DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 8/9/2021.
Claims 7 and 14 have been canceled.
Claims 1, 6, 10 and 17 have been amended.
Claim 21 has been added.
Claims 1-6, 8-13 and 15-21 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/9/2021 has been entered.

 Response to Arguments
Applicant’s arguments, filed on 8/9/2021, with respect to claims 1-6, 8-13 and 15-21 have been fully considered and are persuasive.  The 103 rejection of claims 1-6, 8-13 and 15-21 has been withdrawn. 

Allowable Subject Matter
Claims 1-6, 8-13 and 15-21 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Independent Claims 1, 10, and 17 are allowed for the reasons argued by
Applicants on pages 10-12 of the Remarks filed on 8/9/2021 which are persuasive.
Although, the prior art of record Selgas (US 20180357430) discloses "methods, apparatus, and systems are provided to secure access to an account of a user. The account may have a system administrator. The user may have a credential for accessing the secure data on the account. The methods, apparatus, and systems involve setting a universal reset credential associated with the account, denying the system administrator of the account permission to change the first credential of the access feature, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential"; In addition, HART (US 20170324758) discloses “systems and methods for detecting potentially malicious activity in a network session. Embodiments may involve identifying a requested network session between a first computer device and a second computer device, wherein the requested network session includes at least one security access message having an 
Neither Selgas, HART nor the prior art of record teaches individually or in combination the limitations listed below as recited in applicants' independent Claims: 
Claim 1: A system comprising: one or more processors; and one or more computer-readable hardware storage devices that store instructions that are executable by the one or more processors to cause the system to at least: receive data regarding a user credential change; detect a suspicious credential change automatically based on the data and a set of one or more known suspicious change patterns, wherein an option is provided to a user to specify a minimum extent of pattern match that is to at least exist between the user credential change and at least one known suspicious change pattern included in the set of one or more known suspicious change patterns in order for that suspicious credential change to be detected based on the user credential change; and initiate mitigation of the suspicious credential change, wherein mitigation of the suspicious credential change includes: in response to determining a credential administrator account, which is initially provided with an ability to manage credentials, including changing credentials, is associated with 
Claim 10: A method comprising: employing at least one processor configured to execute computer-executable instructions stored in a memory, the instructions, when executed by the at least one processor, cause the at least one processor to perform the following acts: receive data regarding a user credential change; detect a suspicious credential change automatically based on the data and a set of one or more known suspicious change patterns, wherein an option is provided to a user to specify a minimum extent of pattern match that is to at least exist between the user credential change and at least one known suspicious change pattern included in the set of one or more known suspicious change patterns in order for that suspicious credential change to be detected based on the user credential change; and initiate mitigation of the suspicious credential change, wherein mitigation of the suspicious credential change includes: in response to determining a credential administrator account, which is initially provided with an ability to manage credentials, including changing credentials, is associated with the suspicious credential change, suspend only the ability of the credential administrator account to manage credentials while permitting user account functions associated with the credential administrator account to continue uninterrupted.

The closest prior art made of record and cited consisted of the following references. 

Lockhart (US 20170161520) discloses “a compromised data exchange system may include an interface configured to couple to a network, a processor, and a memory accessible to the processor. The memory may be configured to store instructions that, when executed, cause the processor to extract data from one or more websites using a crawler, detect portions within the data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module, and to compare a detected portion to data within a database of disassociated compromised PII data to determine a match using the risk assessment module. The instructions may further cause the processor to selectively assign a risk score to a data item within the database in response to determining the match using a risk scoring module”.

Hecht (US 20200057848) discloses “techniques include securely maintaining data associated with a plurality of authentication credentials; generating, as a function of the data associated with a selected group of the plurality of authentication credentials, a secret data element; making available, the secret data element, to be embedded in a first authentication credential; identifying an attempt to change the first authentication credential, the attempt including new authentication credential data to replace data in the first authentication credential; validating, conditional on whether the new authentication credential data includes the secret data element, the new authentication credential data; and determining, based on the validating, whether to perform a control action based on the new authentication credential data”.
However, the prior art of record, taken by itself or in any combination, do not anticipate or make obvious the invention of the present application and in particular the claim features listed above.
.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/TRANG T DOAN/Primary Examiner, Art Unit 2431