REASONS FOR ALLOWANCE 
The following is an examiner’s statement of reasons for allowance:
In the art of record, Kim et al. (US 2018/0189470A1) generally discloses the aspect of A computer implemented method for detecting bypass of an authentication system of a web application, the method being executed by one or more processors and comprising: receiving one or more logs comprising traffic associated with an application during a defined time period, receiving one or more authentication logs associated with one or more authentication appliances providing authentication services for the application, the one or more authentication logs comprising one or more time-stamped authentication factor entries for the one or more authentication appliances; determining, based on the one or more logs, one or more log entries corresponding to a user and the defined time period; determining, based on the one or more authentication logs, a total number of correct authentication factors provided by the user during the defined time period; and determining, based on the one or more log entries corresponding to the user and the defined time period and the total number of correct authentication factors provided by the user, that the user bypassed an authentication system of the application, and in view of Li et al. (US 92011/0162051A1) further teaches receiving one or more webpage logs comprising web traffic associated with a web application during a defined time period.. 
The art of record, whether taken alone or in combination, does not teach or make obvious the combinations of limitations recited, as exemplified in claim 1:
	determining, based on the one or more webpage log entries corresponding to the user and the defined time period and the total number of correct authentication factors provided by the user, that the user bypassed an authentication system of the web application, wherein determining that the user bypassed the authentication system of the web application comprises: determining an expected number of authentication factors for the user for the defined time period; and determining that the total number of correct authentication factors provided by the user during the defined time period is less than the expected number of authentication factors for the user for the defined time period. 

The claim limitations are quite unique in the sense that the way the system determines whether the user should be allow to bypass the authentication system is based on a user record wherein the system look at the number of authentication factors for the user for a defined time period and compare a correct authentication factor provided by the user during that defined period to determine whether the user should be allowed to bypass the authentication system Wherein  for the user to complete the bypass, the user must have entered the correct authentication less than a threshold amount of time within a threshold period. This is different from the prior art where the user must enter the correct authentication factor more than the threshold amount of time.

In addition to the art cited in the previous office action, the following art was also
considered:
Pande Pub. No.: 2019/0364027:  As described herein, the feature vector generator 104 further trains the authentication feature vector (e.g., using SVM, LSTM, RNN, Random Forest, Gradient Boosted Trees, Siamese network or other classifiers) with valid data (e.g., sensor data obtained from the mobile device while the authorized user uses the application) and invalid data (e.g., sensor data obtained from the mobile device while another user uses the application). This validation step is performed to find a threshold defining the closeness of feature vectors that belong to the authorized user. As will be described in further detail with reference to FIG. 4, a feature vector generated during operation of the application that is farther than the threshold to the authorized user's authentication feature vector indicates that user is an unauthorized user. In some embodiments, the authentication feature vector is updated over time as the authorized user's behavior changes over time.

The additional sited arts, whether taken alone or in combination, does not teach or make obvious the combinations of limitations recited, as exemplified in claim 1.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DI XIAO whose telephone number is (571)270-1758.  The examiner can normally be reached on 9Am-5Pm est M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Renee Chavez can be reached on 5712701104.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DI XIAO/Primary Examiner, Art Unit 2179