DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 5/19/2020.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Objections
Claim 4 objected to because of the following informalities: repetitive word “… that that… .”  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 7-8 rejected under 35 U.S.C. 103 as being unpatentable over Eichstaedt (U.S. Pat. 6,662,230 B1) in view of Yang (U.S. Pat. 9,699,203 B1) in view of Kamath (U.S. Pat. App. Pub. 2010/0131668 A1).
Regarding claim 1, Eichstaedt discloses: a system, comprising: a non-transitory memory; and one or more hardware processors coupled with the non-transitory memory and (receiving a request for a data object from a client computer and recording a log entry for the request in a log file. Eichstaedt col. 3, ll. 60-62. The log entry of the received requests includes a client identifier and a timestamp for the request. Eichstaedt col. 4, ll. 3-4.); logging, in one or more log files, each request (recording a log entry for the request in a log file. Eichstaedt col. 3, ll. 60-62.).
Eichstaedt does not disclose: determining an amount of one or more user identifiers associated with the plurality of requests received during the time interval that corresponds to one or more pre-identified user identifiers of a plurality of pre-identified user identifiers; determining the amount of the one or more user identifiers meets or exceeds a threshold; and reducing, in response to the determining the amount meets or exceeds the threshold, a request rate limit 
However, Yang does disclose: determining an amount of one or more user identifiers associated with the plurality of requests received during the time interval that corresponds to one or more pre-identified user identifiers of a plurality of pre-identified user identifiers (the server computer pre-identifies a plurality of user names where each username of the plurality of usernames is associated with a corresponding login request from an IP address within a period of time. Yang col. 6, ll. 37-43. The information is used to determine the total number of login request from the IP address within the time period. Yang col. 6, ll. 49-55.); determining the amount of the one or more user identifiers meets or exceeds a threshold (the information is used to determine the total number of login request from the IP address within the time period is above a security threshold. Yang col. 6, ll. 49-55.)
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with comparing the received identifiers to pre-identified identifiers and determine whether they exceed a threshold based upon the teachings of Yang.  The motivation being to identify usernames and passwords being used despite having been stolen by malicious actors. Yang col. 2, ll. 30-40. 
Eichstaedt in view of Yang does not disclose: reducing, in response to the determining the amount meets or exceeds the threshold, a request rate limit.
However, Kamath does disclose: reducing, in response to the determining the amount meets or exceeds the threshold, a request rate limit (adjusting the rate limit of the receipt of requests based upon the number of requested received within a certain period of time exceeds a threshold. Kamath para. 0007.). 
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with limiting the rate of automated access based upon the teachings of Kamath. The motivation being adjusting a rate limit in mitigation of risk of providing access to a requesting entity. Kamath para. 0003. 
Regarding claim 3, Eichstaedt in view of Yang in view of Kamath discloses the limitations of claim 1, wherein the request rate limit is for an endpoint of the one or more endpoints at which a request was received (adjusting the rate limit of the receipt of requests based upon the number of requested received within a certain period of time exceeds a threshold. Kamath para. 0007.).  
Regarding claim 4, Eichstaedt in view of Yang in view of Kamath discloses the limitations of claim 1, wherein the request rate limit is for an IP address, and wherein the reducing comprises: determining that that a request associated with a user identifier in the plurality of pre-identified user identifiers originated from the IP address (the rate-limiting policy is applied based on content of the communication including the internet protocol address. Kamath para. 0096.).  
Regarding claim 7, Eichstaedt in view of Yang in view of Kamath discloses the limitations of claim 1, wherein the operations further comprise: determining that a number of requests originating from an IP address have met or exceeded the request rate limit (the information is used to determine the total number of login request from the IP address within the time period is above a security threshold. Yang col. 6, ll. 49-55.); and blocking, in response to determining that the requests from the IP address have met or exceeded the request rate limit, the IP address (if the identifier has more than a specific threshold of request within a certain period of time, it is added to the deny list and is blocked. Eichstaedt col. 7, ll. 42-49 and 27-30.).  
Regarding claim 8, Eichstaedt discloses: a method, comprising: determining, by one or more hardware processors, a request rate limit defining a number of requests permitted over a period of time; obtaining, by the one or more hardware processors at one or more endpoints during a time interval, a plurality of requests, each request associated with a user identifier (receiving a request for a data object from a client computer and recording a log entry for the request in a log file. Eichstaedt col. 3, ll. 60-62. The log entry of the received requests includes a client identifier and a timestamp for the request. Eichstaedt col. 4, ll. 3-4.).
Eichstaedt does not disclose: determining, by the one or more hardware processors, an amount of one or more of the user identifiers obtained during the time interval corresponding to one or more pre-identified user identifiers of a plurality of pre-identified user identifiers meets or exceeds a threshold.
However, Yang does disclose: determining, by the one or more hardware processors, an amount of one or more of the user identifiers obtained during the time interval corresponding to one or more pre-identified user identifiers of a plurality of pre-identified user identifiers meets or exceeds a threshold (the server computer pre-identifies a plurality of user names where each username of the plurality of usernames is associated with a corresponding login request from an IP address within a period of time. Yang col. 6, ll. 37-43. The information is used to determine the total number of login request from the IP address within the time period. Yang col. 6, ll. 49-55. The information is used to determine the total number of login request from the IP address within the time period is above a security threshold. Yang col. 6, ll. 49-55.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with comparing the received identifiers to pre-identified identifiers and determine whether they exceed a threshold based upon the teachings of Yang.  The motivation being to identify usernames and passwords being used despite having been stolen by malicious actors. Yang col. 2, ll. 30-40. 
Eichstaedt in view of Yang does not disclose: reducing, in response to the determining the amount meets or exceeds the threshold, the request rate limit.
However, Kamath does disclose: reducing, in response to the determining the amount meets or exceeds the threshold, the request rate limit (adjusting the rate limit of the receipt of requests based upon the number of requested received within a certain period of time exceeds a threshold. Kamath para. 0007.). 
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with limiting the rate of automated access based upon the teachings of Kamath. The motivation being adjusting a rate limit in mitigation of risk of providing access to a requesting entity. Kamath para. 0003.

Claims 5, 15-17 rejected under 35 U.S.C. 103 as being unpatentable over Eichstaedt in view of Yang in view of Kamath in view of Boss (U.S. Pat. App. Pub. 2013/0133062 A1).
Regarding claim 5, Eichstaedt in view of Yang in view of Kamath discloses the limitations of claim 1. Eichstaedt in view of Yang in view of Kamath does not disclose: wherein each user identifier comprises an e-mail address.
However, Boss does disclose: wherein each user identifier comprises an e-mail address (identifiers can be in various forms including identifying accounts using am email address. Boss para. 0010.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with using email address as an identifier based upon the teachings of Boss.  The motivation being to more easily manage various individual network services. Boss para. 0010.
Regarding claim 15, Eichstaedt discloses: a non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising: receiving, at one or more endpoints during a time interval, a plurality of requests, each request associated with an [e-mail address] (receiving a request for a data object from a client computer and recording a log entry for the request in a log file. Eichstaedt col. 3, ll. 60-62. The log entry of the received requests includes a client identifier and a timestamp for the request. Eichstaedt col. 4, ll. 3-4.); logging, in one or more log files, each [e-mail address] associated with each request of the plurality of requests (recording a log entry for the request in a log file. Eichstaedt col. 3, ll. 60-62.).
Eichstaedt does not disclose: determining that an amount of one or more of the e-mail addresses logged during the time interval corresponding to one or more pre-identified e-mail addresses of a plurality of pre-identified e-mail addresses meets or exceeds a threshold; and increasing, in response to the determining the amount meets or exceeds the threshold, a duration of a block period associated with a request rate limit.
However, Yang does disclose: determining that an amount of one or more of the [e-mail addresses] logged during the time interval corresponding to one or more pre-identified [e-mail addresses] of a plurality of pre-identified [e-mail addresses] meets or exceeds a threshold (the server computer pre-identifies a plurality of user names where each username of the plurality of usernames is associated with a corresponding login request from an IP address within a period of time. Yang col. 6, ll. 37-43. The information is used to determine the total number of login request from the IP address within the time period. Yang col. 6, ll. 49-55. The information is used to determine the total number of login request from the IP address within the time period is above a security threshold. Yang col. 6, ll. 49-55.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with comparing the received identifiers to pre-identified identifiers and determine whether they exceed a threshold based upon the teachings of Yang.  The motivation being to identify usernames and passwords being used despite having been stolen by malicious actors. Yang col. 2, ll. 30-40. 
Eichstaedt in view of Yang does not disclose: increasing, in response to the determining the amount meets or exceeds the threshold, a duration of a block period associated with a request rate limit.
However, Kamath does disclose: increasing, in response to the determining the amount meets or exceeds the threshold, a duration of a block period associated with a request rate limit (adjusting the rate limit of the receipt of requests based upon the number of requested received within a certain period of time exceeds a threshold. Kamath para. 0007.). 
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with limiting the rate of automated access based upon the teachings of Kamath. The motivation being adjusting a rate limit in mitigation of risk of providing access to a requesting entity. Kamath para. 0003.
Eichstaedt in view of Yang in view of Kamath does not disclose: wherein each user identifier comprises an e-mail address.
However, Boss does disclose: wherein each user identifier comprises an e-mail address (identifiers can be in various forms including identifying accounts using am email address. Boss para. 0010.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with using email address as an identifier based upon the teachings of Boss.  The motivation being to more easily manage various individual network services. Boss para. 0010.
Regarding claim 16, Eichstaedt in view of Yang in view of Kamath in view of Boss discloses the limitations of claim 15, wherein the operations further comprise: blocking, for the duration of the block period, further requests from an IP address in response to a number of requests originating from the IP address meeting or exceeding the request rate limit (if the identifier has more than a specific threshold of request within a certain period of time, it is added to the deny list and is blocked. Eichstaedt col. 7, ll. 42-49 and 27-30.).  
Regarding claim 17, Eichstaedt in view of Yang in view of Kamath in view of Boss discloses the limitations of claim 15, wherein the operations further comprise: determining that a number of requests from an IP address over a time interval has met or exceeded a flag rate limit; and flagging, in response to the determining that the number of requests from the IP address has exceeded the flag rate limit, the IP address (if the identifier has more than a specific threshold of request within a certain period of time, it is added to the deny list and is blocked. Eichstaedt col. 7, ll. 42-49 and 27-30.).

Claim 6 rejected under 35 U.S.C. 103 as being unpatentable over Eichstaedt in view of Yang in view of Kamath in view of Song (U.S. Pat. App. Pub. 2006/0089905 A1).
Regarding claim 6, Eichstaedt in view of Yang in view of Kamath discloses the limitations of claim 1. Eichstaedt in view of Yang in view of Kamath does not disclose: wherein the plurality of pre-identified user identifiers is identified based on the pre-identified user identifiers corresponding to a data breach associated with one or more entities.
However, Song does disclose: wherein the plurality of pre-identified user identifiers is identified based on the pre-identified user identifiers corresponding to a data breach associated with one or more entities (a compiled list of possible victims of stolen account information is compared with member databases, customer databases or other databases. Song paras. 0045 and 0049.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with comparing transactional identifiers with previously identified victims of identity theft in a computer network based upon the teaching of Song. The motivation being to prevent credit damage and identify theft against losses and damages cause by identity theft and fraudulent activities. Song para. 0002.

Claim 9 rejected under 35 U.S.C. 103 as being unpatentable over Eichstaedt in view of Yang in view of Kamath in view of Deivasigamani (U.S. Pat. App. Pub. 2013/0090115 A1).
Regarding claim 9, Eichstaedt in view of Yang in view of Kamath discloses the limitations of claim 8, further comprising: instituting, in response to a number of requests originating at an IP address meeting or exceeding the request rate limit, a first block disallowing further requests from the IP address for a duration of a first block period (if the identifier has more than a specific threshold of request within a certain period of time, it is added to the deny list and is blocked. Eichstaedt col. 7, ll. 42-49 and 27-30.).
Eichstaedt in view of Yang in view of Kamath does not disclose: removing the first block after the first block period has elapsed.
However, Deivasigamani does disclose: removing the first block after the first block period has elapsed (identifier is removed from the blocklist after a specified period of time. Deivasigamani para. 0083.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with removing an identifier from blocking after the expiration of a time period based upon the teachings of Deivasigamani. The motivation being to allow nodes to re-try to access after a dynamically set interval of time. Deivasigamani para. 0083.

Claims 11-12 rejected under 35 U.S.C. 103 as being unpatentable over Eichstaedt in view of Yang in view of Kamath in view of Hwang (U.S. Pat. App. Pub. 2008/0117813 A1).
Regarding claim 11, Eichstaedt in view of Yang in view of Kamath discloses the limitations of claim 8. Eichstaedt in view of Yang in view of Kamath does not disclose: wherein the determining the request rate limit comprises: establishing an upper bound defining a maximum allowable value for the request rate limit; establishing a lower bound defining a minimum allowable value for the request rate limit; and randomly selecting a value for the request rate limit between the upper bound and the lower bound.
However, Hwang does disclose: wherein the determining the request rate limit comprises: establishing an upper bound defining a maximum allowable value for the request rate limit; establishing a lower bound defining a minimum allowable value for the request rate limit; and randomly selecting a value for the request rate limit between the upper bound and the lower bound (dynamic rate-limiting mechanism give a maximum and a minimum rate and establishing the rate limit between the maximum and minimum. Hwang para. 0017.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the monitoring of client request and limiting access of client computer requests based upon log history thresholds of Eichstaedt with establishing a rate limit between maximum and minimum threshold values based upon the teachings of Hwang.  The motivation being to dynamically adjust packet flow rates based upon the needs of the traffic. Hwang para. 0003.
Regarding claim 12, Eichstaedt in view of Yang in view of Kamath in view of Hwang discloses the limitations of claim 11, further comprising: determining, after a first rate limit duration, a first new value for the request rate limit between the upper bound and the lower bound (adjusting the dynamic rate limit from initial values after a predetermined period of time. Hwang paras. 0017-0020.).  
Regarding claim 13, Eichstaedt in view of Yang in view of Kamath in view of Hwang discloses the limitations of claim 12, further comprising: determining, after a second rate limit duration different from the first rate limit duration, a second new value for the request rate limit between the upper bound and the lower bound (adjusting the dynamic rate limit from previous values after a predetermined period of time. Hwang paras. 0017-0020.).   

Allowable Subject Matter
Claims 2, 10, 14, 18-20 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493