Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are pending in this application. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/10/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 5-7, 9, 10-11, 15-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gunuganti et al (“Gunuganti,” EP 3471007) in view of Sadika et al (“Sadika,” US 20160308900). 

Regarding claim 1, Gunaganti discloses an authorization access system comprising: (Gunaganti, [0020], [0031], [0041] &  [0034] describes an authorization access system)
at least one processor; (Gunaganti, [0005], describes at least one processor) and
a memory storing instructions which when executed by the at least one processor configure the at least one processor to: (Gunaganti, [0005] describes a memory storing instructions which when executed by the at least one processor)
assign a second risk score to the API traffic associated with the user device observed at the API gateway; (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes assign a second low consistency score which can be indicative of anomalous activity [second risk score] to the API traffic associated with the compute device 110 [user device] observed at the API gateway as shown in 120a)
assign a third risk score to the API traffic associated with the user device observed after the API gateway; (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes assign a low consistency score which can be indicative of anomalous activity [third risk score] to the API traffic associated with the compute device 110 [user device] observed after the API gateway to destination server 130) and
perform an authorization action based on any of the first, second or third risk scores, (Gunaganti, [0031], [0041] & [0034] describe perform an authorization action based on any of the second or third low consistency scores which are anomalous [second or third risk scores])
Gunaganti fails to explicitly disclose assign a first risk score to application programming interface (API) traffic associated with a user device observed prior to an API gateway. 
However, in an analogous art, Sadika discloses assign a first risk score to application programming interface (API) traffic associated with a user device observed prior to an API gateway, (Sadika, FIG 1; [0011], [0086], [0088]-[0091], describes assign a first suspicion score [first risk score] to application programming interface (API) traffic associated with a user device observed prior to an API gateway)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sadika with the method/system of Gunuganti to include assign a first risk score to application programming interface (API) traffic associated with a user device observed prior to an API gateway. One would have been motivated to identify and prevent malicious application programming interface (API) attacks (Sadika, [0002]). 

Regarding claim 5, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunuganti further discloses wherein the at least one processor is configured to: (Gunuganti, [0005] describes wherein the at least one processor is configured)
observe the API traffic prior to the API traffic arriving at the API gateway; (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes observe the API traffic prior to the API traffic arriving at the API gateway)
determine the first risk score; (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes determining the first low consistency score which can be indicative of anomalous activity)
observe the API traffic at the API gateway; (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes observing the API traffic at the API gateway)
determine the second risk score; (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes determining the second low consistency score which can be indicative of anomalous activity [second risk score])
observe the API traffic at a back end service after the API gateway; (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes observing API traffic at a destination server that hosts a web service after the API gateway [back end service])
and determine the third risk score, (Gunaganti, FIG 1B, [0050]-[0054] & [0058]-[0067], describes and determine the third low consistency score which can be indicative of anomalous activity [third risk score]). 

Regarding claim 6, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunuganti further discloses wherein to perform the authorization action the at least one processor is configured to one of: 
allow the API traffic, (Gunuganti, [0031], describes allow the API traffic)
block the API traffic; (Gunuganti, [0041], describes restricting the API traffic)
send a security alert; (Gunuganti, [0034], describes sending an alert)
or require an authorization credentials check from a user device associated with the API traffic.

Regarding claim 7, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunaganti further discloses wherein the at least one processor is further configured to observe the API traffic behavior, (Gunaganti, [0005], [0080] & [0050] describes wherein the at least one processor is further configured to observe the API traffic behavior for anomalous activity)
the API traffic behavior comprising at least one of: (Gunaganti, [0080] & [0050] describe the API traffic behavior)
an interface interactive pattern comprising at least one of: 
an interface interactive pattern comprising at least one of: a movement pattern of a mouse; 
or a keyboard strokes pattern; 
or an end user access pattern comprising at least one of: (Gunaganti, [0080] describes a user access pattern)
a time pattern; 
or a behavior pattern, (Gunaganti, [0057], [0061], [0080] describes a behavior pattern)

Regarding claim 9, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunaganti further discloses wherein the at least one processor is configured to: (Gunaganti, [0088], processor)
observe the API traffic at a different point in the API architecture; (Gunaganti, [0050]-[0054] & [0058]-[0067], describe observe the API traffic at a different point in the API architecture)
determine another risk score; (Gunaganti, [0050]-[0054] & [0058]-[0067], describe determine another low consistency score which is anomalous [risk score])
and assign another risk score to API traffic observed at the different point in the API architecture, (Gunaganti, [0050]-[0054] & [0058]-[0067], describe and assign another low consistency score which is anomalous [risk score] to API traffic observed at the different point in the API architecture)

Regarding claim 10, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunganti further discloses observe subsequent API traffic associated with the user device prior to the API gateway;  (Gunaganti, FIG 1B; [0050]-[0054] & [0058]-[0067], describe observe subsequent API traffic associated with the user device prior to the API gateway)
update the first risk score based on the subsequent API traffic prior to the API gateway; (Gunaganti, FIG 1B; [0050]-[0054] & [0058]-[0067], describe update the first low consistency score which can be indicative of anomalous activity [first risk score] based on the subsequent API traffic prior to the API gateway)
observe subsequent API traffic associated with the user device at the API gateway; (Gunaganti, FIG 1B; [0050]-[0054] & [0058]-[0067], describe observe subsequent API traffic associated with the user device at the API gateway)
update the second risk score based on the subsequent API traffic at the API gateway; (Gunaganti, FIG 1B; [0050]-[0054] & [0058]-[0067], describe update the second low consistency score which can be indicative of anomalous activity [second risk score] based on the subsequent API traffic at the API gateway)
observe subsequent API traffic associated with the user device after the API gateway; (Gunaganti, FIG 1B; [0050]-[0054] & [0058]-[0067], describe observe subsequent API traffic associated with the user device after the API gateway)
and update the third risk score based on the subsequent API traffic after the API gateway, (Gunaganti, FIG 1B; [0050]-[0054] & [0058]-[0067], describe and update the third consistency score which can be indicative of anomalous activity [third risk score] based on the subsequent API traffic after the API gateway)

Regarding claim 11, claim 11 is directed to a method. Claim 11 is similar in scope to claim 1 and is therefore rejected under similar rationale. 

Regarding claim 15, claim 15 is directed to the method as claimed in claim 11. Claim 15 is similar in scope to claim 5 and is therefore rejected under similar rationale. 

Regarding claim 16, claim 16 is directed to the method as claimed in claim 11. Claim 16 is similar in scope to claim 6 and is therefore rejected under similar rationale. 

Regarding claim 17, claim 17 is directed to the method as claimed in claim 11. Claim 17 is similar in scope to claim 7 and is therefore rejected under similar rationale. 

Regarding claim 19, claim 19 is directed to the method as claimed in claim 11. Claim 19 is similar in scope to claim 9 and is therefore rejected under similar rationale.

Regarding claim 20, claim 20 is directed to the method as claimed in claim 11. Claim 20 is similar in scope to claim 10 and is therefore rejected under similar rationale. 

Claim(s) 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Gunuganti et al (“Gunuganti,” EP 3471007) in view of Sadika et al (“Sadika,” US 20160308900) and further in view of Most et al (“Most,” US 20170118239). 

Regarding claim 2, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunuganti and Sadika fail to explicitly disclose wherein the first, second and third risk scores comprise independent risk score analysis. 
However, in an analogous art, Most discloses wherein the first, second and third risk scores comprise independent risk score analysis (Most, [0025], [0037], [0046], describes wherein the first, second and third risk scores comprise independent risk score analysis). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Most with the method/system of Gunuganti and Sadika to include wherein the first, second and third risk scores comprise independent risk score analysis. One would have been motivated to provide risk analysis and cyber threat detection (Most, [0002]). 

Regarding claim 12, claim 12 is directed to the method as claimed in claim 11. Claim 12 is similar in scope to claim 2 and is therefore rejected under similar rationale. 

Claim(s) 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Gunuganti et al (“Gunuganti,” EP 3471007) in view of Sadika et al (“Sadika,” US 20160308900) and further in view of Nanduri et al (“Nanduri,” US 20210097541). 
 
Regarding claim 3, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunuganti and Sadika fail to explicitly disclose wherein the second risk score is determined using information from the first risk score. 
However, in an analogous art, Nanduri discloses wherein the second risk score is determined using information from the first risk score (Nanduri, [0132]-[0133] describes . wherein the second risk score is determined using information from the first risk score)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Nanduri with the method/system of Gunuganti and Sadika to include wherein the second risk score is determined using information from the first risk score. One would have been motivated to provide a method and system for determining a risk score for one or more data transactions (Nanduri, [0010]). 

Regarding claim 13, claim 13 is directed to the method as claimed in claim 11. Claim 13 is similar in scope to claim 3 and is therefore rejected under similar rationale. 

Claim(s) 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Gunuganti et al (“Gunuganti,” EP 3471007) in view of Sadika et al (“Sadika,” US 20160308900) and further in view of Jakobson et al (“Jakobson,” US 20180152471). 

Regarding claim 4, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunuganti and Sadika fail to explicitly disclose wherein the third risk score is determined using information from the first risk score or from the second risk score. 
However, in an analogous art, Jakobson discloses wherein the third risk score is determined using information from the first risk score or from the second risk score (Jakobson, [0076], describes wherein the third risk score is determined using information from the first risk score or from the second risk score). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jakobson with the method/system of Gunuganti and Sadika to include wherein the third risk score is determined using information from the first risk score or from the second risk score. One would have been motivated to detect computer security risk based on previously observed communications (Jakobson, [0028])

Regarding claim 14, claim 14 is directed to the method as claimed in claim 11. Claim 14 is similar in scope to claim 4 and is therefore rejected under similar rationale. 

Claim(s) 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Gunuganti et al (“Gunuganti,” EP 3471007) in view of Sadika et al (“Sadika,” US 20160308900) and further in view of Morrison et al (“Morrison,” US 20200117523). 

Regarding claim 8, Gunuganti and Sadika disclose the system as claimed in claim 1. 
Gunuganti and Sadika fail to explicitly disclose wherein the at least one processor is configured to identify device information of the user device associated with the API traffic, the device information comprising at least one of: an internet protocol (IP) address associated with the user device of the API traffic; hardware information associated with the user device, the hardware information comprising at least one of: an application version attribute; a geographic position; or a hardware concurrency attribute; or software information associated with the user device, the software information comprising at least one of: a user agent attribute; or a browser language selection. 
However, in an analogous art, Morrison discloses wherein the at least one processor is configured to identify device information of the user device associated with the API traffic, (Morrison, [0026], describes wherein the at least one processor is configured to identify device information of the user device associated with the API traffic)
the device information comprising at least one of: (Morrison, [0058], [0075] describes the device information)
an internet protocol (IP) address associated with the user device of the API traffic; (Morrison, [0058], [0075] describes an internet protocol (IP) address associated with the user device of the API traffic)
hardware information associated with the user device, the hardware information comprising at least one of:  (Morrison, [0073] describes hardware information associated with the user device)
an application version attribute; 
a geographic position; (Morrison, [0030], describes a geographic position)
or a hardware concurrency attribute; 
or software information associated with the user device, the software information comprising at least one of: 
a user agent attribute; 
or a browser language selection.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Morrison with the method/system of Gunuganti and Sadika to include wherein the at least one processor is configured to identify device information of the user device associated with the API traffic, the device information comprising at least one of: an internet protocol (IP) address associated with the user device of the API traffic; hardware information associated with the user device, the hardware information comprising at least one of: an application version attribute; a geographic position; or a hardware concurrency attribute; or software information associated with the user device, the software information comprising at least one of: a user agent attribute; or a browser language selection. One would have been motivated to provide deep content inspection of API traffic (Morrison, [0004]).

Regarding claim 18, claim 18 is directed to the method as claimed in claim 11. Claim 18 is similar in scope to claim 8 and is therefore rejected under similar rationale. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/           Examiner, Art Unit 2439      



/LUU T PHAM/           Supervisory Patent Examiner, Art Unit 2439