DETAILED ACTION
This Office action is in response to amendments and remarks filed by Applicant on 11/8/2021. Applicant presents amendments to claims 1, 12, 19, and 20.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 1/21/2022 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Response to Amendment
Applicant presents amendments to claims 1, 12, 19, and 20.  All amendments have been fully considered.
Applicant amends claims 1 and 12 to distinguish the claims from the previously cited combination of prior art. While the amended subject matter was not previously considered and Examiner did not previously address these limitations, Examiner asserts that the added subject matter in the present amendments is found in the secondary reference. While the same combination of references is presented, the additional mapping changes that basis for the previous rejection, which amounts to a new rejection. Additionally, an additional search was conducted pursuant to the change of scope of the claims.
Applicant’s amendments to claims 19 and 20, stipulating non-transitory subject matter, are sufficient to preclude the interpretation of the invention as being signals per se. Therefore, the previous rejection under 35 U.S.C. 101 is hereby withdrawn.

Response to Arguments
Applicant presents arguments regarding claims 1 and 12.  All arguments have been fully considered.
Applicant argues that the previously cited combination of prior art fails to teach all of the subject matter included in the present version of the claims.  Examiner responds: The primary reference teaches collecting various network information values and combining them in a way to achieve a comprehensive fingerprint.  The secondary reference teaches collecting various network information values and using them along or in combination (See Eisen para. 0009) as a basis for comparison with respective values to identify compromised behavior in the network communication. As far as a teaching the recited fingerprint comprising various characteristics of a request, the language of the claim required combining multiple network information value into a comprehensive fingerprint, which is taught in the primary reference (See Salusky para. 0028). The secondary reference addresses the comparison of values at a granular level to identify malicious behavior (See Eisen para. 0034). A revised mapping on the claims in light of Applicant’s amendments is presented below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7, 9-10, 12-14, 18 rejected under 35 U.S.C. 103 as being unpatentable over Salusky (U.S. Pat. App. Pub. 2012/0311027 A1) in view of Eisen (U.S. Pat. App. Pub. 2016/0203487 A1).
Regarding claims 1 and 12, Salusky discloses: a method for securing an application, the method comprising: receiving a request from a computing device for a session with the application (a request for access from a user-client application is received by the system. Salusky Fig. 2 element 201, and paras. 0028 and 0054.); capturing information associated with the request, including: software information for the device (the requests are received with the order and identity of the HTTP headers, which amount to the recited capturing information associated with software information for the device. Salusky para. 0010.); based on the captured information, generating a fingerprint associated with the request, the fingerprint having software information (the recipient of the request generates a fingerprint corresponding to the request. Salusky Fig. 2 element 202, and para. 0054. The header order are used solely or in combination with other data to generate the fingerprint. Salusky paras. 0039 and 0054.).  
Salusky does not disclose: capturing information associated with the request, including: a session identifier, and hardware information for the device; the fingerprint having session identifier, and hardware information components; separately comparing the respective individual components of the fingerprint associated with the request to corresponding components of a group of stored fingerprints; determining that the request for the session is malicious based on the separate comparison of the individual components of the fingerprint, wherein different results from the comparison indicate different malicious scenarios, and limiting access to data associated with the application for the malicious request for the session.
However, Eisen does disclose: capturing information associated with the request, including: a session identifier, and hardware information for the device (Session ID is extracted from the received data. Eisen para. 0032. Device information is captured, which is composed of one or more relatively unique characteristics attributed to the physical device itself. Eisen para. 0023.); the fingerprint having session identifier, and hardware information components (the captured characteristics can be used by themselves or in combination with other distinguishing characteristics of a computer device to assist in determining whether a client/server is compromised. Eisen paras. 0023-0024.); separately comparing the respective individual components of the fingerprint associated with the request to corresponding components of a group of stored fingerprints (an individual characteristic is captured and compared against a second same characteristic during any selected time interval of a session or at any selected Web page that may be requested and viewed by a user through a browser. Eisen para. 0034. Separately, and individually, a session ID information can be collected and compared in a second authentication step. Eisen para. 0035.); determining that the request for the session is malicious based on the separate comparison of the individual components of the fingerprint, wherein different results from the comparison indicate different malicious scenarios (various individual characteristics of the session are compared. Eisen para. 0035. One or more fingerprints may be compared to determine whether they match or not during an online session. Eisen para. 0034. A first fingerprint can be compared against a second fingerprint. Eisen para. 0034. The reference uses the term fingerprint to describe collected characteristic values alone or in combination. Eisen para. 0034.), and limiting access to data associated with the application for the malicious request for the session (when fingerprints do not match, then the activity requested is immediately denied. Eisen para. 0035.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the distinguishing and identifying user-client requests based upon received data incorporated into a software fingerprint of Salusky with the use of collected session and hardware fingerprint data used for identifying malicious events using comparisons based upon the teachings of Eisen. The motivation being to help detecting session manipulation or tampering so that fraud and the misappropriation of misuse of confidential information can be avoided. Eisen para. 0006.
Regarding claim 2, Salusky in view of Eisen discloses the limitations of claim 1, wherein the request for the session is determined to be malicious when the software information component of the fingerprint matches software information of a different fingerprint in the group of stored fingerprints (generated fingerprints from the received software data (types include CHSOrder, Tdiff, Port, CCount, and Method) are compared to known fingerprints associated with particular client application to identify the particular client application and/or assess whether the client application is malicious. Salusky para. 0006.).  
Regarding claim 3, Salusky in view of Eisen discloses the limitations of claim 1, wherein the request for the session is determined to be malicious when the session identifier component of the fingerprint matches a session identifier of a different fingerprint in the group of stored fingerprints (comparing session ID fingerprints. Eisen para. 0022.).  
Regarding claim 4, Salusky in view of Eisen discloses the limitations of claim 3, wherein the request for the session is associated with a first user, and wherein the different fingerprint is associated with at least one of a second user or different hardware information than the hardware information component of the fingerprint associated with the request (compare generated fingerprint to a database of mappings from fingerprints to known applications. Salusky paras 0010 and 0034.).  
Regarding claim 5, Salusky in view of Eisen discloses the limitations of claim 1, wherein access to the data associated with the application is limited by denying the session request (when fingerprints do not match, the activity request may be immediately denied. Eisen para. 0035.).  
Regarding claim 7, Salusky in view of Eisen discloses the limitations of claim 1, wherein the captured information further comprises location information, and wherein the fingerprint has a location information component (the IP address alone may form the device fingerprint, which is compared. Eisen para. 0034.).  
Regarding claim 9, Salusky in view of Eisen discloses the limitations of claim 1, wherein the session identifier comprises a session cookie (the session ID is stored as a cookie. Eisen paras. 0019 and 0027.).  
Regarding claim 10, Salusky in view of Eisen discloses the limitations of claim 1, wherein the software information is browser information, and wherein the browser information is generated by a browser running on the device in response to a request or instruction from the application (the received header order, interpreted as the recited software information, is browser information because the heading order is used to identify individual browser applications because of their varying levels of functionality and their function to server different web code to different applications. Salusky para. 0022.).   
Regarding claim 13, Salusky in view of Eisen discloses the limitations of claim 12, wherein the request for the session is determined to be malicious when the browser information component of the multi-factor fingerprint matches browser information of a different fingerprint in the group of stored fingerprints, indicating a spoofing attack (generated fingerprints from the received software data (types include CHSOrder, Tdiff, Port, CCount, and Method) are compared to known fingerprints associated with particular client application to identify the particular client application and/or assess whether the client application is malicious. Salusky para. 0006.).  
Regarding claim 14, Salusky in view of Eisen discloses the limitations of claim 12, wherein the session identifier is a session cookie, and wherein the request for the session is determined to be malicious when the session cookie for the multi-factor fingerprint matches a session cookie of a different fingerprint in the group of stored fingerprints, indicating cookie theft (the session ID is stored as a cookie. Eisen paras. 0019 and 0027. Comparing session ID fingerprints. Eisen para. 0022.).
Regarding claim 18, Salusky in view of Eisen discloses the limitations of claim 12, wherein the captured information further comprises at least one of location information or user information, and wherein the multi-factor fingerprint has a corresponding location information component or user information component (the IP address alone may form the device fingerprint, which is compared. Eisen para. 0034.).

Claims 8, 11, 16 rejected under 35 U.S.C. 103 as being unpatentable over Salusky in view of Eisen in view of Grajek (U.S. Pat. App. Pub. 2015/0237039 A1).
Regarding claim 8, Salusky in view of Eisen discloses the limitations of claim 1. Salusky in view of Eisen does not disclose: wherein the captured information further comprises user information, and wherein the fingerprint has a user information component.
However, Grajek does disclose: wherein the captured information further comprises user information, and wherein the fingerprint has a user information component (device fingerprint is authenticated based upon the associated user ID. Grajek paras. 0027-0028. Associated user information can include user ID, email address and/or mobile phone number. Grajek para. 0026. The close association of the user information and the device fingerprint required for the authentication determination is close enough to be interpreted as components of the entire fingerprint verification action.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the distinguishing and identifying user-client requests based upon received data incorporated into a software fingerprint of Salusky with the use of user information as part of the device authentication fingerprint based upon the teachings of Grajek.  The motivation being to have an additional factor of authentication of a device. Grajek para. 0026.
Regarding claim 11, Salusky in view of Eisen discloses the limitations of claim 1. Salusky in view of Eisen does not disclose: wherein the hardware information comprises at least one of: a number or type of processor of the computing device, a display resolution of a display associated with the computing device, a graphics processing unit of the computing device, or an amount of memory of the computing device.
However, Grajek does disclose: wherein the hardware information comprises at least one of: a number or type of processor of the computing device, a display resolution of a display associated with the computing device, a graphics processing unit of the computing device, or an amount of memory of the computing device (various characteristics can be used as part of the unique device fingerprint including device IP address, network card address, and other system settings such as device screen resolution on one or more display screens. Grajek para. 0051.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the distinguishing and identifying user-client requests based upon received data incorporated into a software fingerprint of Salusky with including physical device characteristics into the unique fingerprint calculation based upon the teachings of Grajek. The motivation being to have unique factors of authentication of a device. Grajek para. 0026. 
Regarding claim 16, Salusky in view of Eisen discloses the limitations of claim 14. Salusky in view of Eisen does not disclose: wherein the session cookie for the multi-factor fingerprint matches a cookie associated with different hardware information than the hardware information component of the multi-factor fingerprint.
However, Grajek does disclose: wherein the session cookie for the multi-factor fingerprint matches a cookie associated with different hardware information than the hardware information component of the multi-factor fingerprint (header information received in the request includes characteristics including cookies which are compared with other hardware characteristics from storage devices to make authentication determinations. Grajek para. 0059.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the distinguishing and identifying user-client requests based upon received data incorporated into a software fingerprint of Salusky with matching received cookies with hardware information based upon the teachings of Grajek. The motivation being to have unique factors of authentication of a device. Grajek para. 0026.
 
Claim 15 rejected under 35 U.S.C. 103 as being unpatentable over Salusky in view of Eisen in view of Beaumont (U.S. Pat. 10,013,577 B1).
Regarding claim 15, Salusky in view of Eisen discloses the limitations of claim 14, Salusky in view of Eisen does not disclose: wherein the session cookie for the multi-factor fingerprint matches a cookie associated with a different user.
However, Beaumont does disclose: wherein the session cookie for the multi-factor fingerprint matches a cookie associated with a different user (analyzing the cookie data may include comparing data associated with a first cookie to data associated with a second cookie.  The first and second cookie may include a first cookie associated with a first virtual profile and a second cookie associated with a second virtual profile. Beaumont col. 9, ll. 34-46.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the distinguishing and identifying user-client requests based upon received data incorporated into a software fingerprint of Salusky with matching session cookies of a different user based upon the teachings of Beaumont. The motivation being to determine whether the same cookie persists across a range of websites, which can include personally identifiable information. Beaumont col. 9, ll. 34-46.

Allowable Subject Matter
Claims 6 and 17 remain objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims 19-20 allowed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Canion (U.S. Pat. App. Pub. 2002/0108059 A1), security hardware accelerator capturing received packets and examining each packet to determine whether data in the packet represents a potential security violation; Harjanto (U.S. Pat. App. Pub. 2012/0317622 A1), authentication requiring a digital fingerprint of the client device.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571). The examiner can normally be reached Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/VANCE M LITTLE/Examiner, Art Unit 2494