DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 01/03/22.  Claims 1-16 are still pending and have been considered below.

Election/Restrictions
Applicant’s election without traverse of Invention I (Claims 1-16) in the reply filed on 01/03/22 is acknowledged.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 7 and 9-16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 7 recites the limitation "the group of malicious indicators" in line 5.  There is insufficient antecedent basis for this limitation in the claim.  Examiner notes that the preceding claim language does not appear to establish a first instance of a “group of malicious indicators”; 
Claim 9 recites the limitation "the authorized account" in line 6.  There is insufficient antecedent basis for this limitation in the claim.  Examiner notes that the preceding claim language does not appear to establish a first instance of an “authorized account”; thus, renders the claim indefinite in that it is unclear as to what the limitation in question is in reference to.
Claims 10-12, 15 and 16 recite the limitation "the account" throughout the claims.  There is insufficient antecedent basis for this limitation in the claims.  Examiner notes that the preceding claim language appears to establish at least a first instance of an “account” in addition to a separate and distinct instance of an “authorized account” (see lines 3 and 6 of Claim 9); thus, render the claims indefinite in that it is unclear as to which one the limitation in question should be in reference to.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-5, 8-11 and 14-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herbert (2012/0042364) in view of Shulman et al. (2015/0013006).
Claim 1:  Herbert discloses a system, comprising:
a processor [page 10, paragraph 0097];
a memory coupled to the processor [page 10, paragraph 0098]; and
a proxy configured to:
receive a request to establish a session with an application, the request including at least one credential for establishing the session(attempt to access application with password) [page 2, paragraph 0018]; 
determine, by the processor, that the at least one credential is valid but that the request is an unauthorized request(determines that the entered password is a false password associated with the user and that the party is an unauthorized user) [page 2, paragraph 0021]; and
upon determining that the request is an unauthorized request, establish a cloned application session instead of the requested session with the application, the cloned application session including at least some alternative data in place of data associated with an application account(redirect provider of false password to a honey pot system configured to mimic an appearance and functionality of the application) [page 2, paragraphs 0022-0023];
but does not explicitly disclose that the determining is based on an identifier associated with the request.
However, Shulman et al. discloses a similar invention [page 3, paragraph 0027] and further discloses that the determining is based on an identifier associated with the request(generate reverse honey tokens of any type including various identifiers, which are placed on client end station and monitored for attempted use/requests on network) [page 5, paragraph 0042 | page 6, paragraphs 0046-0047 & 0050].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Herbert with the additional features of Shulman et al., in order to accurately detect external and internal attackers without causing false positive alerts, as suggested by Shulman et al. [page 1, paragraph 0005].
Claim 2:  Herbert and Shulman et al. disclose the system of claim 1, and Shulman et al. further discloses wherein the identifier is a digital fingerprint reflecting characteristics of at least one of a user associated with the unauthorized request or a computing device associated with the unauthorized request(username, network address, filename/identifier, a directory name, a file system path, a URL or URI, a port number, a machine/host name, a database name, a table name, a database column name, a database query, a database connection string, details describing a protocol, an encryption key, a hash function name or algorithm, data representing an answer for a “secret” question, a program name, a telephone number, an operating system name or identifier, a name or identifier of a software program, a cookie value of an HTTP cookie…selected based on the configuration and/or specific characteristics of client end station) [page 5, paragraphs 0042-0043].
Claim 3:  Herbert and Shulman et al. disclose the system of claim 2, and Shulman et al. further discloses wherein the digital fingerprint was generated during a previous session with the application(when connected to distribution module to retrieve reverse honey tokens, application configuration data and/or configuration repositories) [page 6, paragraphs 0046-0048].
Claim 4:  Herbert and Shulman et al. disclose the system of claim 1, and Shulman et al. further discloses wherein the identifier is one of a group of malicious identifiers for which cloned (used to detect intruders and/or attackers which allows for malicious access of seemingly valid data by providing fake responses to attacker) [page 3, paragraph 0027].
Claim 5:  Herbert and Shulman et al. disclose the system of claim 4, and Shulman et al. further discloses wherein the identifier is determined to be a malicious identifier of the group of malicious identifiers based on activity during a previous application session associated with the identifier(during deployment of reverse honey tokens, application configuration data and/or configuration repositories) [page 6, paragraphs 0046-0048].
Claim 8:  Herbert and Shulman et al. disclose the system of claim 1, and Herbert further discloses wherein the application is a web application [page 2, paragraph 0017].
Claim 9:  Herbert discloses a method for securing an application, the method comprising:
determining that a first session with the application is associated with an unauthorized user accessing an account [page 2, paragraph 0018];
transferring the unauthorized user from the first session to a first cloned session of the application, wherein the first cloned session includes at least some alternative data in place of data associated with the authorized account [page 2, paragraphs 0022-0023];
receiving a request to establish a second session with the application(any number of hostile computing systems can attempt access any number of times; thus, the same hostile computing system or another hostile computing system can perform at least a second access attempt) [page 2, paragraph 0018]; and 
upon determining that the request to establish the second session is associated with the an unauthorized user, establishing a second cloned session instead of the second session with the application [page 2, paragraphs 0022-0023];

However, Shulman et al. discloses a similar invention [page 3, paragraph 0027] and further discloses generating an identifier representing the unauthorized user and determining that the request to establish the second session is associated with the identifier representing the unauthorized user [page 5, paragraph 0042 | page 6, paragraphs 0046-0047 & 0050].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Herbert with the additional features of Shulman et al., in order to accurately detect external and internal attackers without causing false positive alerts, as suggested by Shulman et al. [page 1, paragraph 0005].
Claim 10:  Herbert and Shulman et al. disclose the method of claim 9, and Herbert further discloses further comprising: receiving a request to establish a third session with the application(when the legitimate user attempts access) [page 2, paragraph 0018]; and upon determining that the request to establish the third session is not associated with the identifier representing the unauthorized user, providing an indication that the account is locked(when access is attempted by the legitimate user after an attack has been detected, the user’s account would be locked from access) [page 7, paragraphs 0070-0071].
Claim 11:  Herbert and Shulman et al. disclose the method of claim 9, and Herbert further discloses further comprising generating a notification for an authorized user of the account that the account is locked(security reassessed, password reset, etc.) [page 7, paragraphs 0070-0071].
Claim 14:  Herbert and Shulman et al. disclose the method of claim 9, and Shulman et al. further discloses wherein the identifier is a digital fingerprint reflecting characteristics of the 
Claim 15:  Herbert and Shulman et al. disclose the method of claim 9, and Shulman et al. further discloses wherein the identifier representing the unauthorized user is generated after the first session is established and before it is determined that the first session is associated with the unauthorized user accessing the account(reverse honey tokens must be deployed to end station first before intruder can potentially use them to attempt access) [page 6, paragraphs 0046-0048].
Claim 16:  Herbert and Shulman et al. disclose the method of claim 9, and Shulman et al. further discloses wherein determining that the first session is associated with the unauthorized user accessing the account is based on actions performed during the first session [page 6, paragraphs 0046-0048].

Allowable Subject Matter
Claims 6, 7, 12 and 13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Touboul et al. (2017/0270294).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686. The examiner can normally be reached Monday-Friday 9AM-5PM EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/EDWARD ZEE/Primary Examiner, Art Unit 2435