Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application filed on 8/23/2019. Claims 1 and 14 are independents. Claims 1-16 are currently pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/23/2019 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections -35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bak al. (US 20110185401 A1), hereinafter Bak, in view Joye (EP 2955657 A1).

  Regarding claims 1, 13 and 17, Bak teaches a computer-implemented method comprising:
constructing an authentication resolution model specific to a client based upon error patterns respectively included in a plurality of erroneous authentication submissions inconsistent with a proper authentication submission required for an account associated with the client (FIG. 3 and para. 0030 and 0031, a graph-theoretic data structure (authentication resolution model) is dynamically constructed... The graph-theoretic data structure (e.g., 232) has nodes corresponding to received valid and invalid authentication credentials used in attempts to access the system. The 
receiving, via an authentication interface, a new erroneous authentication submission inconsistent with the proper authentication submission (FIG. 3 and para. 0031, dynamically constructing at 310 includes, if a newly received credential has no corresponding node in the data structure. FIG. 5B-5C and para. 0034, at time T1, the invalid credential AGCDEF is received); and
responsive to determining that the new erroneous authentication submission defined in the authentication resolution model, completing authentication (FIG. 3 and para. 0037, in response to receipt of an invalid credential, a probability of the invalid credential being an authentication attempt by a particular type of user is computed based on the graph-theoretic data structure. para. 0040, compute, based on the graph- theoretic data structure (which is traversed during the failed login attempts and dynamically updated with information from each attempt), a probability of the login attempts being by a legitimate user. If the probability is above a threshold, the system may first give the user two additional login attempts, for example. If the user again mistypes the password the two additional times (e.g., by retyping the alternative password believing perhaps she mistyped it, and then by trying a third alternate password), and the probability that the login attempts are by legitimate user are still above the threshold, the authentication conditions may be adjusted again, but this time to ask the user for the answer to a personal security question. for example).
Bak does not explicitly disclose determining that the erroneous authentication submission corresponds to an authentication exception. However, in an analogous art, 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings Bal and Joye because there is a need for a solution that can allow an authentication system to allow mistyped passwords without having the drawbacks of the prior art solutions (Joye para. 0008).

  Regarding claims 2, 14 and 18, the combination of Bak and Joye teaches all of the limitations of claims 1, 13 and 17, as described above. Bak further teaches responsive to determining that the new erroneous authentication submission corresponds to an authentication warning. defined in the authentication resolution model, performing at least one client account warning protection activity (FIG. 3 and para. 0040, if the user again mistypes the password the two additional times (e.g., by retyping the alternative password believing perhaps she mistyped it, and then by trying a third alternate password), and the probability that the login attempts are by legitimate user are still above the threshold, the authentication conditions may be adjusted again, 

  Regarding claims 3, 15 and 19, the combination of Bak and Joye teaches all of the limitations of claims 1, 13 and 17, as described above. Bak further teaches responsive to determining that the new erroneous authentication submission corresponds to an authentication attack defined in the authentication resolution model, performing at least one client account attack protection activity (FIG. 3 and par. 0040 and 0042. the probability computed at 320 is the probability of the invalid credential being an authentication attempt by a malicious user. If the probability is above the threshold (thereby indicating that a malicious user is attempt to access the system), at 330, a security event may also be triggered to adjust an authentication condition of the system. This may be or include. for example, triggering a security event to lock-out additional attempts to access the system).

  Regarding claims 4, 16 and 20, the combination of Bak and Joye teaches all of the limitations of claims 1, 13 and 17, as described above. Bak further teaches updating the authentication resolution model based upon the new erroneous authentication submission (FIG. 3 and para. 0004 and 0031, dynamically constructing at 310 includes, if a newly received credential has no corresponding node in the data structure. FIG. 5B-5C and para. 0034, at time T1, the invalid credential AGCDEF is received).

 Regarding claim 5, the combination of Bak and Joye teaches all of the limitations of claim 1, as described above. Bak further teaches wherein constructing the authentication resolution model comprises: identifying correlations among the plurality of erroneous authentication submissions based (FIG. 5A-5C and para. 0031 and 0032, if the last received preceding credential was an invalid credential, a directed edge from the node corresponding to the last received preceding credentials to the new node is added) upon application of at least one artificial intelligence algorithm (FIG. 3 and para. 0065, monitoring login patterns and password heuristics); determining distinctions between the plurality of erroneous authentication submissions and the proper authentication submission based upon application of the at least one artificial intelligence algorithm (FIG. 5A-5C and para. 0028, the probability calculated ls or includes the likelihood that the source of the invalid credential is a legitimate or intended user of the system who may have mistyped the password. Para. 0034, dynamically constructing includes computing in real-time weights for directed edges between nodes corresponding to consecutively received credentials. For example, for the edge between the newly created node corresponding to credential ABCDEF and the node corresponding to the previously received credential AVCDEF), exceeding a predefined level of confidence threshold and that occurs a number of times exceeding a predefined error occurrence threshold over a duration of time exceeding a predefined learning threshold (para. 0028, the probability calculated is or includes the likelihood that the source of the invalid credential is a legitimate or intended user of the system who may have mistyped the password; para. 0037, restrictions on a maximum number of login attempts during a certain period of time).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Bak and Joye because there is a need for a solution that can allow an authentication system to allow mistyped passwords without having the drawbacks of the prior art solutions (Joye para. 0008).

 Regarding claim 6, the combination of Bak and Joye teaches all of the limitations of claim 5, as described above. Bak further teaches wherein constructing the authentication resolution model further comprises: defining at least one authentication
warning (para. 0039, if the probability of the invalid credential being an authentication attempt by a particular type of user is beyond (above or below) a threshold probability, a 
than or equal to the predefined learning threshold (para. 0039 and 0040, the probability
computed at 320 is the probability of the invalid credential being an authentication attempt by a legitimate user. If the probability is above the threshold (thereby indicating that a legitimate user is attempting to access the system), at 330, a security event is triggered to adjust an authentication condition of the system. This may be or include, for example, triggering a security event to exclude the invalid credential as a count against a permissible number of invalid access attempts. This also may be or include, for example, allowing a limited number of additional attempts above a default permissible number of invalid access attempts).

 Regarding claim 7, the combination of Bak and Joye teaches all of the limitations of claim 5. as described above. Bak further teaches wherein constructing the authentication resolution model further comprises: defining at least one authentication attack, wherein each of the at least one authentication attack includes a plurality of error patterns that occur an equal number of times and that collectively occur a number of times exceeding the predefined error occurrence threshold (para. 0037, by default has strict restrictions on a maximum number of login attempts during a certain period of 

 Regarding claim 8, the combination of Bak and Joye teaches all of the limitations of claim 1, as described above. Joye further teaches wherein each authentication exception defined in the authentication resolution model is encrypted to create a respective hashed exception by applying a hash function (para. 0026-0029, [t]he following illustrative example uses a reference password equal to TECHNICOLOR, padding to 12 characters, a maximum acceptation of 1 typing error and a hash function), and wherein identifying a correspondence between the new erroneous authentication submission and an authentication exception defined in the authentication resolution model (para. 0005, 0006 and. 0033, the server 120 receives the plurality of sub-entries [P] and compares each sub- entry with the stored password verifiers for the user to determine S13 if they match) comprises: applying the hash function to the new erroneous authentication submission to create a hashed result (para. 0031, the resistance method takes a, padded or unpadded, reference password RP with L characters and generates L sub-passwords by omitting character i in sub-password i, and applying a subfunction H to each preferably salted sub-password); comparing the hashed result to each respective hashed exception (para. 0033, compares each sub-entry with the stored password verifiers for the user to determine S13 if they match); and responsive to identifying a match between the hashed result and a respective hashed exception, identifying the matching hashed exception as the corresponding 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings Bak and Joye because there is a need for a solution that can allow an authentication system to allow mistyped passwords without having the drawbacks of the prior art solutions (Joye para. 0008).

 Regarding claim 9, the combination of Bak and Joye teaches all of the limitations of claim 1, as described above. Joye further teaches wherein completing authentication comprises: confirming authentication of the client based upon the corresponding authentication exception defined in the authentication resolution model (para. 0033, compares each sub-entry with the stored password verifiers for the user to determine S13 if they match); and facilitating access to the account associated with the client based upon a correlation identified between the corresponding authentication exception and the proper authentication submission (para. 0033, if at least one sub-entry matches a password verifier, the user is authenticated and a notification is sent S14 to the use via the computer 110).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Bak and Joye because there is a need for a solution that can allow an authentication system to allow


 Regarding claim 10, the combination of Bak and Joye teaches all of the limitations of claim 1, as described above Bak further teaches wherein performing the at least one client account warning protection activity comprises sending at least one
notification to the client regarding the new erroneous authentication submission (para. 0040, If the user again mistypes the password the two additional times (e.g., by retyping the alternative password believing perhaps she mistyped it, and then by trying a third alternate password), and the probability that the login attempts are by legitimate user are still above the threshold, the authentication conditions may be adjusted again, but this time to ask the user for the answer to a personal security question, for example).

 Regarding claim 11, the combination of Bak and Joye teaches all of the limitations of claim 1, as described above. Bak further teaches wherein performing the
at least one client account warning protection activity comprises transmitting a secondary authentication request (para. 0039, if the probability of the invalid credential being an authentication attempt by a particular type of user is beyond (above or below) a threshold probability, a security event is triggered to adjust an authentication condition of the system. If that limited additional number is reached, embodiments may ask for other information from the user instead of automatically locking out additional attempts).

 Regarding claim 12, the combination of Bak and Joye teaches all of the limitations of claim 1, as described above. Bak further teaches wherein performing the
at least one client account attack protection activity comprises facilitating client account lockout (para. 0037. to lock further login attempts after three failed attempts. unless there is a sufficient probability that the attempt is being made by a legitimate user).
	
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday -Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-

/SHU CHUN GAO/Examiner, Art Unit 2437 



/MATTHEW SMITHERS/Primary Examiner, Art Unit 2437