Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 1-22 are subject to examination.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1, 3, 5, 6, 12, 14, 16, 17, 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Oikonomou, 20140007205 in view of Parker 20130024515 and Zeitlin et al., 20150358338 and Shahbaz et al., 2018/0091528 and “Official Notice”.
Referring to claim(s) 1, 12, 22, Oikonomou discloses a system for identifying unauthorized attempts to access an account in a computer system, the account having an authorized user, the system comprising: a processor; a memory storing user data associated with the authorized user; and an authentication application containing processor executable instructions that, when executed by the processor, are to cause the processor to: a  non-transitory computer-readable storage medium storing instructions that, when executed by a processor of a computer system, cause the processor to identify unauthorized attempts to access an account, the account having an authorized user, the instructions, when executed by the processor, cause the processor to:

    PNG
    media_image1.png
    541
    632
    media_image1.png
    Greyscale

a method of identifying unauthorized attempts to access an account in a computer system, the account having an authorized user (repeated failed attempts to access an account, para 13), the method comprising: determining that a count of failed attempts to access the account exceeds a maximum (when repeated failed attempts to access an account, the account is temporarily locked, para 13; since it is repeated failed attempts, in which repeated includes checking for maximum attempts); based on the count exceeding the maximum, taking a security action with respect to the account (when repeated failed attempts to access an account, the account is temporarily locked being a security action, para 13; since it is repeated failed attempts, in which repeated includes checking for maximum attempts). Oikonomou does not specifically mention about, which is well-known in the art, which Parker discloses, retrieving from stored user data one or more peer contacts associated with the authorized user (accessing a list of authorized peers/users, abstract, para 39, 36); transmitting a failure attribution request to the one or more peer contacts (request for a response of authorized/unauthorized/ignore, abstract, para 39); receiving a response to the failure attribution request from at least one of the one or more peer contacts (response of authorized/unauthorized/ignore, abstract, para 39); when the response denies that the authorized user caused the failed attempts (unauthorized response, abstract, para 39); when the response confirms that the authorized user caused the failed attempts to access the account (authorized user’s response, abstract, para 39). 

    PNG
    media_image2.png
    318
    448
    media_image2.png
    Greyscale


    PNG
    media_image3.png
    641
    458
    media_image3.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known accessing a list containing authorized peers/users. A communication, request/response with the peer would enable determining whether a user is in the list or not. When the user is not in the list necessary action would be performed and the user is not allowed to access a resource, para 13, abstract.
Oikonomou and Parker do not specifically mention about, which is well-known in the art, which Zeitlin discloses, the response either indicating that the failed attempts are attributable to the authorized user or denying that the failed attempts are attributable to the authorized user (response message having a value that is used for indication, para 8). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known values of a response message. Based on the value of the response message necessary action would be performed that would be associated with a user, para 8. 
Oikonomou, Zeitlin and Parker do not specifically mention about, which is well-known in the art, which Shahbaz discloses, Requesting attribution for the failed attempts to access the account (query/request related to accessing user account for failed login attempts using data collected from device(s), para 244, 84, among peers/devices, para 165. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known obtaining of account access information. The account access information including failed attempts to access the account by associated user(s) would be provided in message. Based on the information of the response message necessary action would be performed to protect the system (for example, from login attack), para 244. 
	
Shahbaz also discloses other/overlapped limitations of the claimed subject matter of the claims 1, 12, and 22.
Peer to Peer network/nodes, para 324.
Peer to Peer Connection, para 323.
Unauthorized attempts to access an account, count exceeding the maximum: 
[0256] FIG. 20B illustrates a portion of an example interface including components for configuring a modular alert action involving an external security application. In the example of FIG. 20B, a portion of an interface 2004 includes an action configuration panel 2006 comprising various interface elements to configure one or more actions involving an external user identity management application. For example, a query for an associated modular alert may be configured to identify data indicating instances of failed login attempts at particular devices, and a triggering condition which detects when a threshold number of failed user login attempts occur within a defined period of time. In this example, a user may use an action configuration panel 2006 to specifying actions including requesting additional information about the affected user account from an external user identity management application, sending a request to block the user account, sending a request to turn on multi-factor authentication for the user account, and so forth. Action indicators 2008 illustrate other actions that may have been previously configured for the same modular alert, and which may be further modified or deleted by interacting with the corresponding interface elements. Furthermore, a user may select an interface component (e.g., an “Add New Response Action” link) to add a new action not currently listed, where the selection of the action to add may include any action available in the network security application (e.g., any actions preconfigured by a vendor of the network security application, custom actions created by a user, custom actions created by a vendor of an external application and/or system, etc.). [0259] At block 1806, the query included in the modular alert is executed. For example, the network security application may execute the query in response to creation of the modular alert and/or based on a defined execution schedule for the query, as described above in reference to block 1802. In an embodiment, executing a query may include a search head 210 searching a field-searchable data store 208, one or more external data storage systems, one or more external applications and/or systems, and/or any other data source. The execution of the query may include searching, processing, and/or filtering event data, raw machine data, log data, wire data, or any other type of data stored at the one or more data sources. In an embodiment, execution of the query may involve correlating data derived from two or more different sources, or two or more different types of data from a same data source. For example, if a particular modular alert relates to detecting instances of brute-force login attacks, one example correlation may involve searching for data indicating failed user account attempts at a particular device with other network data related to the same device recorded by the device or other system components.

Response to the request/query:
respond with the requested content stored in one or more response packets, para 84

Taking an action when unauthorized user caused the failed attempts:
including requesting additional information about the affected user account from an external user identity management application, sending a request to block the user account, sending a request to turn on multi-factor authentication for the user account, and so forth, para 256

Oikonomou, Zeitlin, Shahbaz and Parker do not specifically mention about, clearing the count of failed attempts to access the account. Official Notice is taken that these limitations are well-known in the art.
For example,
Matas et al., 20090227232 para 79, claims 1-10.

[0079] In some implementations, the step 540 can comprise: a step 542 for receiving a current authentication request, and a step 544 for verifying the passcode. If the passcode is correct, i.e., the current authentication request is valid, the step 540 can further comprise the following steps: a step 547 for activating a restricted functionality corresponding to the authentication request, and, optionally, a step 548 for resetting the attempt count for failed passcode attempts. If the passcode is incorrect, i.e., the current authentication request is determined to be invalid, the step 540 is completed, and the process 500 proceeds with steps 550, 560, 570, or 580.
Also, for the overlap teachings of limitations, when the response denies that the authorized user caused the failed attempts to access the account, taking a security action with respect to the account:
1. A method, comprising: determining a current authentication request is invalid; determining a delay time; and delaying submission of a next authentication request until after the delay time has expired.

2. The method of claim 1, wherein the delaying submission of a next authentication attempt further comprises delaying visual feedback of a user input until after the delay time has expired.

3. The method of claim 1, wherein the delay submission of a next authentication attempt further comprises delaying processing of a user input until after the delay time has expired.

4. The method of claim 1, wherein the delay in submission of a next authentication attempt further comprises delaying accepting a user input until after the delay time has expired.

5. The method of claim 1, wherein the current authentication request has been entered to gain access to an access control management interface in a mobile telephone device.

6. The method of claim 5, wherein the access control management interface is a parental control settings interface.

7. The method of claim 1, further comprising: maintaining an attempt count for invalid authentication requests; and wherein the determining a delay time further comprises determining a delay time based on the attempt count.

8. The method of claim 7, wherein the delay time increases with the attempt count.

9. The method of claim 7, wherein the delay time increases with the attempt count when the attempt count exceeds a predetermined limit.

10. The method of claim 7, further comprising: if the next authentication request is valid, resetting the attempt count.

Inoue et al., 20020186688, para 121, 125, 156, 163,

Kottahachchi 20090077645 claim 6

Cheston et al., 20050138399 para 18

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known resetting/clearing the count of failed attempts to access the account. The user would not be allowed to access the account during the failed attempts. When the user is allowed to access the account the it is no longer a failed attempt. Resetting/clearing the count of failed attempts to access the account after the allowed access to the account would enable the user to again have all the failed attempts available in future. One of ordinary skilled in the art would readily know, and also millions of users around the globe experience this feature, i.e., resetting/clearing the count of failed attempts to access the account. Please see above cited prior arts. 

Referring to claim(s) 3, 14, Parker discloses wherein the stored user data comprises a peer list containing the one or more peer contacts associated with the authorized user (nodes/peers having the list, para 39, 36).

Referring to claim(s) 5, 16, Parker discloses peer contact information to which the failure attribution request is to be transmitted (other peer information for the request, para 39, 36).

Referring to claim(s) 6, 17, Oikonomou discloses wherein the security action comprises at least one of sending a notification to a security administrator, altering an authorization setting for the account, temporarily preventing further access attempts to the account, or imposing a further level of authentication required to access the account following a successful authentication (when repeated failed attempts to access an account, the account is temporarily locked being a security action, para 13; since it is repeated failed attempts, in which repeated includes checking for maximum attempts).

Claim(s) 2, 13, is/are rejected under 35 U.S.C. 103 as being unpatentable over Oikonomou, in view of Parker, Zeitlin, “Official Notice”, Shahbaz and Kutner 2020/0213334.
Referring to claim(s) 2, 13, Oikonomou, Zeitlin, Shahbaz and Parker do not specifically mention about, which is well-known in the art, which Kutner discloses, determine that the count of failed attempts to access the account exceeds the maximum by: receiving a request for access to the account with offered credentials (attempted credential, para 40, 41); determining that the offered credentials do not match stored user credentials for the account (failed credential with log, para 40, 41); and incrementing the count of failed attempts (attempt count is incremented, para 40, 41). 

    PNG
    media_image4.png
    627
    759
    media_image4.png
    Greyscale

    PNG
    media_image5.png
    633
    849
    media_image5.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known credential, credential log and number of failed attempts. When the credential is valid a user is allowed to access a recourse. When the credential is determined to be invalid the user would be able to provide the credential again until the number of attempts reach to a threshold. Before the number of attempts reach to the threshold, the user would be provided access if the user provide a valid credential, para 40, 41.  

Claim(s) 4, 15, is/are rejected under 35 U.S.C. 103 as being unpatentable over Oikonomou, in view of Parker, Zeitlin, Shahbaz, “Official Notice” and Yeates et al., 20050120214.
Referring to claim(s) 4, 15, Oikonomou, Zeitlin, Shahbaz and Parker do not specifically mention about, which is well-known in the art, which Yeates discloses, wherein the peer list is stored in association with the account (the list at peers with accounts on both peers for authentication and authorization, para 6). 

    PNG
    media_image6.png
    607
    779
    media_image6.png
    Greyscale

    PNG
    media_image7.png
    547
    741
    media_image7.png
    Greyscale

    PNG
    media_image8.png
    742
    572
    media_image8.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known list at peers. The list would enable containing peer information which can be used for authentication and/or authorization. The account information would be associated with the list that would enable authorizing a user for access to a recourse, para 6.  

Claim(s) 7, 11, 18, is/are rejected under 35 U.S.C. 103 as being unpatentable over Oikonomou, in view of Parker, Zeitlin, Shahbaz, “Official Notice” and Tamvada et al., 2017/0064090.
Referring to claim(s) 7, 18, Oikonomou discloses when the response denies user involvement in the failed attempts then taking the security action (the account is temporarily locked, para 13). 

    PNG
    media_image9.png
    538
    775
    media_image9.png
    Greyscale

Oikonomou, Zeitlin, Shahbaz and Parker do not specifically mention about, which is well-known in the art, which Tamvada discloses, transmitting an attribution request to a user contact address for the authorized user (request to the user regarding contact, para 48, 49), receiving a response from the user contact address (response to the request, para 73). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known request and response regarding a contact. The contact address would be utilized for communication for performing authorization of a user, para 73.  

Referring to claim(s) 11, Tamvada discloses determining that a number of failure attribution requests transmitted over a time period is below an abuse threshold as a condition precedent to transmitting the failure attribution request (abuse determination engine determines the request within a time period exceeds a threshold or not to transmit the request, para 95, 97).

Claim(s) 8, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Oikonomou, in view of Parker, Zeitlin, Shahbaz, “Official Notice”, Weaver 2008/0189338 and Noh et al., 2009/0116640.
Referring to claim(s) 8, 19, Oikonomou, Zeitlin, Shahbaz and Parker do not specifically mention about, which is well-known in the art, which Weaver discloses, a plurality of peer contacts in a hierarchical order (hierarchical peer contact list with next peer, para 50), and wherein transmitting comprises: transmitting the failure attribution request to a first peer contact in the hierarchical order (request to peer of the hierarchical peer contact list, para 50); awaiting the response; sending the failure attribution request to a next peer contact in the hierarchical order (request to next peer of the hierarchical peer contact list when failure, para 50). 

    PNG
    media_image10.png
    583
    742
    media_image10.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known hierarchical peer contact list. A next peer contact would be used regarding the request and response. The contact address would be utilized for communication for performing authorization of a user, para 50. Oikonomou, Weaver and Parker do not specifically mention about, which is well-known in the art, which Noh discloses, if the response is not received within a time window, para 39. 

    PNG
    media_image11.png
    553
    757
    media_image11.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known determining whether or not a response request is not received within a time window. When the response is not received within the time window further processing would be made prior to performing an action, para 39.  

Claim(s) 9, 10, 20, 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Oikonomou, in view of Parker, Zeitlin, “Official Notice”, Shahbaz, Weaver, Noh and Li et al., 2014/0259130.
Referring to claim(s) 9, 20, Oikonomou, Weaver, Shahbaz, Zeitlin, Noh and Parker do not specifically mention about, which is well-known in the art, which Li discloses, temporarily preventing further access attempts to the account while awaiting the response, para 70. 

    PNG
    media_image12.png
    663
    505
    media_image12.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known temporarily preventing further access attempts to the account. After a failed attempt the response would enable determining whether the user can be authorized for access to a resource. Until such determination is done, temporarily preventing further access attempts to the account would enable that the determination is performed for necessary actions based on the determination outcome, para 70.  

Referring to claim(s) 10, 21, Weaver discloses, wherein the awaiting and sending are repeated for each successive peer contact in the hierarchical order, para 50. Noh discloses until the response is received, para 39.

Response to Arguments
Applicant's arguments filed 7/5/22, pages 7-10 have been fully considered but they are not persuasive.  Therefore, rejection of claims 1-22 is maintained. 
Regarding applicant’s concerns for the amended claim subject matter, the rejections are updated accordingly. Please refer to above updated rejections for relied upon prior arts. 
Oikonomou discloses a system for identifying unauthorized attempts to access an account in a computer system, the account having an authorized user, the system comprising: a processor; a memory storing user data associated with the authorized user; and an authentication application containing processor executable instructions that, when executed by the processor, are to cause the processor to: a  non-transitory computer-readable storage medium storing instructions that, when executed by a processor of a computer system, cause the processor to identify unauthorized attempts to access an account, the account having an authorized user, the instructions, when executed by the processor, cause the processor to:

    PNG
    media_image1.png
    541
    632
    media_image1.png
    Greyscale

a method of identifying unauthorized attempts to access an account in a computer system, the account having an authorized user (repeated failed attempts to access an account, para 13), the method comprising: determining that a count of failed attempts to access the account exceeds a maximum (when repeated failed attempts to access an account, the account is temporarily locked, para 13; since it is repeated failed attempts, in which repeated includes checking for maximum attempts); based on the count exceeding the maximum, taking a security action with respect to the account (when repeated failed attempts to access an account, the account is temporarily locked being a security action, para 13; since it is repeated failed attempts, in which repeated includes checking for maximum attempts). Oikonomou does not specifically mention about, which is well-known in the art, which Parker discloses, retrieving from stored user data one or more peer contacts associated with the authorized user (accessing a list of authorized peers/users, abstract, para 39, 36); transmitting a failure attribution request to the one or more peer contacts (request for a response of authorized/unauthorized/ignore, abstract, para 39); receiving a response to the failure attribution request from at least one of the one or more peer contacts (response of authorized/unauthorized/ignore, abstract, para 39); when the response denies that the authorized user caused the failed attempts (unauthorized response, abstract, para 39); when the response confirms that the authorized user caused the failed attempts to access the account (authorized user’s response, abstract, para 39). 

    PNG
    media_image2.png
    318
    448
    media_image2.png
    Greyscale


    PNG
    media_image3.png
    641
    458
    media_image3.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known accessing a list containing authorized peers/users. A communication, request/response with the peer would enable determining whether a user is in the list or not. When the user is not in the list necessary action would be performed and the user is not allowed to access a resource, para 13, abstract.
Oikonomou and Parker do not specifically mention about, which is well-known in the art, which Zeitlin discloses, the response either indicating that the failed attempts are attributable to the authorized user or denying that the failed attempts are attributable to the authorized user (response message having a value that is used for indication, para 8). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known values of a response message. Based on the value of the response message necessary action would be performed that would be associated with a user, para 8. 
Oikonomou, Zeitlin and Parker do not specifically mention about, which is well-known in the art, which Shahbaz discloses, Requesting attribution for the failed attempts to access the account (query/request related to accessing user account for failed login attempts using data collected from device(s), para 244, 84, among peers/devices, para 165. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known obtaining of account access information. The account access information including failed attempts to access the account by associated user(s) would be provided in message. Based on the information of the response message necessary action would be performed to protect the system (for example, from login attack), para 244. 
	
Shahbaz also discloses other/overlapped limitations of the claimed subject matter of the claims 1, 12, and 22.
Peer to Peer network/nodes, para 324.
Peer to Peer Connection, para 323.
Unauthorized attempts to access an account, count exceeding the maximum: 
[0256] FIG. 20B illustrates a portion of an example interface including components for configuring a modular alert action involving an external security application. In the example of FIG. 20B, a portion of an interface 2004 includes an action configuration panel 2006 comprising various interface elements to configure one or more actions involving an external user identity management application. For example, a query for an associated modular alert may be configured to identify data indicating instances of failed login attempts at particular devices, and a triggering condition which detects when a threshold number of failed user login attempts occur within a defined period of time. In this example, a user may use an action configuration panel 2006 to specifying actions including requesting additional information about the affected user account from an external user identity management application, sending a request to block the user account, sending a request to turn on multi-factor authentication for the user account, and so forth. Action indicators 2008 illustrate other actions that may have been previously configured for the same modular alert, and which may be further modified or deleted by interacting with the corresponding interface elements. Furthermore, a user may select an interface component (e.g., an “Add New Response Action” link) to add a new action not currently listed, where the selection of the action to add may include any action available in the network security application (e.g., any actions preconfigured by a vendor of the network security application, custom actions created by a user, custom actions created by a vendor of an external application and/or system, etc.). [0259] At block 1806, the query included in the modular alert is executed. For example, the network security application may execute the query in response to creation of the modular alert and/or based on a defined execution schedule for the query, as described above in reference to block 1802. In an embodiment, executing a query may include a search head 210 searching a field-searchable data store 208, one or more external data storage systems, one or more external applications and/or systems, and/or any other data source. The execution of the query may include searching, processing, and/or filtering event data, raw machine data, log data, wire data, or any other type of data stored at the one or more data sources. In an embodiment, execution of the query may involve correlating data derived from two or more different sources, or two or more different types of data from a same data source. For example, if a particular modular alert relates to detecting instances of brute-force login attacks, one example correlation may involve searching for data indicating failed user account attempts at a particular device with other network data related to the same device recorded by the device or other system components.

Response to the request/query:
respond with the requested content stored in one or more response packets, para 84

Taking an action when unauthorized user caused the failed attempts:
including requesting additional information about the affected user account from an external user identity management application, sending a request to block the user account, sending a request to turn on multi-factor authentication for the user account, and so forth, para 256

Oikonomou, Zeitlin and Parker do not specifically mention about, clearing the count of failed attempts to access the account. Official Notice is taken that these limitations are well-known in the art.
For example,
Matas et al., 20090227232 para 79, claims 1-10.

[0079] In some implementations, the step 540 can comprise: a step 542 for receiving a current authentication request, and a step 544 for verifying the passcode. If the passcode is correct, i.e., the current authentication request is valid, the step 540 can further comprise the following steps: a step 547 for activating a restricted functionality corresponding to the authentication request, and, optionally, a step 548 for resetting the attempt count for failed passcode attempts. If the passcode is incorrect, i.e., the current authentication request is determined to be invalid, the step 540 is completed, and the process 500 proceeds with steps 550, 560, 570, or 580.
Also, for the overlap teachings of limitations, when the response denies that the authorized user caused the failed attempts to access the account, taking a security action with respect to the account:
1. A method, comprising: determining a current authentication request is invalid; determining a delay time; and delaying submission of a next authentication request until after the delay time has expired.

2. The method of claim 1, wherein the delaying submission of a next authentication attempt further comprises delaying visual feedback of a user input until after the delay time has expired.

3. The method of claim 1, wherein the delay submission of a next authentication attempt further comprises delaying processing of a user input until after the delay time has expired.

4. The method of claim 1, wherein the delay in submission of a next authentication attempt further comprises delaying accepting a user input until after the delay time has expired.

5. The method of claim 1, wherein the current authentication request has been entered to gain access to an access control management interface in a mobile telephone device.

6. The method of claim 5, wherein the access control management interface is a parental control settings interface.

7. The method of claim 1, further comprising: maintaining an attempt count for invalid authentication requests; and wherein the determining a delay time further comprises determining a delay time based on the attempt count.

8. The method of claim 7, wherein the delay time increases with the attempt count.

9. The method of claim 7, wherein the delay time increases with the attempt count when the attempt count exceeds a predetermined limit.

10. The method of claim 7, further comprising: if the next authentication request is valid, resetting the attempt count.

Inoue et al., 20020186688, para 121, 125, 156, 163,

Kottahachchi 20090077645 claim 6

Cheston et al., 20050138399 para 18

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Oikonomou to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known resetting/clearing the count of failed attempts to access the account. The user would not be allowed to access the account during the failed attempts. When the user is allowed to access the account the it is no longer a failed attempt. Resetting/clearing the count of failed attempts to access the account after the allowed access to the account would enable the user to again have all the failed attempts available in future. One of ordinary skilled in the art would readily know, and also millions of users around the globe experience this feature, i.e., resetting/clearing the count of failed attempts to access the account. Please see above cited prior arts. 




Conclusion
One of ordinary skilled in the art would readily know that amended limitations, when the response confirms that the authorized user caused the failed attempts to access the account, clearing the count of failed attempts to access the account, is well-known in the art. Addition of such hundreds of limitations would not make the claimed subject matter novel.
For example following prior art discloses these well-known limitations along with overlapped limitations of the claim:
Inoue et al., 20020186688, para 121, 125, 156, 163,
Matas et al., 20090227232 para 79
Kottahachchi 20090077645 claim 6
Cheston et al., 20050138399 para 18

Pertinent portions of Shahbaz for other/overlapped limitations (that are rejected under other prior arts) of the claimed subject matter of the claims 1, 12, and 22.
Peer to Peer network/nodes, para 324.
Peer to Peer Connection, para 323.
Unauthorized attempts to access an account, count exceeding the maximum: 
[0256] FIG. 20B illustrates a portion of an example interface including components for configuring a modular alert action involving an external security application. In the example of FIG. 20B, a portion of an interface 2004 includes an action configuration panel 2006 comprising various interface elements to configure one or more actions involving an external user identity management application. For example, a query for an associated modular alert may be configured to identify data indicating instances of failed login attempts at particular devices, and a triggering condition which detects when a threshold number of failed user login attempts occur within a defined period of time. In this example, a user may use an action configuration panel 2006 to specifying actions including requesting additional information about the affected user account from an external user identity management application, sending a request to block the user account, sending a request to turn on multi-factor authentication for the user account, and so forth. Action indicators 2008 illustrate other actions that may have been previously configured for the same modular alert, and which may be further modified or deleted by interacting with the corresponding interface elements. Furthermore, a user may select an interface component (e.g., an “Add New Response Action” link) to add a new action not currently listed, where the selection of the action to add may include any action available in the network security application (e.g., any actions preconfigured by a vendor of the network security application, custom actions created by a user, custom actions created by a vendor of an external application and/or system, etc.). [0259] At block 1806, the query included in the modular alert is executed. For example, the network security application may execute the query in response to creation of the modular alert and/or based on a defined execution schedule for the query, as described above in reference to block 1802. In an embodiment, executing a query may include a search head 210 searching a field-searchable data store 208, one or more external data storage systems, one or more external applications and/or systems, and/or any other data source. The execution of the query may include searching, processing, and/or filtering event data, raw machine data, log data, wire data, or any other type of data stored at the one or more data sources. In an embodiment, execution of the query may involve correlating data derived from two or more different sources, or two or more different types of data from a same data source. For example, if a particular modular alert relates to detecting instances of brute-force login attacks, one example correlation may involve searching for data indicating failed user account attempts at a particular device with other network data related to the same device recorded by the device or other system components.

Response to the request/query:
respond with the requested content stored in one or more response packets, para 84

Taking an action when unauthorized user caused the failed attempts:
including requesting additional information about the affected user account from an external user identity management application, sending a request to block the user account, sending a request to turn on multi-factor authentication for the user account, and so forth, para 256.
Since, the application was filed dated 1/17/2019, and numerous office actions have been part of the prosecution history, and mainly considering Applicant’s amendments to the claims of the prosecution history; Applicant is kindly reminded for compact prosecution, rather extended prosecution.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571) 272-3973.  The examiner can normally be reached on Monday-Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HARESH N PATEL/Primary Examiner, Art Unit 2496