DETAILED ACTION
	Claims 1-20 are presented on 07/31/2021 for examination on merits.  Claims 1, 7, and 15 are independent base claims.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Applicant Arguments/Remarks or a section following the Remarks.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted for examination on merits is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered by the examiner. See the annotated 1449 documents.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,223,645 B2 (hereinafter “USPAT 645”). 
Although the claims at issue are not identical, they are not patentably distinct from each other because they claim the same subject matter of replicating encrypted data across storage systems.

	Regarding claim 1, USPAT 645 anticipates:
A system, comprising: 
a processor (USPAT 645, CLM. 14: one or more hardware processors); and 
a non-transitory computer-readable medium having stored thereon instructions executable (USPAT 645, CLM. 1: the non-transitory memory and instructions) to cause the system to perform operations comprising: 
receiving a first request for an electronic service from a user device corresponding to a first risk source, wherein the first risk source comprises a network address (USPAT 645, CLM. 1: receiving, from a risk source, a request for performing an electronic transaction, wherein the request is associated with first security data; CLM. 6: wherein the first security data comprises an Internet Protocol (IP) address); 
determining initial security data for the first risk source comprising information contained directly in the first request, the initial security data including the network address (USPAT 645, CLM. 6: wherein the first security data comprises an Internet Protocol (IP) address, wherein the first level of security data comprises a Classless Inter-Domain Routing (CIDR) range associated with the IP address); 
based on the initial security data, deriving secondary security data for the first risk source using the secondary security data, wherein the secondary security data is not included in the first request or the initial security data (USPAT 645, CLM. 1: generating enriched security data for the risk source by recursively deriving an additional level of security data using a previous level of security data until a predetermined recursive level is reached); 
using at least the initial security data and the secondary security data, determining a device security fingerprint for the first risk source (USPAT 645, CLM. 1: generating a first fingerprint based on the enriched security data); 
based on an analysis of the first request for the electronic service, dynamically determining a similarity threshold for a comparison of the device security fingerprint (USPAT 645, CLM. 8: comparing the first fingerprint with the second and third fingerprints which are used as a dynamically determined similarity threshold); 
comparing the device security fingerprint to information in a database comprising a plurality of bad device security fingerprints for a plurality of risk sources categorized as bad risk sources and comprising a plurality of good device security fingerprints for a plurality of risk sources categorized as good risk sources (USPAT 645, CLM. 1: determining a risk level for the risk source by (i) comparing the first fingerprint against a second fingerprint associated with a first risk type and (ii) comparing the first fingerprint against a third fingerprint associated with a second risk type);
using the dynamically determined similarity threshold to determine a result of comparing the device security fingerprint, wherein the result indicates whether the first request represents a security risk (USPAT 645, CLM. 8: determining … a first similarity score indicating an amount of shared security data between the first fingerprint and the at least second fingerprint; here the second and third fingerprints are used as a dynamically determined similarity threshold); and 
based on the determined result, determining whether to allow the first request for the electronic service to be processed (USPAT 645, CLM. 1: authorizing or denying the electronic transaction based on the risk level determined for the risk source).
Independent claims 7 and 15 are rejected for the same reason as claim 1, because they each recite the same limitations in similar language.
Regarding dependent claims 2-6, 8-14, and 16-20 of the present application, they are obvious variants of the same subject matter as found in the reference application, and thereby rejected under the judicially created doctrine of obviousness-type double patenting.

Allowable Subject Matter
Claims 1-20 are allowable over prior art for the following reasons:
Independent claims 1, 7, and 15 each repeat a substantial portion of the allowable subject matter of the parent Application No. 16160834, filed 10/15/2018, now U.S. Patent #11,223,645.  The claims recite elements of “determining initial security data for the first risk source comprising information contained directly in the first request, the initial security data including the network address; based on the initial security data, deriving secondary security data for the first risk source using the secondary security data, wherein the secondary security data is not included in the first request or the initial security data; using at least the initial security data and the secondary security data, determining a device security fingerprint for the first risk source; comparing the device security fingerprint to information in a database comprising a plurality of bad device security fingerprints for a plurality of risk sources categorized as bad risk sources and comprising a plurality of good device security fingerprints for a plurality of risk sources categorized as good risk sources… to determine a result of comparing the device security fingerprint, wherein the result indicates whether the first request represents a security risk.”  These elements and the features thereof, in combination with the other limitations in the independent claims, are not anticipated by, nor made obvious over the prior art of record.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953.  The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862.  The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000.


/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        09/29/2022