DETAILED ACTION
This communication is in respond to application filed on September 2, 2020 in which claims 1-15 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/02/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 8-15 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 8 recites the limitation “time notifications of data breach” in line 2, the scope of this limitation is not clear. For the following rejection, this limitation is interpreted as “real-time notifications of data breach” based on similar recitation in claim 1.
Claim 9 recites the limitation “A system real-time notifications of data breach” in line 1, the scope of this limitation is not clear. For the following rejection, this limitation is interpreted as “A system for real-time notifications of data breach”.
Claim 12 recites the limitation "The method of claim 1, wherein the system..." in line 1.  There is insufficient antecedent basis for this limitation (“the system”) in the claim. For the following rejection, this limitation is read as “The system of claim [[1]] 9, wherein the system...”.
Claims 13-15 each recites the limitation "The system of claim 1" in line 1.  There is insufficient antecedent basis for this limitation in the claim. For the following rejection, this limitation is read as “The system of claim [[1]] 9”.
The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6-11 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over US PG-PUB No. 2020/0204589 A1 to Strogov et al. (hereinafter Strogov) in view of US PG-PUB No. 2006/0080534 A1 to Yeap et al. (hereinafter Yeap).
As per claim 1, Strogov disclosed a method for real-time notifications of data breach in a computerized environment, comprising: 
receiving a unique digital certificate (Strogov, par 0045, verification of whether process is in a trusted list, and “attribution to such a list can be made by the filesystem 102 based on a digital signature certificate”, receiving of certificate corresponding to the process implied); 
associating the unique digital certificate with a first deceptive decoy element of a plurality of deceptive decoy elements deployed in a data source of the computerized environment (Strogov, par 0045-0047, “...responsive to receiving the directory enumeration request, the filesystem 102 may check whether the process is on a list of trusted or safe applications, threads, and processes maintained by the filesystem 102 (e.g., a whitelist). In some aspects, attribution to such a list can be made by the filesystem 102 based on a digital signature certificate,... responsive to determining that the process issuing the directory enumeration request is not on the trusted list, at step 306, the filesystem 102 provides the file list 105 that includes the file honeypots to the untrusted process...”, par 0029, “Each of the file honeypots 110 act as decoy files that facilitate the system 100 with identifying which of the user processes 111 might be malware that maliciously modifies the users' files in the storage device 115”); 
generating a notification indicative of a data breach, in real-time, upon receipt of a request for validation of the unique digital certificate associated with the first deceptive decoy element, wherein the data breach is of the first deceptive decoy element (Strogov, par 0049, “the honeypot driver 103 may identify the process as a suspicious object responsive to intercepting the file modification request from the process. In some aspects, the honeypot driver 103 may identify the process as a malicious object based on the interception of the file modification request to a file honeypot. In some aspects, the honeypot driver 103 may add the process and its parent software application to a list of unreliable software.”); and 
sending the generated notification to at least one predetermined computerized source (Strogov, par 0049, “In some aspects, the honeypot driver 103 may add the process and its parent software application to a list of unreliable software. In subsequent operation, the honeypot driver 103 may intercept and prevent the execution of any subsequent file modification requests coming from that identified process. In other aspects, the filesystem filter driver or other security application may perform comprehensive security and malware analysis using the list of unreliable software to target specific software (e.g., process 111)”, the disclosed “filesystem filter driver or other security application” corresponds to the claimed at least one predetermined computerized source);
Strogov does not explicitly disclose “the unique digital certificate includes an identifier utilized to initiate communication with a computing device in the computerized environment upon a validation attempt of the unique digital certificate”; however, in an analogous art in computer resource access control, Yeap disclosed resource access request containing a unique digital certificate which includes an identifier utilized to initiate communication with a computing device in the computerized environment upon a validation attempt of the unique digital certificate (Yeap, Abstract, unique identifiers embedded in certificate for access control, also par 0068-0069, par 0072-0076, certificate received and examined, client identifier and server identifier are extracted and compared); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Strogov to incorporate the access request certificate implementation as disclosed by Yeap, in order to ensure both requesting and receiving device can be verified as suggested by Yeap (Yeap, Abstract).

As per claim 2, Strogov-Yeap disclosed the method of claim 1, wherein the request comprises at least a serial number of the first deceptive decoy element and an internet protocol (IP) address of an end-point device of the computerized environment from which the request was sent (Yeap, par 0063, “The way in which the unique identifier for access server 62 is created or assigned is not particularly limited. For example, the unique identifier may be a serial number associated with the central processing unit of access server 62, or a media access control ("MAC") address of a network interface in server 62, or a smart card for use in a smart card reader associated with server 62, or the name of server 62, or a set of servers collectively forming the function of server 62, or the like”, par 0073, “The expected identity of the originator of the request for access from step 310 can be obtained in any desired manner, such as by examining the internet protocol ("IP") address of client device 50 that came with the request received at step 310 and/or by examining the MAC address embedded within the packets transmitted by client device 50.”, the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

As per claim 3, Strogov-Yeap disclosed the method of claim 1, wherein the generated notification includes a serial number and a network address of the computing device (Yeap, par 0063, “The way in which the unique identifier for access server 62 is created or assigned is not particularly limited. For example, the unique identifier may be a serial number associated with the central processing unit of access server 62, or a media access control ("MAC") address of a network interface in server 62, or a smart card for use in a smart card reader associated with server 62, or the name of server 62, or a set of servers collectively forming the function of server 62, or the like”, the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

As per claim 6, Strogov-Yeap disclosed the method of claim 1, wherein the deceptive decoy element is a data element simulating an existing data element in the data source (Strogov, par 0029, “The honeypot driver 103 may create one or more file honeypots 110 within a directory 109 on the filesystem, and add the file honeypots 110 to a file list 105 for the directory 109”).

As per claim 7, Strogov-Yeap disclosed the method of claim 1, wherein the data source is at least a folder of a file system, the deceptive decoy element is a data file (Strogov, par 0029, “The honeypot driver 103 may create one or more file honeypots 110 within a directory 109 on the filesystem, and add the file honeypots 110 to a file list 105 for the directory 109”).

Claim 8 recites substantially the same limitations as claim 1, in the form of a computer readable medium with instructions for implementing the corresponding method, therefore, it is rejected under the same rationale.

Claims 9-11 and 14-15 recite substantially the same limitations as claims 1-3 and 6-7, respectively, in the form of a system implementing the corresponding method, therefore, they are rejected under the same rationale.

Claims 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Strogov in view of Yeap as applied to claim 1 above, and further in view of US PG-PUB No. 2019/0222587 A1 to Kamir et al. (hereinafter Kamir).
As per claim 4, Strogov-Yeap disclosed the method of claim 1; Strogov-Yeap does not explicitly disclose annihilating the first deceptive decoy element after a predetermined time period; however, in an analogous art in deceptive based network access control, Kamir disclosed the concept of modifying deception element after a predefined time period (Kamir, par 0036, “...at least one parameter (e.g., a web link name, content of a link, web form input fields, etc.) of each deception element 204 may be modified (e.g., randomly modified by processor 201) after a predefined time period...”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Strogov to further incorporate the concept of periodic modifications of deception element as disclosed to Kamir, in order to prevent scanners from identifying the pattern of the deception element 204 and thereby ignoring them as suggested by Kamir (Kamir, par 0036).

Claim 12 recites substantially the same limitations as claim 4, in the form of a system implementing the corresponding method, therefore, it is rejected under the same rationale.

Claims 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Strogov in view of Yeap as applied to claim 1 above, and further in view of US PG-PUB No. 2012/0240192 A1 to Orazi et al. (hereinafter Orazi).
As per claim 5, Strogov-Yeap disclosed the method of claim 1; Strogov-Yeap does not explicitly disclose the identifier is at least a uniform resource locator (URL); however, in an analogous art in network access control, Orazi disclosed certificate based access control where certificate contains identifiers including at least a uniform resource locator (URL) (Orazi, par 0043, “The access certificate manager 305 can identify OIDs in the entitlement certificate that are configured to be paired with a location of a product repository (e.g., URL) and identifies the URL in the entitlement certificate that is paired with the OID”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Strogov to further incorporate certificate with URL for identifying location as disclosed by Orazi, in order to allow verification of location information in the form of URL as suggested by Orazi (Orazi, par 0043).

Claim 13 recites substantially the same limitations as claim 5, in the form of a system implementing the corresponding method, therefore, it is rejected under the same rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Vera-Schockner (US Pat. No. 9,667,619 B1) disclosed a method and system for utilizing client side authentication to select services available at a given port number.
Bengtson et al. (US PG-PUB No. 2019/0349369 A1) disclosed a method and system for detecting credential compromise in a cloud resource.
	
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Linglan Edwards whose telephone number is (571)270-5440. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/LINGLAN EDWARDS/Primary Examiner, Art Unit 2491