DETAILED ACTION
This communication is in response to Applicant’s Request for Continued Examination (RCE) filed on 02/18/2021. Claims 1, 10, 16-17, and 20 has been amended. Claim 9 has been canceled and claim 21 has been added new in an examiner’s amendment. Claims 1-8 and 10-21 are pending and directed towards system, method and program product for HONEYPOT ADAPTIVE SECURITY SYSTEM. Claims 1-8 and 10-21 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
	In view of Applicant’s amendment and argument submitted, examiner withdraws the previous 35 USC 112(b) and 35 USC 103 rejections. 

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Nabil A. Abdalla (Reg. No. 70,827) on March 10, 2021.

1. (Currently Amended) A system comprising:
one or more processors;
memory coupled to the one or more processors, the memory including one or more modules that are executable by the one or more processors to:
retrieve client data associated with an application on a client device, the client data including at least a record of system activities associated with execution of the application on the client device;  
retrieve policy rules associated with the application, the policy rules identifying confidential client or network (CCN) data that is associated with the client device, the policy rules further identifying a first subset of CCN data that is accessible by the application and a second subset of CCN data to which access by the application is prohibited; 
generate an application data model to quantify emerging trends of the application gaining over-privileged access to the second subset of CCN data on the client device, based at least in part on historical instances of the client data and the policy rules;
determine 
quantify a portion of the client data that is less than an entirety of the client data based at least in part on the probability being less than a predetermined threshold;
parse the portion of the client data to identify an instance of the application gaining over-privileged access to the second subset of CCN data; 

deploy the solution data package to the client device.

8. (Currently Amended) The system of claim 1, wherein the one or more modules are further executable by the one or more processors to:
determine that the probability that the application has gained over-privileged access to the second subset of CCN data is greater than [[a ]]the predetermined threshold, and
wherein, the portion of the client data corresponds to an entirety of the client data, based at least in part on the probability being greater than the predetermined threshold.

9. (Canceled)

10. (Currently Amended) A computer-implemented method, comprising:
under control of one or more processors:
retrieving, client data associated with execution of an application on a client device, the client data including data logs of data communications between the application and the client device; 
retrieving, from one or more data-stores, policy rules and historical client data associated with the application, the policy rules identifying confidential client or network (CCN) data to which access by the application is prohibited, and the historical client data including historical instances of the application gaining over-privileged access to the CCN data;

determining 
quantifying a portion of the client data that is less than an entirety of the client data based at least in part on the probability being less than a predetermined threshold;
parsing the portion of the client data to identify an instance of the application gaining over-privileged access to the CCN data; 
generating a solution data package for deployment to the client device, based at least in part on identifying the instance of the application gaining over-privileged access to the CCN data; and
deploying the solution data package to the client device.

16. (Currently Amended) One or more non-transitory computer-readable media storing computer-executable instructions that, when executed on one or more processors, cause the one or more processors to perform acts comprising:
retrieving client data associated with an application on a client device, the client data including access to portions of client account features to facilitate execution of the application on the client device, the client account features including at least a quality of service feature or a network accessibility feature;

retrieving historical instances of client data associated with execution of the application on the client device;
generating an application data model that quantifies emerging trends of the application gaining over-privileged access to the client account features, based at least in part on the historical instances of client data and the policy rules;
determining a probability that the application has gained over-privileged access to the client account features, based at least in part on analysis of the client data relative to the application data model;
parsing a portion of the client data that is less than an entirety of the client data to identify an instance of the application gaining over-privileged access to the client account features, based at least in part on the probability being less than a predetermined threshold 
generating a solution data package for deployment to the client device, the solution data package to resolve the instance of the application gaining over-privileged access to the client account features on the client device; and
deploying the solution data package to the client device.

21. (New) The computer-implemented method of claim 10, further comprising:
determining that the probability of the application has gained over-privileged access to the second subset of CCN data is greater than the predetermined threshold, and


Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
The closest prior arts of record are Kirti et al. U.S. Patent Pub. No. 2017/0251013 A1 and Lotter et al. U.S. Patent Pub No. 2014/0214668 A1.
Kirti discloses a security management system that discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system obtains network data about network traffic to identify unique applications. The security management system performs analysis and correlation, including use of one or more data sources, to determine information about an application. The system computes a measure of security for an application and a user (risk scores). The score is analyzed to determine a threat of security posed by the application based on use of the application. The security system performs one or more instructions to configure access permitted by an application, whether access is denied or restricted.
Lotter discloses Systems and methods to monitoring the communications to and from a mobile communication device. Wherein, data services such as a mobile wallet on a mobile communication device being monitored against rules stored in a central data center repository. Other data services that include all forms of communications between the mobile communication device and a third party along with changes to application or data within the mobile communication device. An alert is provided to an administrator when unauthorized mobile wallet 
The prior arts of record fail to teach alone or in combination the limitation of independent claim 1 “retrieve policy rules associated with the application, the policy rules identifying confidential client or network (CCN) data that is associated with the client device, the policy rules further identifying a first subset of CCN data that is accessible by the application and a second subset of CCN data to which access by the application is prohibited; generate an application data model to quantify emerging trends of the application gaining over-privileged access to the second subset of CCN data on the client device, based at least in part on historical instances of the client data and the policy rules; determine a probability that the application has gained over-privileged access to the second subset of CCN data, based at least in part on analysis of the client data relative to the application data model; quantify a portion of the client data that is less than an entirety of the client data based at least in part on the probability being less than a predetermined threshold; parse the portion of the client data to identify an instance of the application gaining over-privileged access to the second subset of CCN data.” In combination with other cited limitations. Independent claims 10 and 16 recite similar features.
Furthermore, the above additional elements in the claim provide meaningful limitations that transforms an abstract idea into patent eligible. The claim as a whole amounts to significantly more than the abstract idea itself. This is because the claim as a whole effect an improvement to another technology or technical field. The pending claims when taken as an ordered combination, result in the claims amounting to significantly more than the abstract idea and provide meaningful limitations beyond generally linking the use of the abstract idea to a particular technological environment.
.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Related Prior Art
The following references have been considered relevant by the examiner:

A. Thampy US 2019/0068627 A1 directed to a cloud security system that learns patterns of user behavior and uses the patterns to detect anomalous behavior in a network by obtaining activity data from a service provider system.

B. Mahaffey et al. US 2011/0145920 A1 directed to method identifies mobile applications that can have an adverse effect on a mobile device or mobile network, wherein a server monitors behavioral data relating to a mobile application and applies a model to determine if the application has an adverse effect or has the potential to cause an adverse effect on a mobile device or a network the mobile device may connect to.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179.  The examiner can normally be reached on Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 

Respectfully Submitted




/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492