Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Bradley D. Lytle (the Undersigned Attorney, Reg. No.40,073) on 3/4/2022.
The application has been amended as follows: 
IN THE CLAIMS:             Please cancel claims1-8.
Please replace claims as follows:

Claims 1-8 (Cancelled) 
9. (Previously Presented) A method to mitigate data from being compromised via an unauthorized API login event, comprising: 
storing in a database license attributes of a user license, user profile attributes, historical login attributes, and database content change attributes;
receiving an API login request;

detecting whether the API login request is an unauthorized API login request based on a result of the comparison; and
in response to the API login request being detected as an unauthorized API login request, limiting unauthorized retrieval of data from the database wherein
the historical login attributes include, for a particular licensed device that makes the API login request, a client application fingerprint,
the client application fingerprint includes at least one of a historical timing between API request activity, a historical order of requests, and a combination of API request activity and order of requests, and 
the detecting includes 
calculating a historical distribution of at least one attribute of the client application fingerprint,
comparing the API login request to the historical distribution to determine whether attributes of the API login request are more different than a predetermined amount from a standard statistical behavior of client application footprint, and 
in response to a determination that the API login request is more different than the predetermined amount, generating an alert that the API 

10. (Original) The method of Claim 9, wherein 
in response to the determination that the API login request is more different than the predetermined amount, performing at least one additional step of
determining that the detecting resulted in a false positive and placing an account associated with login credentials for the API login request on watch;
determining that an API breach likely occurred and generating an alter message to database administrators to implement enhanced API risk mitigation steps; and
locking down the account.

11. (Original) The method of Claim 1, wherein
the historical login attributes include, for a particular licensed device that is making the API login request, a cadence of past data requests performed via API activity.

12. (Original) The method of Claim 11, wherein
the cadence includes a recognized pattern of requested volumes over time.


storing in a database license attributes of a user license, user profile attributes, historical login attributes, and database content change attributes;
receiving an API login request;
comparing features of the API login request to at least one of the database license attributes, user profile attributes, historical login attributes, and database content change attributes against a predetermined threshold;
detecting whether the API login request is an unauthorized API login request based on a result of the comparison; and
in response to the API login request being detected as an unauthorized API login request, limiting unauthorized retrieval of data from the database, wherein
the historical login attributes include, for a particular licensed device that is making the API login request, a cadence of past data requests performed via API activity,
the cadence includes a recognized pattern of requested volumes over time,
the detecting includes 
calculating a historical distribution of the cadence,
comparing the API login request to the historical distribution to determine whether the API login request is more different than a 
in response to a determination that the API login request is more different than the predetermined amount, generating an alert that the API login request requires mitigation activity to avoid a potential compromise of data in the database to an unauthorized device.

14. (Original) The method of Claim 13, wherein 
in response to the determination that the API login request is more different than the predetermined amount, performing at least one additional step of
determining that the detecting resulted in a false positive and placing an account associated with login credentials for the API login request on watch;
determining that an API breach likely occurred and generating an alter message to database administrators to implement enhanced API risk mitigation steps; and
locking down the account.

15. (Original) The method of Claim 1, wherein
the database license attributes include, for a particular licensed device that is making the API login request, a volume of requests performed via API activity.


the detecting includes 
comparing the number of requests in the API login request to a threshold, and 
in response to a determination that the API login request is more different than the threshold, generating an alert that the API login request requires mitigation activity to avoid a potential compromise of data in the database to an unauthorized device.

17. (Original) The method of Claim 16, wherein
wherein the limiting includes at least one of 
determining that the detecting resulted in a false positive and placing an account associated with login credentials for the API login request on watch;
determining that an API breach likely occurred and generating an alert message to database administrators to implement enhanced API risk mitigation steps; and
locking down the account.

18. (Previously Presented) A method to mitigate data from being compromised via an unauthorized API login event, comprising: 
storing in a database license attributes of a user license, user profile attributes, historical login attributes, and database content change attributes;

comparing features of the API login request to at least one of the database license attributes, user profile attributes, historical login attributes, and database content change attributes against a predetermined threshold;
detecting whether the API login request is an unauthorized API login request based on a result of the comparison; and
in response to the API login request being detected as an unauthorized API login request, limiting unauthorized retrieval of data from the database, wherein
the comparing includes comparing a number of replication requests within a predetermined period of time, 
the detecting includes counting a number of database unlock events triggered by API login requests, and 
the detecting includes detecting that the API login request is the unauthorized API login request in response to the number being exceeded within a predetermined time period or above a predetermined amount. 

19. (Cancelled) 

20. (Cancelled) 

21. (New) The method of Claim 9, wherein the attributes of the user license include at least one of a licensed device category, and a licensed IP address range.

22.  (New)  The method of Claim 9, wherein the attributes of the user license include a licensed geography of a device that makes the API login request.

23.  (New)  The method of Claim 9, wherein the attributes of the user license include a usage type for a device that makes the API login request, the usage type being one of a replication usage, proxy usage, or direct usage.

24.  (New)  The method of Claim 9, wherein the attributes of the user license include a restriction on at least one of a number of data records requested, or a period of time between data requests.

25.  (New)  The method of Claim 9, wherein the historical login attributes include for a particular licensed device that makes the API login request include
an identification of the particular licensed device in the API login request.

26.  (New)  The method of Claim 13, wherein the attributes of the user license include at least one of a licensed device category, and a licensed IP address range.

27.  (New)  The method of Claim 13, wherein the attributes of the user license include a licensed geography of a device that makes the API login request.



29.  (New)  The method of Claim 13, wherein the attributes of the user license include a restriction on at least one of a number of data records requested, or a period of time between data requests.

30.  (New)  The method of Claim 13, wherein the historical login attributes include for a particular licensed device that makes the API login request include
an identification of the particular licensed device in the API login request.

Allowable Subject Matter

Claims 9-30 are allowed.

Reason for allowance
This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104(e). In this case, the substance of applicant's remarks filed on 3/4/22 with respect to the added claim limitation point out the reason claims are patentable over the prior art of record. Thus, the reason for allowance is in all probability 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Khanh Dinh whose telephone number is (571) 272-3936. The examiner can normally be reached on Monday through Friday from 8:00 A.m. to 5:00 P.m.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kevin Bates, can be reached on (571) 272-3980.   The fax phone number for this group is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).


/KHANH Q DINH/
Primary Examiner, Art Unit 2458