DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received on 10/15/2021. 

Response to Amendment
Claims 1-36 have been cancelled. 
Applicant’s arguments with respect to new claims 37-39 have been considered but are moot in view of the new ground of rejection presented in the current rejection. 

Double Patenting
Claims 37-38 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-9 of U.S. Patent No. 10063593. Although the claims at issue are not identical, they are not patentably distinct from each other because: 
Instant application
U.S. Patent No. 10063593
37. (new) A computer implemented method comprising: collecting, in a fraud related data cache of a policy enforcement point system through a communication network and from a plurality of cloud fraud services, machine readable fraud related data; 


intercepting, by the policy enforcement point system, a response being transmitted over a communications network from a cloud fraud service to a client device, with the response being responsive to a request generated by a browser script in a browser of the client device; 







determining, by the policy enforcement point system, an authorization related data set, based, at least in part, on the machine readable fraud related data, with the authorization related data set relating to a fraud risk of represented by participation of a predetermined computer device; 



















modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response; and 
sending, by the policy enforcement point system through the communication network, the modified response to the client device.
1. A method comprising: 
caching, in the gateway enforcement point as part of the first authenticated communication session, the first fraud data set;
caching, in the gateway enforcement point as part of the first authenticated communication session, the second fraud data set;
receiving, by a gateway enforcement point, through a communication network from a client device used by a user, a first request to access a protected resource; 
responsive to receipt of the first request, authenticating, by the gateway enforcement point, the client device to establish a first authenticated communication session between the gateway enforcement point and the client device, with authenticating the client device including receiving, by the gateway enforcement point, authentication data relating to the user; further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a first cloud fraud detection system, a second request for fraud information relating to the user, with the second request including: (i) the authentication data, and (ii) a session identifier identifying the first authenticated communication session; receiving, by the gateway enforcement point from the first cloud fraud detection system, a first fraud data set indicative of fraud related information relating to the user; further responsive to receipt of the first request to access the protected resource, sending, by the gateway enforcement point to a second cloud fraud detection system, a third request for fraud information relating to the user, with the third request including: (i) the authentication data, and (ii) the session identifier; receiving, by the gateway enforcement point from the second cloud fraud detection system, a second fraud data set indicative of fraud related information relating to the user; and 
controlling, by the gateway enforcement point, access to the protected resource by the client device in a manner based upon both of the following: (i) the fraud related information of the first fraud data set, and (ii) the fraud related information of the second fraud data set.


U.S. Patent No. 10063593 does not explicitly teach: modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response; and sending, by the policy enforcement point system through the communication network, the modified response to the client device. However, Lang teaches:
modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response (Lang: [0470]: CMP-PDP then transmits the decision (and optional actions, e.g. obligations) to CMP-PEP, which enforces the decision (allow, deny, log, redact/filter, trigger specified other action etc.). [0693]: For example, a generic policy could be to "redact all personal identifiable information (PII) by a random placeholder", which could be refined based on a content model to "redact all social security numbers by a random placeholder". [0695] Based on the generated rules, CMP-PDP instructs the redaction/filtering components about which parts of the content to redact/filter, and how to redact/filter (obfuscate, remove, black out, randomize etc.). [0696] Redaction/filtering components ("CMP-RF") do the redaction/filtering based on the instructions provided by CMP-PDP); and sending, by the policy enforcement point system through the communication network, the modified response to the client device (Lang: [0698]: This response may include including redaction and filtering instructions, which--in the example depicted in FIG. 35--the RF Service (3525) uses to redact and/or filter the response before it is communicated (3550) to the requesting application (3530)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Lang in the invention of U.S. Patent No. 10063593 to include the above limitations. The motivation to do so would be so that the MDS System can be used to manage policies that determine certain content from the returned data to be redacted and/or filtered instead of allowing/denying requests, and carry out other actions such as "alert" (Lang: [0686]).
Similarly, claims 38 and 39 are rejected based on U.S. Patent No. 10063593 in view of Lang. 

Claim Objections
Claims 37-39 are objected to because of the following informalities:  claims 37-39 recite: “a fraud risk of represented by” instead of “a fraud risk represented by” in line 10.  Appropriate correction is required.
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 37-39 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record US 7908645 to Varghese et al (hereinafter Varghese) and prior art of record US 20150269383 to Lang et al (hereinafter Lang).
As per claim 37, Varghese teaches:
A computer implemented method comprising: 
collecting, in a fraud related data cache of a policy enforcement point system through a communication network and from a plurality of cloud fraud services, machine readable fraud related data (Varghese: column 11, line 55-column 12, line 12: The DCR process gathers the results of the current request-authentication processing and stores them in DCR database 1110 in association with the identifying information (for example, the Device ID) for the originating user device. Thereby, the DCR database can provide an historical record of the results of previous request-authentication processing to guide the FAAS in current authentication-request processing. The DCR database includes at least data obtained from the current service provider. Preferably, it also includes data from other service providers. Data from the current request can optionally be supplemented by the third party data similar to that data already retrieved by the FAAS); 
with the response being responsive to a request generated by a browser script in a browser of the client device (Varghese: column 12, lines 12-55: This process is invoked when a user request is received by, e.g., a firewall, and receives information describing the request. In one alternative, this process determines actions and scores from input data descriptive of the user transaction and rules retrieved from database 1809. When the system finds an elevated risk score, it evaluates rules in view of the risk score and can carry out actions, alerts, or risk score reporting. Column 24, lines 44-50: The user device may be a personal computer 720 as in FIG. 13A, a cell phone, personal data assistant (PDA), automated teller machine (ATM), or other suitable device capable of accessing a server. Preferably, the service provider server is a web server accessible from the user device via the Internet, or other public network, or a private network. Using a browser to generate requests to a web server are well known to one of ordinary skill before the effective filing date of the claimed invention); 
determining, by the policy enforcement point system, an authorization related data set, based, at least in part, on the machine readable fraud related data, with the authorization related data set relating to a fraud risk of represented by participation of a predetermined computer device (Varghese: column 10, lines 61-67 and column 11, lines 1-2: FAAS process 600 is invoked with the Device ID (and optionally other device and/or user identifying information). This process evaluates its input identifying information and either can, e.g., recommend to the service-provider application or system that the request should be processed further or blocked from the system (referred to herein as "actions"). This process can also provide risk alerts and risk scores (referred to herein as "alerts" and "scores") describing the relative risks of the input request. Column 13, lines 15-40: The methods receive a copy of the request itself or information describing and abstracting the substance of a current request. The input information is processed, and the methods output risk scores, risk alerts, and actions (or action recommendations). Risk scores and alerts are indicia of the likely risks that the current request is incorrect, or malicious, or fraudulent, and so forth. Fraud detection inputs describe the user, the user's device, the location of the user's device, the workflow of transaction entered by the user, historical patterns of user accesses, and data from 3rd party data sources. Column 19, lines 8-20: The device-type data items generally test whether or not a particular device has been used and/or is being used in a manner that suggests it has been accessed by users with a likely malicious intent); 
Varghese teaches receiving a user request, evaluating risk/fraud score in response to the request and initiating action as a result of an elevated risk score but does not explicitly teach: intercepting, by the policy enforcement point system, a response being transmitted over a communications network from a cloud fraud service to a client device, modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response; and sending, by the policy enforcement point system through the communication network, the modified response to the client device. However, Lang teaches:
intercepting, by the policy enforcement point system, a response being transmitted over a communications network from a cloud fraud service to a client device (Lang: [0648] As a consequence, the best of both worlds for such use cases may be to have CMP-PEPs that intercept both inbound (to the resource) and outbound (from the resource) communications),
modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response (Lang: [0470]: CMP-PDP then transmits the decision (and optional actions, e.g. obligations) to CMP-PEP, which enforces the decision (allow, deny, log, redact/filter, trigger specified other action etc.). [0693]: For example, a generic policy could be to "redact all personal identifiable information (PII) by a random placeholder", which could be refined based on a content model to "redact all social security numbers by a random placeholder". [0695] Based on the generated rules, CMP-PDP instructs the redaction/filtering components about which parts of the content to redact/filter, and how to redact/filter (obfuscate, remove, black out, randomize etc.). [0696] Redaction/filtering components ("CMP-RF") do the redaction/filtering based on the instructions provided by CMP-PDP); and 
sending, by the policy enforcement point system through the communication network, the modified response to the client device (Lang: [0698]: This response may include including redaction and filtering instructions, which--in the example depicted in FIG. 35--the RF Service (3525) uses to redact and/or filter the response before it is communicated (3550) to the requesting application (3530)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Lang in the invention of Varghese to include the above limitations. The motivation to do so would be so that the MDS System can be used to manage policies that determine certain content from the returned data to be redacted and/or filtered instead of allowing/denying requests, and carry out other actions such as "alert" (Lang: [0686]).

As per claim 38, Varghese teaches:
A computer implemented method comprising: 
collecting, in a fraud related data cache of a policy enforcement point system through a communication network and from a plurality of cloud fraud services, machine readable fraud related data (Varghese: column 11, line 55-column 12, line 12: The DCR process gathers the results of the current request-authentication processing and stores them in DCR database 1110 in association with the identifying information (for example, the Device ID) for the originating user device. Thereby, the DCR database can provide an historical record of the results of previous request-authentication processing to guide the FAAS in current authentication-request processing. The DCR database includes at least data obtained from the current service provider. Preferably, it also includes data from other service providers. Data from the current request can optionally be supplemented by the third party data similar to that data already retrieved by the FAAS); 
with the response being responsive to a request generated by a browser script in a browser of the client device (Varghese: column 12, lines 12-55: This process is invoked when a user request is received by, e.g., a firewall, and receives information describing the request. In one alternative, this process determines actions and scores from input data descriptive of the user transaction and rules retrieved from database 1809. When the system finds an elevated risk score, it evaluates rules in view of the risk score and can carry out actions, alerts, or risk score reporting. Column 24, lines 44-50: The user device may be a personal computer 720 as in FIG. 13A, a cell phone, personal data assistant (PDA), automated teller machine (ATM), or other suitable device capable of accessing a server. Preferably, the service provider server is a web server accessible from the user device via the Internet, or other public network, or a private network. Using a browser to generate requests to a web server are well known to one of ordinary skill before the effective filing date of the claimed invention); 
determining, by the policy enforcement point system, an authorization related data set, based, at least in part, on the machine readable fraud related data, with the authorization related data set relating to a fraud risk of represented by participation of a predetermined human user (Varghese: column 10, lines 61-67 and column 11, lines 1-2: FAAS process 600 is invoked with the Device ID (and optionally other device and/or user identifying information). This process evaluates its input identifying information and either can, e.g., recommend to the service-provider application or system that the request should be processed further or blocked from the system (referred to herein as "actions"). This process can also provide risk alerts and risk scores (referred to herein as "alerts" and "scores") describing the relative risks of the input request. Column 13, lines 15-40: The methods receive a copy of the request itself or information describing and abstracting the substance of a current request. The input information is processed, and the methods output risk scores, risk alerts, and actions (or action recommendations). Risk scores and alerts are indicia of the likely risks that the current request is incorrect, or malicious, or fraudulent, and so forth. Fraud detection inputs describe the user, the user's device, the location of the user's device, the workflow of transaction entered by the user, historical patterns of user accesses, and data from 3rd party data sources); 
Varghese teaches receiving a user request, evaluating risk/fraud score in response to the request and initiating action as a result of an elevated risk score but does not explicitly teach: intercepting, by the policy enforcement point system, a response being transmitted over a communications network from a cloud fraud service to a client device, modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response; and sending, by the policy enforcement point system through the communication network, the modified response to the client device. However, Lang teaches:
intercepting, by the policy enforcement point system, a response being transmitted over a communications network from a cloud fraud service to a client device (Lang: [0648] As a consequence, the best of both worlds for such use cases may be to have CMP-PEPs that intercept both inbound (to the resource) and outbound (from the resource) communications),
modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response (Lang: [0470]: CMP-PDP then transmits the decision (and optional actions, e.g. obligations) to CMP-PEP, which enforces the decision (allow, deny, log, redact/filter, trigger specified other action etc.). [0693]: For example, a generic policy could be to "redact all personal identifiable information (PII) by a random placeholder", which could be refined based on a content model to "redact all social security numbers by a random placeholder". [0695] Based on the generated rules, CMP-PDP instructs the redaction/filtering components about which parts of the content to redact/filter, and how to redact/filter (obfuscate, remove, black out, randomize etc.). [0696] Redaction/filtering components ("CMP-RF") do the redaction/filtering based on the instructions provided by CMP-PDP); and 
sending, by the policy enforcement point system through the communication network, the modified response to the client device (Lang: [0698]: This response may include including redaction and filtering instructions, which--in the example depicted in FIG. 35--the RF Service (3525) uses to redact and/or filter the response before it is communicated (3550) to the requesting application (3530)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Lang in the invention of Varghese to include the above limitations. The motivation to do so would be so that the MDS System can be used to manage policies that determine certain content from the returned data to be redacted and/or filtered instead of allowing/denying requests, and carry out other actions such as "alert" (Lang: [0686]).

As per claim 39, Varghese teaches:
A computer implemented method comprising: 
collecting, in a fraud related data cache of a policy enforcement point system through a communication network and from a plurality of cloud fraud services, machine readable fraud related data (Varghese: column 11, line 55-column 12, line 12: The DCR process gathers the results of the current request-authentication processing and stores them in DCR database 1110 in association with the identifying information (for example, the Device ID) for the originating user device. Thereby, the DCR database can provide an historical record of the results of previous request-authentication processing to guide the FAAS in current authentication-request processing. The DCR database includes at least data obtained from the current service provider. Preferably, it also includes data from other service providers. Data from the current request can optionally be supplemented by the third party data similar to that data already retrieved by the FAAS); 
with the response being responsive to a request generated by a browser script in a browser of the client device (Varghese: column 12, lines 12-55: This process is invoked when a user request is received by, e.g., a firewall, and receives information describing the request. In one alternative, this process determines actions and scores from input data descriptive of the user transaction and rules retrieved from database 1809. When the system finds an elevated risk score, it evaluates rules in view of the risk score and can carry out actions, alerts, or risk score reporting. Column 24, lines 44-50: The user device may be a personal computer 720 as in FIG. 13A, a cell phone, personal data assistant (PDA), automated teller machine (ATM), or other suitable device capable of accessing a server. Preferably, the service provider server is a web server accessible from the user device via the Internet, or other public network, or a private network. Using a browser to generate requests to a web server are well known to one of ordinary skill before the effective filing date of the claimed invention); 
determining, by the policy enforcement point system, an authorization related data set, based, at least in part, on the machine readable fraud related data, with the authorization related data set relating to a fraud risk of represented by participation of at least one of the following: a predetermined human user or a predetermined computer device (Varghese: column 10, lines 61-67 and column 11, lines 1-2: FAAS process 600 is invoked with the Device ID (and optionally other device and/or user identifying information). This process evaluates its input identifying information and either can, e.g., recommend to the service-provider application or system that the request should be processed further or blocked from the system (referred to herein as "actions"). This process can also provide risk alerts and risk scores (referred to herein as "alerts" and "scores") describing the relative risks of the input request. Column 13, lines 15-40: The methods receive a copy of the request itself or information describing and abstracting the substance of a current request. The input information is processed, and the methods output risk scores, risk alerts, and actions (or action recommendations). Risk scores and alerts are indicia of the likely risks that the current request is incorrect, or malicious, or fraudulent, and so forth. Fraud detection inputs describe the user, the user's device, the location of the user's device, the workflow of transaction entered by the user, historical patterns of user accesses, and data from 3rd party data sources. Column 19, lines 8-20: The device-type data items generally test whether or not a particular device has been used and/or is being used in a manner that suggests it has been accessed by users with a likely malicious intent); 
wherein the computer implemented method utilizes a single enforcement point to participate as an all-encompassing fraud border gateway ((Varghese: Fig. 13B and column 10, lines 7-16, 61-67 and column 11, lines 1-2: In the illustrated preferred embodiment, these processes are structured as shown within the enclosing dotted lines and include: fingerprint processes 400, fraud analysis and alert service ("FAAS"), authenticator service 600, and flagged device module ("FDM"). Links between processes are labeled by important input and output data types. FAAS process 600 is invoked with the Device ID (and optionally other device and/or user identifying information). This process evaluates its input identifying information and either can, e.g., recommend to the service-provider application or system that the request should be processed further or blocked from the system (referred to herein as "actions"). This process can also provide risk alerts and risk scores (referred to herein as "alerts" and "scores") describing the relative risks of the input request).
Varghese teaches receiving a user request, evaluating risk/fraud score in response to the request and initiating action as a result of an elevated risk score but does not explicitly teach: intercepting, by the policy enforcement point system, a response being transmitted over a communications network from a cloud fraud service to a client device, modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response; and sending, by the policy enforcement point system through the communication network, the modified response to the client device. However, Lang teaches:
intercepting, by the policy enforcement point system, a response being transmitted over a communications network from a cloud fraud service to a client device (Lang: [0648] As a consequence, the best of both worlds for such use cases may be to have CMP-PEPs that intercept both inbound (to the resource) and outbound (from the resource) communications),
modifying, by the policy enforcement point system and to generate a modified response, session data included in the intercepted response to filter out sensitive data so that any sensitive data that is present in the intercepted response will not be present in the modified response (Lang: [0470]: CMP-PDP then transmits the decision (and optional actions, e.g. obligations) to CMP-PEP, which enforces the decision (allow, deny, log, redact/filter, trigger specified other action etc.). [0693]: For example, a generic policy could be to "redact all personal identifiable information (PII) by a random placeholder", which could be refined based on a content model to "redact all social security numbers by a random placeholder". [0695] Based on the generated rules, CMP-PDP instructs the redaction/filtering components about which parts of the content to redact/filter, and how to redact/filter (obfuscate, remove, black out, randomize etc.). [0696] Redaction/filtering components ("CMP-RF") do the redaction/filtering based on the instructions provided by CMP-PDP); and 
sending, by the policy enforcement point system through the communication network, the modified response to the client device (Lang: [0698]: This response may include including redaction and filtering instructions, which--in the example depicted in FIG. 35--the RF Service (3525) uses to redact and/or filter the response before it is communicated (3550) to the requesting application (3530)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Lang in the invention of Varghese to include the above limitations. The motivation to do so would be so that the MDS System can be used to manage policies that determine certain content from the returned data to be redacted and/or filtered instead of allowing/denying requests, and carry out other actions such as "alert" (Lang: [0686]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438