DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to communications filed November 30, 2021.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on November 30, 2021 has been entered.

Response to Arguments
Applicant's arguments filed November 30, 2021 regarding the rejection of claims 1-20 under 35 U.S.C 103 have been fully considered but they are moot in view of the new grounds of rejection.

Status of Claims
Claim 1-21 are pending, of which claims 1, 10, and 16 are in independent form. Claims 1-21 are rejected under 35 U.S.C. 103.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-5, 7-8, 10-14, 16-19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Jemiolo et al. (US 2016/0224320) (hereinafter Jemiolo) in view of Araiza et al. (US 2019/0260795) (hereinafter Araiza).   
Regarding claim 1, Jemiolo teaches a device comprising a memory and a processor configured to cooperate with the memory to log data from browsers of client devices that remotely access different Web applications through the browsers, the data being indicative of user actions performed with use of the different Web applications, and the logging being done separate from execution of the different Web applications (see Figs. 1-2B, Fig. 5, para [0027], para [0041, 0043], discloses logging user activity for different accessed web applications and the logging is via watching module which is separate from executing the different web applications).
Jemiolo does not explicitly teach detect a pattern of unauthorized usage based on logged data indicative of a frequency of which user actions are repeated via one or more client devices for at least one Web application, and block further access to the at least one Web application by the one or more client devices responsive to detection of the pattern
Araiza teaches detect a pattern of unauthorized usage based on logged data indicative of a frequency of which user actions are repeated via one or more client devices for at least one Web application (see Fig. 2, para [0062], para [0070], discloses detecting pattern of a malicious behavioral pattern (unauthorized usage) based on monitored behavior indicating unusual data transfers three times in interaction with a SaaS application which indicates a malicious threat according to behavioral pattern analysis ), and block further access to the at least one Web application by the one or more client devices responsive to detection of the pattern (see Fig. 7, para [0142], discloses disabling (block) access to SaaS applications in response to detected threat that is indicated in detection of malicious behavioral pattern).
Jemiolo/Araiza are analogous arts as they are each from the same field of endeavor of database systems.
Before the effective filing date of the invention it would have been obvious to a person of ordinary skill in the art to modify the system of Jemiolo to block web application access based on detected pattern from disclosure of Araiza. The motivation to combine these arts is disclosed by Araiza as “improves computing devices in the email system by limiting an impact of the cyber threat from consuming unauthorized CPU cycles, memory space, and power consumption in the computing devices via 

Regarding claim 10, Bhatia teaches a method comprising: logging data at a computing device from browsers of client devices that remotely access different Web applications through the browsers, the data being indicative of user actions performed with use of the different Web applications, and the logging being done separate from execution of the different Web applications (see Figs. 1-2B, Fig. 5, para [0027], para [0041, 0043], discloses logging user activity for different accessed web applications and the logging is via watching module which is separate from executing the different web applications).
Jemiolo does not explicitly teach detecting a pattern of unauthorized usage based on logged data indicative of a frequency of which user actions are repeated via one or more client devices for at least one Web application, and blocking further access to the at least one Web application by the one or more client devices responsive to detection of the pattern
Araiza teaches detecting a pattern of unauthorized usage based on logged data indicative of a frequency of which user actions are repeated via one or more client devices for at least one Web application (see Fig. 2, para [0062], para [0070], discloses detecting pattern of a malicious behavioral pattern (unauthorized usage) based on monitored behavior indicating unusual data transfers three times in interaction with a SaaS application which indicates a malicious threat according to behavioral pattern analysis ), and blocking further access to the at least one Web application see Fig. 7, para [0142], discloses disabling (block) access to SaaS applications in response to detected threat that is indicated in detection of malicious behavioral pattern).
Jemiolo/Araiza are analogous arts as they are each from the same field of endeavor of database systems.
Before the effective filing date of the invention it would have been obvious to a person of ordinary skill in the art to modify the system of Jemiolo to block web application access based on detected pattern from disclosure of Araiza. The motivation to combine these arts is disclosed by Araiza as “improves computing devices in the email system by limiting an impact of the cyber threat from consuming unauthorized CPU cycles, memory space, and power consumption in the computing devices via responding to the cyber threat without waiting for some human intervention” (para [0055]) and blocking web application access based on detected pattern is well known to persons of ordinary skill in the art, and therefore one of ordinary skill would have good reason to pursue the known options within his or her technical grasp that would lead to anticipated success.

Regarding claim 16, Bhatia teaches a system comprising: a plurality of client devices that remotely access a plurality of different Web applications via a browser through browsers (see Fig. 1, para [0025], discloses accessing different web applications via web browsers); and at least one server cooperating with the browsers to log data from browsers of client devices that remotely access different Web applications through the browsers, the data being indicative of user actions performed with use of the different Web applications, and the logging being done separate from execution of the different Web see Figs. 1-2B, Fig. 5, para [0027], para [0041, 0043], discloses logging user activity for different accessed web applications and the logging is via watching module which is separate from executing the different web applications).
Jemiolo does not explicitly teach detect a pattern of unauthorized usage based on logged data indicative of a frequency of which user actions are repeated via one or more client devices for at least one Web application, and block further access to the at least one Web application by the one or more client devices responsive to detection of the pattern
Araiza teaches detect a pattern of unauthorized usage based on logged data indicative of a frequency of which user actions are repeated via one or more client devices for at least one Web application (see Fig. 2, para [0062], para [0070], discloses detecting pattern of a malicious behavioral pattern (unauthorized usage) based on monitored behavior indicating unusual data transfers three times in interaction with a SaaS application which indicates a malicious threat according to behavioral pattern analysis ), and block further access to the at least one Web application by the one or more client devices responsive to detection of the pattern (see Fig. 7, para [0142], discloses disabling (block) access to SaaS applications in response to detected threat that is indicated in detection of malicious behavioral pattern).
Jemiolo/Araiza are analogous arts as they are each from the same field of endeavor of database systems.
Before the effective filing date of the invention it would have been obvious to a person of ordinary skill in the art to modify the system of Jemiolo to block web application access based on detected pattern from disclosure of Araiza. The motivation to combine these arts is disclosed by Araiza as “improves computing devices in the email system by limiting an impact of the cyber threat from consuming unauthorized CPU cycles, memory space, and power consumption in the computing devices via responding to the cyber threat without waiting for some human intervention” (para [0055]) and blocking web application access based on detected pattern is well known to persons of ordinary skill in the art, and therefore one of ordinary skill would have good reason to pursue the known options within his or her technical grasp that would lead to anticipated success.

Regarding claims 2, 11, and 17 Jemiolo/Araiza teach a device of claim 1, method of claim 10, and system of claim16.
Jemiolo does not explicitly teach wherein the processor is further configured to block further access to the at least one Web application by a user associated with the one or more client devices.
Araiza teaches wherein the processor is further configured to block further access to the at least one Web application by a user associated with the one or more client devices (see Fig. 7, para [0142], discloses disable user access to SaaS applications).

Regarding claims 3, 12, and 18 Jemiolo/Araiza teach a device of claim 1, method of claim 10, and system of claim16.
Jemiolo does not explicitly teach wherein the processor is further configured generate an alert identifying the user associated with the one or more client devices.
Araiza teaches wherein the processor is further configured generate an alert identifying the user associated with the one or more client devices (see para [0147], discloses generating a cyber threat alert related to disabling user account).

Regarding claims 4, 13, and 19 Jemiolo/Araiza teach a device of claim 1, method of claim 10, and system of claim16.
Jemiolo further teaches wherein the client devices are associated with respective users (see Fig. 6, para [0043, 0046], discloses tracking uniquely identified users’ actions on respective client); wherein a processor is configured to log respective data for each user (see Fig. 6, para [0045-0046], discloses watching module loggers that uniquely identifies respective users).

Regarding claims 5 and 14 Jemiolo/Araiza teach a device of claim 1, method of claim 10, and system of claim16.
Jemiolo further teaches wherein the processor is further configured to determine a common user action performed within a Web page of a given Web application based upon the logged data structure (see Fig. 5, para [0041], discloses loggers that include post-click metrics).

Regarding claim 7, Jemiolo/Araiza teach a device of claim 1.
Jemiolo further teaches wherein the client devices are associated with respective users (see Fig. 1, para [0027-0028], discloses client devices associated with respective users based on user log in to access user account); wherein the processor logs common data of user actions across the different users (see Fig. 3, para [0035-0036], discloses different candidate responses in logged data used to create individual trial demonstration for respective candidate).

Regarding claim 8, Jemiolo/Araiza teach a device of claim 1.
Jemiolo does not explicitly teach wherein at least some of the Web applications comprises Software as a Service (SaaS) applications.
Araiza teaches wherein at least some of the Web applications comprises Software as a Service (SaaS) applications (see Fig. 7, para [0015], discloses Software as a Service applications).

Regarding claim 21, Jemiolo/Araiza teach a device of claim 1.
Jemiolo does not explicitly teach wherein the processor is configured to automatically detect the pattern of unauthorized usage using machine learning based on the logged data indicative of the frequency of which the user actions are repeated via one or more client devices for the at least one Web application.
Araiza teaches wherein the processor is configured to automatically detect the pattern of unauthorized usage using machine learning based on the logged data indicative of the frequency of which the user actions are repeated via one or more client devices for the at least one Web application (see para [0061-0062], discloses machine learning models configured for behavioral pattern analysis in which malicious behavior is identified that pose a level of threat).

Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Jemiolo et al. (US 2016/0224320) (hereinafter Jemiolo) in view of Araiza et al. (US 2019/0260795) (hereinafter Araiza) as applied to claims 1 and 16, and in further view of Mahaffey et al. (US 2016/0099963) (hereinafter Mahaffey).
Regarding claims 6 and 15, Jemiolo/Araiza teach a device of claim 1, method of claim 10, and system of claim16.
Jemiolo/Araiza do not explicitly teach wherein the processor is further configured to cause the browsers to display an overlay on the given Web application corresponding to the common user action when navigating the Web page.
Mahaffey teaches wherein the processor is further configured to cause the browsers to display an overlay on the given Web application corresponding to the common user action when navigating the Web page (see para [0649], discloses an alert of a threat in an interstitial in-window popup).
Jemiolo/Araiza are analogous arts as they are each from the same field of endeavor of database systems.
Before the effective filing date of the invention it would have been obvious to a person of ordinary skill in the art to modify the system of Jemiolo/Araiza to display an overlay corresponding to common user action from disclosure of Mahaffey. The motivation to combine these arts is disclosed by Mahaffey as “improved techniques and systems for computer security, including mobile application security” (para [0044]) and display an overlay corresponding to common user action is well known to persons of ordinary skill in the art, and therefore one of ordinary skill would have good reason to pursue the known options within his or her technical grasp that would lead to anticipated success.

Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jemiolo et al. (US 2016/0224320) (hereinafter Jemiolo) in view of Araiza et al. (US 2019/0260795) (hereinafter Araiza), as applied to claims 1 and 16, and in further view of  Thampy (US 2019/0068627) (hereinafter Thampy).
Regarding claim 9, Jemiolo/Araiza teach a device of claim 1.
Jemiolo/Araiza does not explicitly teach wherein the browsers comprise at least one of embedded browsers and hosted browsers.
Thampy teaches wherein the browsers comprise at least one of embedded browsers and hosted browsers (see Fig.1, para [0002], para [0115], discloses browsers in SaaS and Paas/Iaas environments).
Jemiolo/Araiza/Thampy are analogous arts as they are each from the same field of endeavor of database systems.
Before the effective filing date of the invention it would have been obvious to a person of ordinary skill in the art to modify the system of Jemiolo/Araiza to utilize hosted browsers from disclosure of Thampy. The motivation to combine these arts is disclosed by Thampy as “provide an improved, reliable assessment of patterns” (para [0302]) and utilizing hosted browsers is well known to persons of ordinary skill in the art, and therefore one of ordinary skill would have good reason to pursue the known options within his or her technical grasp that would lead to anticipated success.

Regarding claim 20, Jemiolo/Araiza teach a system of claim16.
Jemiolo/Araiza does not explicitly teach wherein the at least one server is further configured to determine a common user action performed within a web page of a given Web application based upon the logged data; and wherein the at least one server is further configured to cause the browsers to display an overlay on the given Web application corresponding to the common user action when navigating the page.
Thampy teaches wherein the at least one server is further configured to determine a common user action performed within a web page of a given Web application based upon the logged data (see para [0235-0236], discloses a model as a catalog of actions that map actions to user roles and privileges associated with the roles and access to applications); and wherein the at least one server is further configured to cause the browsers to display an overlay on the given Web application corresponding to the common user action when navigating the page (see para [0248], discloses sending a prompt to an users graphical interface regarding an alert about a security risk and/or change in access to application).
Jemiolo/Araiza/Thampy are analogous arts as they are each from the same field of endeavor of database systems.
Before the effective filing date of the invention it would have been obvious to a person of ordinary skill in the art to modify the system of Jemiolo/Araiza to utilize hosted browsers from disclosure of Thampy. The motivation to combine these arts is disclosed by Thampy as “provide an improved, reliable assessment of patterns” (para [0302]) and utilizing hosted browsers is well known to persons of ordinary skill in the art, and therefore one of ordinary skill would have good reason to pursue the known options within his or her technical grasp that would lead to anticipated success.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY HARMON whose telephone number is (571)270-5861. The examiner can normally be reached M-F 9am - 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela Reyes can be reached on 517-270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Courtney Harmon/Examiner, Art Unit 2159                         
/Mariela Reyes/Supervisory Patent Examiner, Art Unit 2159