disclose modifying a password blacklist to include a first piece of password data; and upon receiving a new password submitted by a user for adoption in associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist of Nechytaylo with the method of Popoveniuc-Bajenov that includes associating passwords with account identifiers, the motivation is that this is an efficient security measure that prevents users from choosing passwords that are common or easy for a third party to determine (Nechytaylo: para. 0004). 
As per claims 10-14, rejected under similar scope as claims 3-7 respectively.

Claims 2 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Popoveniuc et al (2016/0173485) and in view of Bajenov et al (2016/0197907), and in view of Nechytaylo et al (2015/0128233), and further in view of Lim (8,862,551).

As per claim 2, Popoveniuc, Bajenov, and Nechytaylo disclose the computer-implemented method of claim 1. 
Popoveniuc, Bajenov, and Nechytaylo do not explicitly disclose determining that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country.
However, in analogous art of Lim, discloses determining that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country (Lim: col. 96, lines 45-48, and table below: shows Dennis Host location in San Jose which is in CA and CA is in US (United States), and London which is a different country).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include determining that the first location reference is associated with a first country and the second location reference is associated with a second country different than the first country of Lim with the system/method of Popoveniuc-Bajenov-Nechytaylo, the motivation is that this is an efficient method that detects information fraud by analyzing activity data based on time and location data on activity entries to detect behavioral patterns and anomalies (Lim: col. 98, lines 18-20).
As per claim 9, rejected under similar basis as claim 2.

Claims 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Popoveniuc et al (2016/0173485) and in view of Lim (8,862,551) and further in view of Nechytaylo et al (2015/0128233).

	As per claim 15, Popoveniuc discloses a system comprising: 
a hardware processor (Popoveniuc: para. 0015-0016); and 
a memory storing instructions that, when executed by the hardware processor, cause the hardware processor to (Popoveniuc: para. 0110, 0113-0114): 
obtain a list that includes a record generated for each of a plurality of detected failed login attempts (Popoveniuc: See Fig. 2 and Fig. 3, obtaining a list (#300) that includes a record (#312a-312i) for each of a plurality of detected failed login attempts), each record including a corresponding account identifier (Popoveniuc: para. 0041-0042, 0055, See Fig. 2, account identifier #214a-214b, 214d-214i, See Fig. 3, acccount1-account8), a corresponding piece of password data (Popoveniuc: para. 0043, 0059, See Fig. 2 #204 attempted credential (i.e. piece of password data); See Fig. 3 attempted credential #302 (i.e. piece of password data), and a corresponding temporal reference associated with one of the plurality of detected failed login attempts (Popoveniuc: para. 0044, 0053, 0056, 0059, See Fig. 2 #206 Timestamp (i.e. temporal reference), See Fig. 3 #306 Timestamp (i.e. temporal reference)); 
determine that a first account identifier in the list is identical to a second account identifier in the list (Popoveniuc: See Fig. 2 #202 Account, #214a-214h).
Popoveniuc does not explicitly disclose list includes a record corresponding location reference; and determine a travel time between two physical locations determined based on a 
However, in analogous art of Lim discloses list includes a record corresponding location reference (Lim: col. 96, lines 45-49, See also table below in para. 96 that has users Sandy and Dennis, the list includes a record corresponding to location reference (i.e. Host location); and determine a travel time between two physical locations determined based on a first location reference in the list and a second location reference in the list, based on a determination that the travel time exceeds a travel time threshold (Lim: col. 3, lines 5-32, col. 97, lines 1-28, col. 99, lines 7-30, determine a travel time between two locations, calculates a travel time based on the distance between two locations and uses a threshold).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include list includes a record corresponding location reference; and determine a travel time between two physical locations determined based on a first location reference in the list and a second location reference in the list, based on a determination that the travel time exceeds a travel time threshold of Lim with the system/method of Popoveniuc, the motivation is that this is an efficient method that detects information fraud by analyzing activity data to detect behavioral patterns and anomalies (Lim: col. 98, lines 18-20).
Popoveniuc and Lim do not explicitly disclose modifying a password blacklist to include a first piece of password data; and upon receiving a new password submitted by a user for adoption in associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist.
(Nechytaylo: see abstract, para. 0105, modifying a password blacklist to include a vector (i.e. first piece of password data), the gesture based password is converting the password to a vector and forwards the vector to the blacklist server); and upon receiving a new password submitted by a user for adoption in associated with the password blacklist (Nechytaylo: para. 0082, user selects a new password submits by the new password for adoption), employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist (Nechytaylo: para. 0109-0110, 0127, employing the blacklist to prevent adoption of the new password (i.e. new gesture password)). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modifying a password blacklist to include a first piece of password data; and upon receiving a new password submitted by a user for adoption in associated with the password blacklist, employing the password blacklist to prevent adoption of the new password when the new password matches the first piece of password data in the password blacklist of Nechytaylo with the method of Popoveniuc-Lim that includes associating passwords with account identifiers, the motivation is that this is an efficient security measure that prevents users from choosing passwords that are common or easy for a third party to determine (Nechytaylo: para. 0004). 

	As per claim 16, Popoveniuc, Lim, and Nechytaylo disclose the system of claim 15.  Lim further discloses determine the first location reference is association with a first country and the second location reference is associated with a second country different from a first country (Lim: col. 96, lines 45-48, and table below: shows Dennis Host location in San Jose which is in CA and CA is in US (United States), and London which is a different country).
	Same motivation as claim 15 above.

As per claim 17, Popoveniuc, Lim, and Nechytaylo disclose the system of claim 15.  
Popoveniuc discloses determine that two or more account identifiers in the list are identical (Popoveniuc: See Fig. 2, #214a-214b, #214d-#214h, account identifier the same (i.e. Account1).

	As per claim 18, Popoveniuc, Lim, and Nechytaylo disclose the system of claim 15.
	The combination of Lim and Nechytaylo further discloses, Lim further discloses determine a defined suspicious pattern of activity type (Lim: col. 97, lines 5-8, activity type (i.e. information fraud); and Nechytaylo discloses modify the password blacklist to include a reference to the defined suspicious pattern of activity type (Nechytaylo: see abstract, para. 0105, modifying a password blacklist to include a vector (i.e. first piece of password data), the gesture based password is converting the password to a vector and forwards the vector to the blacklist server).
	Same motivation as claim 15 above.

	As per claim 19, Popoveniuc, Lim, and Nechytaylo disclose the system of claim 15.
	Lim further discloses wherein each corresponding location reference in the list includes a network address associated with one of the plurality of detected failed login attempts (Lim: col. 25, lines 30-46, col. 96, lines 45-49, location reference listed in col. 96 below see table).
	Same motivation as claim 15 above.

As per claim 20, Popoveniuc, Lim, and Nechytaylo disclose the system of claim 15.   
Popoveniuc further discloses wherein each corresponding piece of password data in the list includes a password hash associated with one of the plurality of detected failed login attempts (Popoveniuc: para. 0028, 0034-0035, password hash).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

9/29/2021
/J.E.J/Examiner, Art Unit 2439             



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439