Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
1.	This action is responsive to communications: Application filed on June 1, 2020, and Drawings filed on June 1, 2020.
2.	Claims 1–20 are pending in this case. Claim 1, 8, 15 are independent claims. 


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Allowable Subject Matter
Claims 3, 4, 10, 11, 17, 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 8, 9, 15, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al. Pub. No.: 2018/0189470A1, in view of Li et al., Pub. No.: 2011/0162051A1. 
With regard to claim 1:
Kim discloses A computer implemented method for detecting bypass of an authentication system of a web application, the method being executed by one or more processors and comprising: receiving one or more logs comprising traffic associated with an application (paragraph 184: “According to some embodiments, the authentication device may receive an authentication request and obtain information regarding the cumulative number of authentication successes regarding an authentication target. For example, the authentication device may obtain information regarding the cumulative number of authentication successes regarding a first user.”) during a defined time period (paragraph 185: “Furthermore, according to some embodiments, the authentication device may obtain the information regarding the cumulative number of authentication successes stored in the authentication device or obtain information regarding the cumulative number of authentication successes from at least one other external device or an external server. The information regarding the cumulative number of authentication successes may include the number of times authentication has succeeded within a predetermined period of time or a ratio of the number authentication attempts within a predetermined period to the number of authentication successes.”), receiving one or more authentication logs associated with one or more authentication appliances providing authentication services for the application (paragraph 185: “Furthermore, according to some embodiments, the authentication device may obtain the information regarding the cumulative number of authentication successes stored in the authentication device or obtain information regarding the cumulative number of authentication successes from at least one other external device or an external server. The information regarding the cumulative number of authentication successes may include the number of times authentication has succeeded within a predetermined period of time or a ratio of the number authentication attempts within a predetermined period to the number of authentication successes.”), the one or more authentication logs comprising one or more time-stamped authentication factor entries for the one or more authentication appliances (paragraph 187: “Furthermore, according to some embodiments, not only the number of authentication successes, but also time points at which authentications are performed may be considered.”); determining, based on the one or more logs, one or more log entries corresponding to a user and the defined time period (paragraph 184 and 185: “According to some embodiments, the authentication device may receive an authentication request and obtain information regarding the cumulative number of authentication successes regarding an authentication target. For example, the authentication device may obtain information regarding the cumulative number of authentication successes regarding a first user. Furthermore, according to some embodiments, the authentication device may obtain the information regarding the cumulative number of authentication successes stored in the authentication device or obtain information regarding the cumulative number of authentication successes from at least one other external device or an external server. The information regarding the cumulative number of authentication successes may include the number of times authentication has succeeded within a predetermined period of time or a ratio of the number authentication attempts within a predetermined period to the number of authentication successes.”); determining, based on the one or more authentication logs, a total number of correct authentication factors provided by the user during the defined time period (paragraph 187 and 188: “Furthermore, according to some embodiments, not only the number of authentication successes, but also time points at which authentications are performed may be considered. 
[0188] In operation 905, the authentication device may lower a threshold score. For example, for a user corresponding to 30 or more authentication successes, authentication may be skipped for the user or may be simplified by performing at least one of a plurality of authentication methods for the user. Alternatively, the authentication device may perform authentication for 30 times or more at 8:00 PM and determine a user corresponding to 29 or more authentication successes is successfully authenticated. ”); and determining, based on the one or more log entries corresponding to the user and the defined time period and the total number of correct (paragraph 187 and 188: “Furthermore, according to some embodiments, not only the number of authentication successes, but also time points at which authentications are performed may be considered. 
[0188] In operation 905, the authentication device may lower a threshold score. For example, for a user corresponding to 30 or more authentication successes, authentication may be skipped for the user or may be simplified by performing at least one of a plurality of authentication methods for the user. Alternatively, the authentication device may perform authentication for 30 times or more at 8:00 PM and determine a user corresponding to 29 or more authentication successes is successfully authenticated. ”). 
	Kim does not disclose the aspect of receiving one or more webpage logs comprising web traffic associated with a web application during a defined time period.
However Li discloses the aspect of receiving one or more webpage logs comprising web traffic associated with a web application during a defined time period; receiving one or more authentication logs associated with one or more authentication appliances providing authentication services for the web application, the one or more authentication logs comprising one or more time-stamped authentication factor entries for the one or more authentication appliances (paragraph 19 and 20: “A user 150 can use the application software 140 (e.g., a browser) to access the application server 120. In this instance, an access request is sent from the electronic device 130 and can be transmitted to the authentication server 110 via the Internet. In response, the authentication server 110 sends an authentication webpage to the electronic device 130 requiring that the user 150 provides authentication information (e.g., a user name and a password). The authentication information input by the user 150 can be transmitted to the authentication server 110 via the Internet. Numbers (representing counts) and time stamps for an electronic device are stored in memory of the authentication server 110. In one embodiment, the numbers and time stamps are sorted by electronic device and authentication information; that is, for each combination of authentication information and electronic device, there is an associated number and time stamp. The number, or count, is used to indicate the number of times that the corresponding combination of authentication information and electronic device was not authenticated over a specified time interval, in one embodiment. The time stamp refers to the time that the authentication information was received by the authentication server 110. In the example of FIG. 2, time stamp_1 and count_1 correspond to user name_1 and device ID_1, and time stamp_2 and count_2 correspond to user name_2 and device ID_2.”) It would have being obvious to one of ordinary skill in the art, at the time the filing was made to apply Li to Kim so the determination of whether to allow the user to bypass authentication is more accurate and is based on data gathered from webpage visit to allow the user to bypass authentication of a website after successful authentication to reduce user frustration and save time. 


With regard to claims 2 and 9 and 16:
(Kim paragraph 187 and 188: “Furthermore, according to some embodiments, not only the number of authentication successes, but also time points at which authentications are performed may be considered. In operation 905, the authentication device may lower a threshold score. For example, for a user corresponding to 30 or more authentication successes, authentication may be skipped for the user or may be simplified by performing at least one of a plurality of authentication methods for the user. Alternatively, the authentication device may perform authentication for 30 times or more at 8:00 PM and determine a user corresponding to 29 or more authentication successes is successfully authenticated. ”). 

Claim 8 is rejected for the same reason as claim 1. 

Claim 15 is rejected for the same reason as claim 1. 

. 
Claims 5, 6, 12, 13, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al. Pub. No.: 2018/0189470A1, in view of Li, and further in view of Boodaei et al., Pub. No.: 2021/0168148:
With regard to claims 5 and 12 and 19:

However Boodaei discloses the aspect of generating a score for the user based on the user's conformance with one or more categories of web browsing behavior. 
(paragraph 141: “For example, the authentication manager 220 may assign a high-risk score to the user 204 in case the user 204 failed to successfully authenticate in one or more previous authentication sessions. The authentication manager 220 may further increase the risk score to the user 204 in case the user 204 failed to authenticate in one or more previous authentication sessions using the authenticator used in the current authentication iteration. In contrast, the authentication manager 220 may assign a relatively low risk score to the user 204 in case the user 204 successfully authenticated himself in one or more previous authentication sessions.”). It would have being obvious to one of ordinary skill in the art, at the time the filing was made to apply Boodaei to Kim and Li so the system can more accurately determine how trustworthy the user is by giving the user a score based on different circumstantial evidence to allow trustworthy user to bypass authentication and also prevent intrusion from untrustworthy individuals. 

With regard claims 6 and 13 and 20:
Kim and Li and Boodaei disclose The method of claim 5, wherein the one or more categories of web browsing behavior comprise at least one of multiple bypasses, anomalous URLs, previous flagging of the user, blacklisted Internet protocol address, foreign Internet protocol address, and failure to provide any valid authentication (Boodaei paragraph 141: “For example, the authentication manager 220 may assign a high-risk score to the user 204 in case the user 204 failed to successfully authenticate in one or more previous authentication sessions. The authentication manager 220 may further increase the risk score to the user 204 in case the user 204 failed to authenticate in one or more previous authentication sessions using the authenticator used in the current authentication iteration. In contrast, the authentication manager 220 may assign a relatively low risk score to the user 204 in case the user 204 successfully authenticated himself in one or more previous authentication sessions.”). 
 
Claims 7, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al. Pub. No.: 2018/0189470A1, in view of Li and Boodaei, and further in view of Hotchkiss, Pub. No.: 20150288715A1. 
With regard to claims 7 and 14:
Kim and Li and Boodaei do not disclose the method of claim 5, wherein conformance with at least one of the one or more categories of web browsing behavior indicates an intentional bypass of the authentication system of the web application. 
However Hotchkiss discloses the aspect wherein conformance with at least one of the one or more categories of web browsing behavior indicates an intentional bypass of the authentication system of the web application (paragraph 45: “Although the user is authorized to login at step 192, the login attempt may still be unsuccessful. For example, it may be an unauthorized user attempting to gain access by using a Botnet to circumvent the login page. This phenomenon is actually one way in which the blacklist is created, as shown by the method 400 depicted in FIG. 4. When a login by the user is unsuccessful, either once or several times, the associated IP address can be added to the blacklist at step 497. For example, too many failed login attempts in a specified or predetermined time period is a likely indication that the user is an attacker. Hence, at the website, if the user or bot makes a certain number of unsuccessful attempts with a predetermined timeframe, then the IP address associated with the user or bot is added to the blacklist.”). It would have being obvious to one of ordinary skill in the art, at the time the filing was made to apply Hotchkiss to Kim and Li and Boodaei so the system would be able to more accurately determine user’s credibility based on whether there was a history of bypassing authentication. 

Pertinent Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Altman, Patent Number: 9396316B1: A system and method for bypassing secondary user authentication based at least in part on the detection of a whitelisting deviation from a user pattern are disclosed. In one implementation, the system includes a pattern determination module, a fraudulent login identifier module, a whitelisting deviation detection module and a user authentication generation module. The pattern determination module determines a user pattern.

.
	

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DI XIAO whose telephone number is (571)270-1758. The examiner can normally be reached 9Am-5Pm est M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Renee Chavez can be reached on 5712701104. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/DI XIAO/Primary Examiner, Art Unit 2179