DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Remarks
In a response filed on November 11, 2021 (the “Response”), Applicant: (1) cancels claim 23; and (2) amends claims 1, 6 and 14.
Claims 1-2, 4-7, 9-10, 14-15 and 17-22 are presented for examination.
Response to Arguments
Applicant’s arguments submitted November 11, 2021 have been fully considered, but they are not persuasive for at least the following reasons.
On page 11, in the Remarks section of the Response, Applicant argues:
“Claim 23 is cancelled, rendering the rejection under Section 112(a) moot.”  In response, Examiner agrees with Applicant’s instant argument.  On page 11 of the Response, Applicant requests: “Withdrawal of the Section 112 rejection to claims 1, 2, 4, 5 and 21-22” because “Applicant amends independent claim 1...as suggested by the Examiner.”

Applicant’s instant argument is persuasive.  Accordingly, the previously presented indefiniteness rejection of the claims has been withdrawn.  However, Applicant’s amendment to the claims raises new grounds of rejection as set forth in item 7 above.
On page 11 of the Response, Applicant also argues:
“the applied references fail to teach or suggest” newly added limitations of Applicant’s amendment to claim 1.  However, Applicant disagrees with Applicant’s instant argument for at least the reasons set forth in the prior art rejection of claim 1.  See item 7 above.  On pages 11-12, Applicant argues that “Sudia does not disclose ‘receiving, by a server, a first honeypot character corresponds to the honeypot information decrypted by the terminal device, together with the encrypted information from the terminal 

In response, Examiner notes that Applicant’s instant argument is nonresponsive because it does not address Examiner’s actual position.
To be specific, Examiner’s position is not that Sudia teaches the limitations of Applicant’s instant argument.  Rather, Examiner’s actual position is that a combination of the prior art of record renders the limitation of Applicant’s instant argument obvious.  However, Examiner notes that one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413 (CCPA 1981); In re Merck & Co., 800 F.2d 1091 (Fed. Cir. 1986).
For example, Examiner’s position is that inter alia Sudia teaches:
“receiving, by the server, the first honeypot character and user data from the terminal device (¶ 160 ‘attackers attempt to use the credentials they have stolen’; ¶ 148 ‘‘honey’ server’; ¶ 106, 94 ‘false but seemingly valid website/server…at which cyber criminals may use the seemingly valid credentials/character’; ¶ 81 ‘server/anti-malware detection system’; ¶ 145, 34 “terminal device”; note: Sudia’s stolen credentials are ‘received’ by Sudia’s ‘honeypot server’ when they are “used” [see ¶ 94, 106, 148, 160], also note that ‘the IP address’ from which Sudia’s “stolen credentials”/character are used, is “user data’ [see ¶ 146])....”

Examiner’s actual position is also that inter alia Yoshimuta teaches:
“receiving (S11-S12, FIG. 10), by a server, the first credential together with the encrypted information from the terminal device (¶ 96 ‘server receives…service request of the resource from client/terminal device’; note: Yoshimuta’s ‘request’ may include a plaintext representation of cookie_peer 12, which is a ‘first credential,’ and Yoshimuta’s ‘request’ may further include certification cookie 11’s cyphertext representation the cookie_peer, which is ‘encrypted information’ [see ¶ 96], also note that Yoshimuta ‘does not need to encrypt certification token’ [see ¶ 94])....”

And Examiner’s actual position is further that inter alia Rainis teaches:


On page 12, Applicant argues:
“Sudia cannot teach or suggest, at least, “sending, by the terminal device, a first honeypot character corresponding to the decrypted honeypot information together with the encrypted information received from the server and user data to the server during a same step....”

In response, Examiner notes that Applicant’s instant argument is nonresponsive because it does not address Examiner’s actual position.
To be specific, Examiner’s position is not that Sudia teaches the limitations of Applicant’s instant argument.  Rather, Examiner’s actual position is that a combination of the prior art of record renders the limitation of Applicant’s instant argument obvious.  However, as previously stated, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See Keller, 642 F.2d at 413; Merck & Co., 800 F.2d at 1091.
For example, Examiner’s actual position is inter alia Sudia teaches:
“sending, by the terminal device, a first honeypot character and user data to the server during a same step  (¶ 160 ‘attackers attempt to use/send the credentials they have stolen’; ¶ 148, 106, 94 ‘false but seemingly valid website/server…to/at which cyber criminals may send/use the seemingly valid credentials/character’; note: Sudia’s credentials/information may be a string or ‘character’ [see ¶ 69], and Sudia’s “honeypot” may include “a criminally controlled system,” such as a “terminal device” [see ¶ 34, 145], hence Sudia’s ‘stolen credentials’ may be referred to as a ‘honeypot 

Examiner’s actual position is also that inter alia Yoshimuta teaches:
“sending, by the terminal device, a first credential together with encrypted information received from the server to the server during a same step (¶ 96 ‘server receives…service request of the resource from client/terminal device’; note: Yoshimuta’s client/terminal device must ‘send’ a ‘request’ before it can be ‘received’ by Yoshimuta’s server, and that ‘request’ may include a plaintext representation of cookie_peer 12, which is a ‘first credential,’ also note that Yoshimuta’s ‘request’ may further include certification cookie 11’s cyphertext representation of the cookie_peer, which is ‘encrypted information’ [see ¶ 96], and that Yoshimuta ‘does not need to encrypt certification token’ [see ¶ 94]....”

And Examiner’s actual position is further that inter alia Rainis teaches:
“sending, by the terminal device, a first character corresponding to the decrypted information to the server during a same step (col. 13, ln. 50-62 ‘client decrypts...token...client then...re-encrypts it. This token is received by/sent to the...server’; col. 14, lns.15-16 ‘a character token’)....”

On pages 12-13, Applicant argues:
“Yoshimuta is completely silent about sending the plaintext representation and the cyphertext representation in a same step.”

In response, Examiner notes that the limitation of Applicant’s instant argument (i.e., “the plaintext representation and the cyphertext representation in a same step”) is not actually recited in the rejected claims.  However, although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181 (Fed. Cir. 1993).

(1) Yoshimuta’s “cookie_peer 12” is “a first credential”;
(2) paragraph 94 of Yohsimuta teaches that Yoshimuta’s “certification Cookie 11” may be “encrypted information received from [a] server”; and
(3) paragraph 96 of Yoshimuta teaches that its server receives Yoshimuta’s certification Cookie 11 from a client and that Yoshimuta’s certification Cookie 11 includes cookie_peer 12.

On page 13, Applicant argues:
“Yoshimuta fails to teach or suggest, at least, ‘sending, by the terminal device, a first honeypot character corresponding to the decrypted honeypot information together with the encrypted information received from the server and user data to the server during a same step....’”

In response, Examiner notes that Applicant’s instant argument is nonresponsive because it does not address Examiner’s actual position.
To be specific, Examiner’s position is not that Yoshimuta teaches the limitation of Applicant’s instant argument.  Rather, Examiner’s actual position is that a combination of the prior art of record renders the limitation of Applicant’s instant argument obvious.  Examiner reiterates that one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See Keller, 642 F.2d at 413; Merck & Co., 800 F.2d at 1091.
As previously stated, Examiner’s actual position is that inter alia Sudia teaches:
“sending, by the terminal device, a first honeypot character and user data to the server during a same step  (¶ 160 ‘attackers attempt to use/send the credentials they have stolen’; ¶ 148, 106, 94 ‘false but seemingly valid website/server…to/at which cyber criminals may send/use the seemingly valid credentials/character’; note: Sudia’s credentials/information may be a string or ‘character’ [see ¶ 69], and Sudia’s “honeypot” may include “a criminally controlled system,” such as a “terminal device” [see ¶ 34, 145], hence Sudia’s ‘stolen credentials’ may be referred to as a ‘honeypot 

Examiner’s actual position is also that inter alia Yoshimuta teaches:
“sending, by the terminal device, a first credential together with encrypted information received from the server to the server during a same step (¶ 96 ‘server receives…service request of the resource from client/terminal device’; note: Yoshimuta’s client/terminal device must ‘send’ a ‘request’ before it can be ‘received’ by Yoshimuta’s server, and that ‘request’ may include a plaintext representation of cookie_peer 12, which is a ‘first credential,’ also note that Yoshimuta’s ‘request’ may further include certification cookie 11’s cyphertext representation of the cookie_peer, which is ‘encrypted information’ [see ¶ 96], and that Yoshimuta ‘does not need to encrypt certification token’ [see ¶ 94]....”

And Examiner’s actual position is further that inter alia Rainis teaches:
“sending, by the terminal device, a first character corresponding to the decrypted information to the server during a same step (col. 13, ln. 50-62 ‘client decrypts...token...client then...re-encrypts it. This token is received by/sent to the...server’; col. 14, lns.15-16 ‘a character token’)....”


Since Applicant argues its remaining claims mutatis mutandis as per claim 1, Examiner’s foregoing rebuttal to Applicant’s foregoing arguments equally applies to Applicant’s remaining arguments.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 2, 4, 5, 21 and 22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
To be specific, claim 1 has been amended to include inter alia the following limitation: “the encrypted information received from the server....”  However, it is unclear if this newly added limitation refers to: (1) the previously presented "encrypted information" limitation; or (2) an entirely different "encrypted information" limitation.
Therefore, to cure the instant deficiency, Examiner suggests that Applicant amend the disputed limitation to include one of the following changes: (1) “the encrypted information [[from the server]]”; or (2) “[[the]] encrypted information from the server....”  Claims 2, 4, 5, 21 and 22 are rejected for failing to cure the foregoing deficiency of their base claim 1.
  Claims 2, 4, 5, 21 and 22 are rejected for failing to cure the foregoing deficiency of their base claim 1.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

14 are rejected under 35 U.S.C. 103 as being unpatentable over Sudia (US 2013/0263226 A1, hereinafter Sudia) in view of Yoshimuta et al. (US 2016/0359846 A1, hereinafter Yoshimuta) further in view of Quinlan et al. (US 2015/0121529 A1, hereinafter Quinlan) further in view of Rainis et al. (US 6,310,873 B1, hereinafter Rainis).
Regarding claim 1, Sudia teaches a data response method, comprising:
sending, by a server, information to a terminal device (¶ 34, 81 “a terminal device/computer inside an organization…delete all real confidential documents, and replace them with fake ones/information”; ¶ 145 “send/fed a set of credentials into a criminally controlled system”; note: “an anti-malware detection system” may be part of Sudia’s “honeypot server” [see ¶ 81, 148]); sending, by the terminal device, a first honeypot character and user data to the server during a same step  (¶ 160 “attackers attempt to use/send the credentials they have stolen”; ¶ 148, 106, 94 “false but seemingly valid website/server…to/at which cyber criminals may send/use the seemingly valid credentials/character”; note: Sudia’s credentials/information may be a string or “character” [see ¶ 69], and Sudia’s “honeypot” may include “a criminally controlled system,” such as a “terminal device” [see ¶ 34, 145], hence Sudia’s “stolen credentials” may be referred to as a “honeypot character” [see ¶ 34, 69, 145], Sudia’s “honeypot server” reads on Applicant’s claimed “server” [see ¶ 81, 148], Sudia’s “anti-malware detection system” may also be considered to be part of Sudia’s “honeypot server” system [see ¶ 81, 148], and Sudia’s stolen credentials are “sent” to Sudia’s “honeypot server” when they are “used” [see ¶ 94, 106, 148, 160], also note that “the IP ;
receiving, by the server, the first honeypot character and user data from the terminal device (¶ 160 “attackers attempt to use the credentials they have stolen”; ¶ 148 “‘honey’ server”; ¶ 106, 94 “false but seemingly valid website/server…at which cyber criminals may use the seemingly valid credentials/character”; ¶ 81 “server/anti-malware detection system”; ¶ 145, 34 “terminal device”; note: Sudia’s stolen credentials are “received” by Sudia’s “honeypot server” when they are “used” [see ¶ 94, 106, 148, 160], also note that “the IP address” from which Sudia’s “stolen credentials”/character are used, is “user data” [see ¶ 146]); and
in response to the first honeypot character being the same as a second honeypot character, responding, by the server, to the user data to provide a required service (¶ 97 “False credential processing…when fake credentials/first honeypot characters…are used to access the site”; ¶ 148, 106, 82 “allow access”; ¶ 153 “second honeypot characters/credentials are forwarded to…websites…pass first honeypot characters/ fake credentials to a criminal”; ¶ 161, 160 “when attackers attempt to use the credentials they have stolen, they appear to work, granting access”; note: Sudia’s honeypot server “responds” to Sudia’s so-called “stolen credentials” by “granting access” to a requested service [see ¶ 82, 106, 148, 160, 161], also note that Sudia grants access to its honeypot when its first credentials/honeypot character matches its second credentials/honeypot character [see ¶ 97, 153]),
wherein the first honeypot character and a second honeypot character are a first credential and a second credential (¶ 160, 153, 145 “credentials/honeypot characters”).
 decrypting by the terminal device, the encrypted information, using the decryption algorithm, to obtain decrypted honeypot information; sending, by the terminal device, a first honeypot character corresponding to the decrypted honeypot information together with the encrypted information received from the server and user data to the server during a same step; receiving, by the server, a first honeypot character corresponds to the honeypot information decrypted by the terminal device, together with the encrypted information from the terminal device, the encrypted information sent by the terminal to the server being the same encrypted information received by the terminal from the server; decrypting, by the server using the decryption algorithm, the encrypted information received from the terminal device, to obtain a second honeypot character from the encrypted information; and determining, by the server, whether the first honeypot character sent by the terminal device is the same as the second honeypot character decrypted by the server from the encrypted information sent by the terminal device.
In an analogous art, Yoshimuta teaches:
generating (Yoshimuta: S15, FIG. 10), by the server, encrypted information, the encrypted information being decryptable by a decryption algorithm (¶ 92 “server… 
sending, by the terminal device, a first credential together with encrypted information received from the server to the server during a same step (¶ 96 “server receives…service request of the resource from client/terminal device”; note: Yoshimuta’s client/terminal device must “send” a “request” before it can be “received” by Yoshimuta’s server, and that “request” may include a plaintext representation of cookie_peer 12, which is a “first credential,” also note that Yoshimuta’s “request” may further include certification cookie 11’s cyphertext representation of the cookie_peer, which is “encrypted information” [see ¶ 96], and that Yoshimuta “does not need to encrypt certification token” [see ¶ 94]);
receiving (S11-S12, FIG. 10), by a server, a first credential together with the encrypted information from the terminal device (¶ 96 “server receives…service request of the resource from client/terminal device”; note: Yoshimuta’s “request” may include a plaintext representation of cookie_peer 12, which is a “first credential,” and Yoshimuta’s “request” may further include certification cookie 11’s cyphertext representation the cookie_peer, which is “encrypted information” [see ¶ 96], also note that Yoshimuta “does not need to encrypt certification token” [see ¶ 94]);

determining (S23-S24, FIG. 10), by the server, whether the first credential sent by the terminal device is the same as the second credential decrypted by the server from the encrypted information (¶ 96, 97 “compare S23 the decrypted data ‘cookie_peer’ 12 included in the certification Cookie 11 with the data ‘cookie_peer’ 12 given as a query parameter. When both data ‘cookie_peer’ match S24…confirm access S25”),
wherein the first credential is authenticated in response to the first credential being the same as the second credential (¶ 97 “When both data ‘cookie_peer’/credential match S24…confirm access/authenticate S25”), and
wherein the encrypted information is information (¶ 94 “encrypt… information/ data ‘cookie_peer’ 12 and include…in certification Cookie 11/information”).
Before the effective filing date of the invention, a person having ordinary skill in the art would have recognized the ability to utilize the teachings of Yoshimuta for having a server: (1) generate then send encrypted resource access information to a terminal; (2) receive, from a terminal device, a credential together with the encrypted resource access information during the same step; (3) decrypt the encrypted resource access information to obtain resource access information, and determine whether a received 
However, Sudia in view of Yoshimuta does not explicitly disclose: in response to a request for a required service from a terminal device, creating, by a server, a honeypot according to a service type of the required service; generating, by the server, encrypted information according to the created honeypot, the encrypted information being decryptable by a decryption algorithm agreed between the terminal device and the server, and decryptable by the terminal device using the decryption algorithm; and sending, by the server, the encrypted information; decrypting by the terminal device, the encrypted information, using the decryption algorithm, to obtain decrypted honeypot information; the first honeypot character corresponding to the honeypot information decrypted by the terminal device, the encrypted information sent by the terminal to the server being the same encrypted information received by the terminal from the server, and the encrypted information sent by the terminal device.
In an analogous art, Quinlan teaches:
in response to a request (720, FIG. 7) for a required service from a terminal device (706, FIG. 7), creating, by a server (collectively: 702 and 708, FIG. 7), a honeypot according to a service type of the required service (¶ 86, 7 “For a given 
generating, by the server, information according to the created honeypot (¶ 64, 109 “honeypot 708 provides a honeypot service to network device 702 and may interact with client device 706 according to the service specified in service request 720.  To facilitate this interaction, network device 702 may proxy a service session/information for the service specified by service request 720 between client device 706 and honeypot 708”; note: collectively, network device 702 and honeypot 708 “generate” service session information, which reads on the phrase “honeypot information” [see ¶ 109, 64]).

However, Sudia in view of Yoshimuta further in view of Quinlan does not explicitly disclose, yet Rainis teaches:
encrypted information being decryptable by a decryption algorithm agreed between a terminal device (90, FIG. 4) and a server, and decryptable by the terminal device using the decryption algorithm (col. 10, lns. 35-38 “terminal device/client 90”; col. 13, ln. 55-62 “token is...encrypted/encrypted information...client decrypts...token...client then...re-encrypts it. This token is sent to the...server. Upon receiving...token/encrypted information, the server will decrypt it”; note: it is implicit that the “decryption algorithm” of Rainis’ terminal device 90 and server must be in “agreement” between terminal device 90 and the server in order for each to decrypt Rainis’ “token” [see: col. 13, ln. 55-62]); and
decrypting by the terminal device, the encrypted information, using the decryption algorithm, to obtain decrypted information (col. 13, ln. 50-62 “client decrypts...token”; col. 14, lns.15-16 “a character/token is issued...This packet/encrypted information is sent to the client, who processes/decrypts it”);
sending, by the terminal device, a first character corresponding to the decrypted information to the server during a same step (col. 13, ln. 50-62 “client decrypts...token... client then...re-encrypts it. This token is received by/sent to the...server”; col. 14, lns.15-16 “a character token”);
receiving, by a server, the first character corresponding to the information decrypted by the terminal device, from the terminal device, the encrypted information sent by the terminal to the server being the same encrypted information received by the terminal (col. 13, ln. 50-62 “token...is received by/returned to the client...client decrypts ...token...client then...re-encrypts it. This token is received by/sent to the...server”; col. 14, lns.15-16 “a character token is issued...This packet/encrypted information is sent to the client, who processes it”; col. 14, lns. 50-52 “server creates a [] encrypted information/packet to be sent back to the client, which decrypts the packet/decrypted 
the encrypted information sent by the terminal device (col. 13, ln. 50-62 “client decrypts...token...client then...re-encrypts it. This token is sent to the...server”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Rainis for preventing fraud by sending a token/character as encrypted information to be decrypted and, then, sent to a server by a terminal device in order to authenticate communications between the server and the terminal device.  The teachings of Rainis, when used with the honeypot characters of the system of Sudia in view of Yoshimuta further in view of Quinlan’s sending and receiving—by a server—encrypted information to/from a terminal device, will improve the system’s efficacy by enabling the system to authenticate communications between its server and terminal device.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claim 6, Sudia teaches a data response server, comprising: a memory; and a processor coupled to the memory (¶ 148 “a ‘honey’ server or computer system”; note: “an anti-malware detection system” may be part of Sudia’s “honeypot server,” and Examiner takes official notice of the fact that computer systems such as Sudia’s honeypot server include a processor coupled to memory [see ¶ 81, 148; MPEP § 2144.03]) and configured to:
send information to a terminal device (¶ 34, 81 “terminal device/computer inside an organization…sending unit/anti-malware detection system…can…delete all real 
receive a first honeypot character, together with user data from the terminal device (¶ 160 “attackers attempt to use the character/credential they have stolen”; ¶ 148, 106, 94 “false but seemingly valid website/receiving unit…at which cyber criminals may use the seemingly valid credential/character”; note: Sudia’s credentials/information may be a string or “character” [see ¶ 69], and Sudia’s “honeypot” may include “a criminally controlled system,” such as a “terminal device” [see ¶ 34, 145], hence Sudia’s “stolen credentials” may be referred to as a “honeypot character” [see ¶ 34, 69, 145], Sudia’s “honeypot server” reads on Applicant’s claimed “server” [see ¶ 81, 148], Sudia’s “anti-malware detection system” may also be considered to be part of Sudia’s “honeypot server” system [see ¶ 81, 148], and Sudia’s stolen credentials are “received” by Sudia’s “honeypot server” when they are “used” [see ¶ 94, 106, 148, 160], also note that “the IP address” from which Sudia’s “stolen credentials”/character are used, is “user data” [see ¶ 146]); and
determine whether the first honeypot character sent by the terminal device is the same as a second honeypot character (¶ 97 “False credential processing…when fake credentials/first honeypot characters…are used to access the site”; ¶ 148, 106, 82 “allow access”; ¶ 153 “second honeypot characters/credentials are forwarded to… websites…pass first honeypot characters/fake credentials to a criminal”; ¶ 161, 160 “when attackers attempt to use the credentials they have stolen, they appear to work, 
in response to the first honeypot character being the same as the second honeypot character, respond to the user data to provide a required service (¶ 97 “False credential processing…when fake credentials/first honeypot characters…are used to access the site”; ¶ 148, 106, 82 “allow access”; ¶ 153 “second honeypot characters/ credentials are forwarded to…websites…pass first honeypot characters/fake credentials to a criminal”; ¶ 161, 160 “when attackers attempt to use the credentials they have stolen, they appear to work, granting access”; note: Sudia’s honeypot server “responds” to Sudia’s so-called “stolen credentials” by “granting access” to a requested service [see ¶ 82, 106, 148, 160, 161], also note that Sudia grants access to its honeypot when its first credentials/honeypot character matches its second credentials/honeypot character [see ¶ 97, 153]),
wherein the first honeypot character and a second honeypot character are a first credential and a second credential (¶ 160, 153, 145 “credentials/honeypot characters”).
However, Sudia does not explicitly disclose: in response to a request for a required service from a terminal device, create a honeypot according to a service type of the required service; generate encrypted information according to the created honeypot, the encrypted information being decryptable by a decryption algorithm agreed between the terminal device and the server, and decryptable by the terminal device using the decryption algorithm; send the encrypted information to the terminal device to have the encrypted information decrypted by the terminal device using the decryption algorithm to obtain decrypted honeypot information; receive a first credential , wherein the first honeypot character and the encrypted information are sent by the terminal device during a same step; decrypt, using the decryption algorithm, the encrypted information received from the terminal device, to obtain a second honeypot character from the encrypted information; and determine whether the first honeypot character sent by the terminal device is the same as the second honeypot character decrypted by the server from the encrypted information sent by the terminal device.
In an analogous art, Yoshimuta teaches:
generate (Yoshimuta: S15, FIG. 10) encrypted information, the encrypted information being decryptable by a decryption algorithm (¶ 92 “server… generates a random number as the data ‘cookie_peer’ 12”; Yoshimuta ¶ 94 “server 10 generates/ encrypts…information/data ‘cookie_peer’ 12”; note: Yoshimuta’s encrypted cookie_peer 12 is “decryptable by a decryption algorithm” such as S22 of FIG. 10 [see ¶ 96]);
send the encrypted information to a terminal device (¶ 94 “encrypt…information/ data ‘cookie_peer’ 12 and include…in certification Cookie 11”; ¶ 95 “send/transmit certification Cookie 11…to client/terminal device”);
receive (S11-S12, FIG. 10) a first credential, together with encrypted information from the terminal device, wherein the first credential and the encrypted information are sent by the terminal device during a same step (¶ 96 “server receives …service request of the resource from client/ terminal device” ; note: Yoshimuta’s client/terminal device 
decrypt (S22, FIG. 10) the encrypted information to obtain a second credential comprised in the encrypted information (¶ 96 “server decrypts…data ‘cookie_peer’ 12 included in the certification Cookie 11”); and
determine whether the first credential sent by the terminal device is the same as the second credential decrypted by the server from the encrypted information (¶ 96, 97 “compare S23 the decrypted data ‘cookie_peer’ 12 included in the certification Cookie 11 with the data ‘cookie_peer’ 12 given as a query parameter. When both data ‘cookie_peer’ match S24…confirm access S25”),
wherein the encrypted information is information (¶ 94 “encrypt… information/ data ‘cookie_peer’ 12 and include…in certification Cookie 11/information”).
Before the effective filing date of the invention, a person having ordinary skill in the art would have recognized the ability to utilize the teachings of Yoshimuta for having a server: (1) generate then send encrypted resource access information to a terminal; (2) receive, from a terminal device, a credential together with the encrypted resource access information during the same step; (3) decrypt the encrypted resource access information to obtain resource access information, and determine whether a received credential matches the resource access information.  The teachings of Yoshimuta, when used within the existing honey server of the system of Sudia’s (1) server 
However, Sudia in view of Yoshimuta does not explicitly disclose: in response to a request for a required service from a terminal device, creating, by a server; generate information according to the created honeypot, the encrypted information being decryptable by a decryption algorithm agreed between the terminal device and the server, and decryptable by the terminal device using the decryption algorithm; and send the encrypted information to the terminal device to have the encrypted information decrypted by the terminal device using the decryption algorithm to obtain decrypted honeypot information; a honeypot character corresponding to the honeypot information decrypted by the terminal device, the encrypted information sent by the terminal to the server being the same encrypted information received by the terminal from the server, the encrypted information sent by the terminal device.
In an analogous art, Quinlan teaches:
in response to a request (720, FIG. 7) for a required service from a terminal device (706, FIG. 7), creating, by a server (collectively: 702 and 706, FIG. 7), a honeypot according to a service type of the required servicein response to a request (720, FIG. 7) for a required service from a terminal device (706, FIG. 7), create a honeypot according to a service type of the required service (¶ 86, 7 “For a given service request…the network device leverages a honeypot to create/dynamically imitate 
generate information according to the created honeypot (¶ 64, 109 “honeypot 708 provides a honeypot service to network device 702 and may interact with client device 706 according to the service specified in service request 720.  To facilitate this interaction, network device 702 may proxy a service session/information for the service specified by service request 720 between client device 706 and honeypot 708”; note: collectively, network device 702 and honeypot 708 “generate” service session information, which reads on the phrase “honeypot information” [see ¶ 109, 64]).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Quinlan for having a server 
However, Sudia in view of Yoshimuta further in view of Quinlan does not explicitly disclose, yet Rainis teaches:
encrypted information being decryptable by a decryption algorithm agreed between a terminal device (90, FIG. 4) and a server, and decryptable by the terminal device using the decryption algorithm (col. 10, lns. 35-38 “terminal device/client 90”; col. 13, ln. 55-62 “token is...encrypted/encrypted information...client decrypts...token...client then...re-encrypts it. This token is sent to the...server. Upon receiving...token/encrypted information, the server will decrypt it”; note: it is implicit that the “decryption algorithm” of Rainis’ terminal device 90 and server must be in “agreement” between terminal device 90 and the server in order for each to decrypt Rainis’ “token” [see: col. 13, ln. 55-62]); and
sending the encrypted information to the terminal device to have the encrypted information decrypted by the terminal device using the decryption algorithm to obtain decrypted information (col. 13, ln. 50-62 “token...is sent/returned to the client... client 
receiving, by a server, a first character corresponding to the information decrypted by the terminal device, from the terminal device, the encrypted information sent by the terminal to the server being the same encrypted information received by the terminal (col. 13, ln. 50-62 “token...is received by/returned to the client...client decrypts ...token...client then...re-encrypts it. This token is received by/sent to the...server”; col. 14, lns.15-16 “a character token is issued...This packet/encrypted information is sent to the client, who processes it”; col. 14, lns. 50-52 “server creates a [] encrypted information/packet to be sent back to the client, which decrypts the packet/decrypted information”; note: it is implicit that Rainis’ “token” is the “packet” that is transmitted between client 90 and Rainis’ server [see: col. 14, lns. 15-16 and 50-52]), and
the encrypted information sent by the terminal device (col. 13, ln. 50-62 “client decrypts...token...client then...re-encrypts it. This token is sent to the...server”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Rainis for preventing fraud by sending a token/character as encrypted information to be decrypted and, then, sent to a server by a terminal device in order to authenticate communications between the server and the terminal device.  The teachings of Rainis, when used with the honeypot 
Regarding claim 14, Sudia teaches a non-transitory computer-readable storage medium storing computer program instructions executable by at least one processor of a server (¶ 148 “a ‘honey’ server or computer system”) to perform:
sending information to a terminal device (¶ 34, 81 “a terminal device/computer inside an organization…delete all real confidential documents, and replace them with fake ones/information”; ¶ 145 “send/fed a set of credentials into a criminally controlled system”; note: “an anti-malware detection system” may be part of Sudia’s “honeypot server” [see ¶ 81, 148]);
receiving, from the terminal device, a first honeypot character user data (¶ 160 “attackers attempt to use the character/credential they have stolen”; ¶ 148, 106, 94 “false but seemingly valid website/receiving unit…at which cyber criminals may use the seemingly valid credential/character”; note: Sudia’s credentials/information may be a string or “character” [see ¶ 69], and Sudia’s “honeypot” may include “a criminally controlled system,” such as a “terminal device” [see ¶ 34, 145], hence Sudia’s “stolen credentials” may be referred to as a “honeypot character” [see ¶ 34, 69, 145], Sudia’s “honeypot server” reads on Applicant’s claimed “server” [see ¶ 81, 148], Sudia’s “anti-malware detection system” may also be considered to be part of Sudia’s “honeypot 
determine whether the first honeypot character sent by the terminal device is the same as a second honeypot character (¶ 97 “False credential processing…when fake credentials/second honeypot characters…are used to access the site”; ¶ 148, 106, 82 “allow access”; ¶ 153 “first honeypot characters/credentials are forwarded to…websites …pass first honeypot characters/fake credentials to a criminal”; ¶ 161, 160 “when attackers attempt to use the credentials they have stolen, they appear to work, granting access”; note: Sudia’s server may include a unit that “judges” whether stolen credentials /honeypot character are being used [see ¶ 163]); and
responding to the user data to provide a required service, in response to the first honeypot character being the same as the second honeypot character (¶ 97 “False credential processing…when fake credentials/second honeypot characters…are used to access the site”; ¶ 148, 106, 82 “allow access”; ¶ 153 “first honeypot characters/ credentials are forwarded to…websites…pass second honeypot characters/fake credentials to a criminal”; ¶ 161, 160 “when attackers attempt to use the credentials they have stolen, they appear to work, granting access”; note: Sudia’s honeypot server “responds” to Sudia’s so-called “stolen credentials” by “granting access” to a requested service [see ¶ 82, 106, 148, 160, 161], also note that Sudia grants access to its honeypot when its first credentials/honeypot character matches its second credentials/ honeypot character [see ¶ 97, 153]),

However, Sudia does not explicitly disclose: in response to a request for a required service from a terminal device, creating a honeypot according to a service type of the required service; generating encrypted information according to the created honeypot, the encrypted information being decryptable by a decryption algorithm agreed between the terminal device and the server, and decryptable by the terminal device using the decryption algorithm; sending the encrypted information to the terminal device to have the encrypted information decrypted by the terminal device using the decryption algorithm to obtain decrypted honeypot information; receiving, from the terminal device, the encrypted information, the encrypted information sent by the terminal to the server being the same encrypted information received by the terminal from the server, wherein the first honeypot character and the encrypted information are sent by the terminal device during a same step; decrypting, using the decryption algorithm, the encrypted information received from the terminal device, to obtain a second honeypot character from the encrypted information; and determine whether the first honeypot character sent by the terminal device is the same as the second honeypot character decrypted by the server from the encrypted information sent by the terminal device.
In an analogous art, Yoshimuta teaches:
generating (Yoshimuta: S15, FIG. 10) encrypted information, the encrypted information being decryptable by a decryption algorithm (¶ 92 “server… generates a random number as the data ‘cookie_peer’ 12”; Yoshimuta ¶ 94 “server 10 generates/ encrypts…information/data ‘cookie_peer’ 12”; note: server 10 receives “cookie_peer” 12 
sending the encrypted information to a terminal device (¶ 94 “encrypt… information/data ‘cookie_peer’ 12 and include…in certification Cookie 11”; ¶ 95 “send/ transmit certification Cookie 11…to client/terminal device”);
receiving (S11-S12, FIG. 10), from the terminal device, a first credential, together with the encrypted information from the terminal device, wherein the first credential and the encrypted information are sent by the terminal device during a same step (¶ 96 “server receives…service request of the resource from client/terminal device”; note: Yoshimuta’s client/terminal device must “send” a “request” before it can be “received” by Yoshimuta’s server, and that “request” may include a plaintext representation of cookie_peer 12, which is a “first credential,” and Yoshimuta’s “request” may further include certification cookie 11’s cyphertext representation the cookie_peer, which is “encrypted information” [see ¶ 96], also note that Yoshimuta “does not need to encrypt certification token” [see ¶ 94]);
decrypting (S22, FIG. 10) the encrypted information, to obtain a first credential from the encrypted information (¶ 96 “server decrypts…data ‘cookie_peer’ 12 included in the certification Cookie 11”); and
determining whether the second credential sent by the terminal device is the same as the first credential decrypted by the server from the encrypted information (¶ 97 “compare S23 the decrypted data ‘cookie_peer’ 12 included in the certification Cookie 11 with the data ‘cookie_peer’ 12 given as a query parameter. When both data ‘cookie_peer’ match S24…confirm access S25”),

Before the effective filing date of the invention, a person having ordinary skill in the art would have recognized the ability to utilize the teachings of Yoshimuta for having a server: (1) generate encrypted resource access information; (2) receive, from a terminal device, a credential together with the encrypted resource access information during the same step; and (3) decrypt the encrypted resource access information to obtain resource access information, and determine whether a received credential matches the resource access information.  The teachings of Yoshimuta, when used within the existing honey server of the system of Sudia’s (1) server transmission, (2) server reception from the system’s terminal device transmission step and (3) determination features, will make the system more robust by enabling its honey server to authenticate a request that includes a honeypot character and, thereby, avoid false positives.  Therefore, Examiner concludes that it would have been obvious for a person having ordinary skill in the art to arrive at the above-claimed invention.
However, Sudia in view of Yoshimuta does not explicitly disclose: in response to a request for a required service from a terminal device, create a honeypot according to a service type of the required service; generate information according to the created honeypot, the encrypted information being decryptable by a decryption algorithm agreed between the terminal device and the server, and decryptable by the terminal device using the decryption algorithm; and sending the encrypted information to the terminal device to have the encrypted information decrypted by the terminal device using the decryption algorithm to obtain decrypted honeypot information, a first character 
In an analogous art, Quinlan teaches:
in response to a request (720, FIG. 7) for a required service from a terminal device (706, FIG. 7), create a honeypot according to a service type of the required service (¶ 86, 7 “For a given service request…the network device leverages a honeypot to create/dynamically imitate the specified service to the requesting client device…In this way, the network device leverages the honeypot to create/dynamically offer or "stand up" the requested service on-the-fly to make it appear to the client device as if the service exists”; ¶ 67 “honeypot is created/configured to provide a honeypot…by receiving a configuration request from the security appliance/network device”; ¶ 108 “network device 702 receives service request 720 from client device 706”; ¶ 109 “network device 702 sends…representation of service request 720, to honeypot 708… honeypot 708 provides a honeypot service…according to the service specified in service request 720”; ¶ 112 “network device 702 sends a representation of the service request to a honeypot to dynamically stand up/configure the service specified by the service request”; note: collectively, appliance/network device 102/702 and honeypot 108/708 act as a security “server” for network 122 [see ¶ 30, 82, 89], and the dynamic/ on-the-fly feature of Quinlan’s honeypot service reads on Applicant’s creation of a honeypot in response to a service request [see ¶ 7, 67, 108, 109, 112]); and

Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Quinlan for having a server (1) create a honeypot in response to and according to a requested service and (2) generate information according to the created honeypot.  The teachings of Quinlan, when used within the system of Sudia in view of Yoshimuta’s (1) server and (2) its encrypted information generation feature, will improve security by enabling the system’s server to dynamically provide a honeypot for a particular service requested by a terminal device, which will enable the system to track the requesting terminal’s activities and/or the requestor himself irrespective of the type of service being requested.  Therefore, Examiner concludes that it would have been obvious for a person having ordinary skill in the art to arrive at the above-claimed invention.
However, Sudia in view of Yoshimuta further in view of Quinlan does not explicitly disclose, yet Rainis teaches:
encrypted information being decryptable by a decryption algorithm agreed between a terminal device (90, FIG. 4) and a server, and decryptable by the terminal device using the decryption algorithm (col. 10, lns. 35-38 “terminal device/client 90”; col. 
sending the encrypted information to the terminal device to have the encrypted information decrypted by the terminal device using the decryption algorithm to obtain decrypted information (col. 13, ln. 50-62 “token...is sent/returned to the client... client decrypts...token...client then...re-encrypts it. This token is sent to the...server”; col. 14, lns.15-16 “a character/token is issued...This packet/encrypted information is sent to the client, who processes it”; col. 14, lns. 50-52 “server creates a [] encrypted information/packet to be sent back to the client, which decrypts the packet/decrypted information”; note: it is implicit that Rainis’ “token” is the “packet” that is transmitted between client 90 and Rainis’ server [see: col. 14, lns. 15-16 and 50-52]),
receiving, by a server, a first character corresponding to the information decrypted by the terminal device, from the terminal device, the encrypted information sent by the terminal to the server being the same encrypted information received by the terminal (col. 13, ln. 50-62 “token...is received by/returned to the client...client decrypts ...token...client then...re-encrypts it. This token is received by/sent to the...server”; col. 14, lns.15-16 “a character token is issued...This packet/encrypted information is sent to the client, who processes it”; col. 14, lns. 50-52 “server creates a [] encrypted information/packet to be sent back to the client, which decrypts the packet/decrypted 
the encrypted information sent by the terminal device (col. 13, ln. 50-62 “client decrypts...token...client then...re-encrypts it. This token is sent to the...server”).
Before the effective filing date of the invention, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Rainis for preventing fraud by sending a token/character as encrypted information to be decrypted and, then, sent to a server by a terminal device in order to authenticate communications between the server and the terminal device.  The teachings of Rainis, when used with the honeypot characters of the system of Sudia in view of Yoshimuta further in view of Quinlan’s sending and receiving—by a server—encrypted information to/from a terminal device, will improve the system’s efficacy by enabling the system to authenticate communications between its server and terminal device.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kalish Bell whose telephone number is (571) 272-5294. The examiner can normally be reached 9am-5pm, M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center.  Unpublished application information in Patent Center is available to registered users.  To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format.  For 



/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        

/KALISH K BELL/Examiner, Art Unit 2432