Notice of Pre-AIA  or AIA  Status
Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/31/19 and 3/12/21 have been considered by the Examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-13 and 20 are rejected under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(2) as being anticipated by Gryb (U.S. Patent 9,288,193).

Regarding claims 1, 11, and 20:
Gryb discloses a computer-implemented method, system, and non-transitory computer readable medium for detecting credential compromise in a cloud server If this is not the case, the verifying party denies the request”).  Specific to claim 10, Gryb further discloses a processor and memory (Fig. 4).

Regarding claim 2:	Gryb further discloses wherein the server instance is configured to maintain a set of network addresses that are known to be valid within the network (col. 8, line 49 – col. 9, line 22). 



Regarding claim 4:	Gryb further discloses wherein the specified timeframe is continually updated such that those network addresses that are stored in the data log are stored within a sliding window of history (Ibid). 

Regarding claim 5:	Gryb further discloses wherein the data log is configured to store at least one of the following for each server instance: a credential name, an internet protocol (IP) block or a time-to-live (TTL) value (see the parameters at col. 5, line 27 – col. 6, line 2). 

Regarding claim 6:	Gryb further discloses wherein the set of credentials associated with the initialized server instance includes at least one of static credentials or temporary credentials (col. 10, lines 1-22). 
Regarding claim 7:	Gryb further discloses wherein the server instance is initialized using a temporary network address and is transitioned to a static, public-facing network address (col. 9, lines 10-22). 


Regarding claim 9:	Gryb further discloses creating a network address table that allows network addresses to have at least one deviation from the network address stored in the data log (col. 9, Ibid: the load balancer described therein necessarily requires a network address mapping table in order to perform its stated ability). 

Regarding claim 10:	Gryb further discloses allowing multiple different network addresses from the same server instance for at least a specified time frame (col. 7, lines 35-60; and col. 9, lines 24-60). 

Regarding claim 12:	Gryb further discloses wherein the data log includes real-time data, such that the step of accessing the data log to determine whether the second server instance is using a network address that is known to be valid within the network is performed using real-time data (col. 10, lines 19-22). 

. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Gryb as applied to claim 11 above, and further in view of Touboul (U.S. Patent Publication 2017/0230384).

Regarding claim 14:
Gryb does not explicitly disclose generating a honeytoken credential and placing that honeytoken credential on the server instance.  However, Touboul discloses a related invention for generating honeytokens (e.g. paragraph 0054) and planting them on various network resources including servers (Ibid, and paragraph 0058; see also paragraph 0007 regarding cloud-based implementations of this invention).  It would have been obvious prior to the time of the instant invention to implement honeytokens 

Regarding claim 15:	The combination further discloses tracking usage of the honeytoken credential, such that upon an initial use by a server instance or application, one or more portions of information tied to the server instance or application are recorded (e.g. the forensics performed at Touboul, paragraph 0059).

Regarding claim 16:	The combination further discloses providing a null response or providing a response with fictitious data to evaluate how the fictitious data is used (Touboul, paragraph 0053). 

Claims 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Gryb as applied to claim 11 above, and further in view of Quinlan (U.S. Patent Publication 2015/0121529).

Regarding claim 17:	Although Gryb discloses issuing one or more certificates for one or more services (col. 5, lines 1-12, and col. 7, lines 1-15), Gryb is silent regarding hosting the one or more honeypot services on a custom application.  However, Quinlan discloses a related 

Regarding claim 18:	The combination further discloses determining that a server instance or application has made a call to at least one of the honeypot services hosted on the custom application (Quinlan, paragraph 0097); and alerting one or more entities of the call made to the honeypot service by the server instance or application (Ibid). 

Regarding claim 19:	The combination further discloses replying to the call to the honeypot services, wherein the reply is dependent on the type of service to which the call was made (Quinlan, paragraph 0098). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849.  The examiner can normally be reached on 10:00am - 6:30pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        4/10/2021