DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 02/09/2022 has been received and considered.
Claims 1-20 are pending.

EXAMINER’S AMENDMENT
2.	Authorization for this examiner’s amendment was given by Steven Rouche, Reg. No. 52176 on 06/08/2022. The application has been amended as follows: 
14. (CURRENTLY AMENDED) An apparatus comprising: 
one or more non-transitory computer-readable storage media; 
a processing system operatively coupled with the one or more computer-readable storage media; and program instructions stored on the one or more computer-readable storage media that, when executed by the processing system, direct the processing system to at least: 
interact with a web server to observe and learn legitimate response behavior of the web server; 
provide the legitimate response behavior of the web server to an isolated mitigation server module configured to mimic responses of the web server based on the legitimate response behavior of the web server; 
intercept a web request from a client directed to the web server providing a web service; identify whether or not the web request is malicious; 
when the web request is identified as malicious, prevent the web request from reaching the web server and instead redirect the web request to the isolated mitigation server module, in the isolated mitigation server module, process the web request with the legitimate response behavior of the web server to dynamically generate artificial content that mimics legitimate response behavior of the web server based on a type of web page targeted by the web request, and present the artificial content to the client in response to the web request.
20. (CURRENTLY AMENDED) One or more non-transitory computer-readable storage media to facilitate prevention of malicious attacks on a web service, comprising: 
first program instructions stored on the one or more computer-readable storage media that, when executed by a computing system, direct the computing system to at least:
 interact with a web server to observe and learn legitimate response behavior of the web server; 
provide the legitimate response behavior of the web server to an isolated mitigation server configured to mimic responses of the web server based on the legitimate response behavior of the web server; 
intercept a web request from a client directed to the web server; 
identify whether or not the web request is malicious; and when the web request is identified as malicious, prevent the web request from reaching the web server and instead redirect the web request to an isolated mitigation server; and 
second program instructions stored on the one or more computer-readable storage media that, when executed by the isolated mitigation server, direct the isolated mitigation server to at least: process the web request with the legitimate response behavior of the web server to dynamically generate artificial content that mimics the legitimate response behavior of the web server based on a type of web page targeted by the web request; and present the artificial content to the client in response to the web request.

Allowable Subject Matter
3.	Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: The claims are allowed over the prior art of record based on the Applicant’s arguments and amendments of 02/09/2022. After further search and consideration, the prior arts of record either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the particular features incorporated in each independent claims. 
US 20170195353 A1 – Detecting malicious network traffic.
US 20170078326 A1 – Secured user credential management.
Claims are allowed in light of the above updated prior art search in combination with the Applicant’s arguments and amendments. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437                                                                                                                                                                                                        
/ALI S ABYANEH/Primary Examiner, Art Unit 2437