DETAILED ACTION
This office action is in response to the correspondence filed on 10/12/2022. This application has a foreign application IN202041025894 filed 06/19/2020. Claims 1-10, and 21-30 are still pending and are examined. Claims 11-20 are canceled. Claims 21-30 are new.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.


Election/Restrictions
Applicant’s election without traverse of claims 1-10 in the reply filed on 10/12/2022 is acknowledged.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 7 and 27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Regarding claims 7 and 27, taking claim 7 as exemplary, “the live computing environment” in the limitation was never recited before. There is insufficient antecedent basis for this limitation in the claim. 
Examiner suggests that “the production computing environment” should be used to be consistent with the independent claim for which it is dependent upon.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 21, and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Das et al. (US Pub No. 2017/0171044 A1, referred to as Das), in view of Raugas et al. (US Pub No. 2016/0173516 A1, referred to as Raugas).
Regarding claims 1, 21, and 30, taking claim 1 as exemplary, Das discloses,
1. (Original) A system comprising:
a non-transitory memory; and (Das: [0045])
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: (Das: [0045])
accessing… for analysis via (Das: [0025]; test traffic and test network infrastructure refer to traffic and network infrastructure that is being used for testing purposes (testing/analysis of any number of purposes).) an audit computing environment separate from a production computing environment, (Das: Fig. 1; [0036]; the test network infrastructure 150 (audit computing environment) represents new network devices and systems not yet put into operation (separate) within a live network environment (production computing environment).) wherein the audit computing environment comprises a first pool of computing devices and (Das: Fig. 1; [0018]; devices under test (DUTs) 142, 144, 146 (first pool of computing devices) within test network infrastructure 150 (audit computing environment).) the production computing environment comprising a second pool of computing devices, and (Das: Fig. 1; [0026]; live network infrastructure 101 (production computing environment) includes network devices 102, 104, 106 (second pool of computing devices).) wherein the audit computing environment is configured to receive at least a portion of data traffic processed by the second pool of computing device in the production computing environment; (Das: [0004]; live traffic metadata is collected for network packets within the live traffic. Application level meta-data is then extracted from the live traffic meta-data… application level test packets are then generated based upon the application level meta-data, and these application level test packets are forwarded to test network infrastructure (audit computing environment receiving a portion of production traffic).)
accessing a plurality of first data processing transactions from the at least the portion of the data traffic; (Das: [0006]; the application level meta-data includes application data (first data processing transactions) and usage data associated with the application data.)
testing… with the plurality of first data processing transactions using the first pool of computing devices; and (Das: [0004]; application level test packets are forwarded to test network infrastructure. [0025]; test traffic and test network infrastructure refer to traffic and network infrastructure that is being used for testing purposes.)
Das does not explicitly disclose, however Raugas teaches,
…a first risk model (Raugas: [0025]; machine learning model. [0023]; a specific machine learning algorithm may use models trained a priori against specific and/or known classes of malware to compute rankable scores.)
determining a first result of… the first risk model with the plurality of first data processing transactions, wherein the first result comprises a first risk score generated from… the first risk model with the plurality of first data processing transactions. (Raugas: [0025]; computer network traffic from a computer network may be sampled and features may be extracted from the network traffic (first data processing transactions), and a machine learning model may be applied to the features to generate a resulting score (first result comprises a first risk score). [0023]; a specific machine learning algorithm may use models trained a priori against specific and/or known classes of malware to compute rankable scores.) 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Raugas into the teachings of Das with a motivation to test any numbers of computer applications without disrupting production networks used by end customers by testing new risk models in a separate test network. 



Claims 2, 5, 22, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Das, in view of Raugas and further in view of Brandwine et al. (US Patent No. 8,839,222 B1, referred to as Brandwine) , and further in view of Bowers et al. (US Pub No. 2016/0300156 A1, referred to as Bowers).
Regarding claims 2 and 22, taking claim 2 as exemplary, the combination of Das and Raugas discloses, 
2. (Original) The system of claim 1,
Das discloses,
…processing the plurality of first data processing transactions… (Das: [0004]; application level test packets are forwarded to test network infrastructure. [0025]; test traffic and test network infrastructure refer to traffic and network infrastructure that is being used for testing purposes.)
Das does not explicitly disclose, however Raugas teaches,
first/second risk model (Raugas: [0025]; machine learning model. [0023]; a specific machine learning algorithm may use models trained a priori against specific and/or known classes of malware to compute rankable scores (the risk models can be used to substitute for the applications below).)
a second result comprises a second risk score generated from… using a second risk model; (Raugas: [0025]; computer network traffic from a computer network may be sampled and features may be extracted from the network traffic, and a machine learning model may be applied to the features to generate a resulting score (second result comprises a second risk score). [0023]; a specific machine learning algorithm may use models trained a priori against specific and/or known classes of malware to compute rankable scores.) 
The same motivation that was utilized for combining Das and Raugas as set forth in claim 1 is equally applicable to claim 2.
The combination of Das and Raugas does not explicitly disclose, however Brandwine teaches,
wherein the first… [application] comprises an updated test version of a production version of the second… [application], wherein the production version is utilized in the production computing environment, and (Brandwine: Coln. 3, ls. 30-33; the test environment includes a test network and test instances. An instance is a test instance while its primary function is to test a potential update to a PES application. Coln. 3, ls. 15-22; the production network and instances receive live incoming network traffic. Consequently, performing the processes described herein for selecting updates to be applied to a PES application on production instances might result in downtime to the production instances. As a result, the processes described herein for selecting updates might be performed incrementally when production instances are utilized in the test environment (testing an updated version of PES application used in production).)
wherein the operations further comprise:
determining a second result comprising a second… [result] generated from… using a second… [application]; and (Brandwine: Coln. 12; l. 65 – Coln. 13, l. 2; the test instances 206X-206Z are instances that are created for the purpose of testing updates to the PES application (second application). Coln. 13, ls. 13-25; the update evaluation component 216 might evaluate one or more direct metrics and/or one or more indirect metrics to determine if the PES application is operating properly (second result is determined and evaluated).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Brandwine into the combination of Das and Raugas with a motivation to reduce or even eliminate the possibility of downtime to the production applications by testing the applicability, compatibility, and cost/benefit of updates to applications on the replicated instances (Brandwine; Coln. 3, ls. 9-12).
The combination of Das, Raugas and Brandwine does not explicitly disclose, however Bowers teaches,
comparing the first result to the second result. (Bowers: [0014]; the model tracker service can compare test results of the production model copy and test models.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Bowers into the combination of Das, Raugas and Brandwine with a motivation to provide a method of evaluating models for higher accuracy and/or consistency by providing a model tracker service (Bowers: [0003]).


Regarding claims 5 and 25, taking claim 25 as exemplary, the combination of Das, Raugas, Brandwine and Bowers discloses, 
5. (Original) The system of claim 2, 
Das discloses,
wherein the audit computing environment is separate from the production computing environment (Das: Fig. 1; [0036]; the test network infrastructure 150 (audit computing environment) represents new network devices and systems not yet put into operation (separate) within a live network environment (production computing environment).) based on the first pool of computing devices operable to process the plurality of first data processing transactions (Das: Fig. 1; [0018]; devices under test (DUTs) 142, 144, 146 (first pool of computing devices) within test network infrastructure 150 (audit computing environment). [0006]; the application level meta-data includes application data (first data processing transactions) and usage data associated with the application data.)) separately from the second pool of computing devices. (Das: [0004]; live traffic metadata is collected for network packets within the live traffic. Application level meta-data is then extracted from the live traffic meta-data… application level test packets are then generated based upon the application level meta-data, and these application level test packets are forwarded to test network infrastructure (audit computing environment receiving a portion of production traffic).)


Claims 7 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Das, in view of Raugas and further in view of Richards et al. (US Pub No. 2016/0269908 A1, referred to as Richards).
Regarding claims 7 and 27, taking claim 27 as exemplary,, the combination of Das and Raugas discloses, 
7. (Original) The system of claim 1,
Das discloses,
wherein the data traffic comprises production data processing transaction processed by the second pool of computing devices in the live computing environment…  (Das: Fig. 1; [0026]; live network infrastructure 101 (live computing environment) includes network devices 102, 104, 106 (second pool of computing devices). [0004]; live traffic metadata is collected for network packets within the live traffic. Application level meta-data is then extracted from the live traffic meta-data.)
The combination of Das and Raugas does not explicitly disclose, however Richards teaches,
production data processing transaction processed… on behalf of users of the system, and wherein the production data processing transaction comprises at least one of an account login, an authentication attempt, an electronic transaction processing request, a user verification, a financial instrument verification, or a service enrollment request. (Richards: [0137]; activation of new accounts includes the submission of user information 2704 to customer care/carrier 2608 in order to facilitate the opening of a new customer account (electronic transaction processing request). [0141]; enable mobile carriers to identify, interact with, and track the integrity of the transaction while the sender and recipient are engaged in the social interaction related to the mobile money transfer. Claim 1; transaction associated with the first live-data flow.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Richards into the combination of Das and Raugas with a motivation place a hold on a transaction associated with live-data flows responsive to detection of a potentially fraudulent condition by monitoring fraudulent transactions relating to a mobile device (Richards abstract).


Allowable Subject Matter
Claims 3-4, 6, 8-10, 23-24, 26 and 28-29 are objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance:
Although prior arts Das, Raugas, Brandwine, Bowers and Richards above disclose all the limitations of the prior claims (see rejections above), none of the prior arts of record alone or in combination discloses a data fingerprint identifying the first data processing transactions, and determining the second result using the data fingerprint; determining whether the first risk model detects an increased amount of fraud over the second model based on the first result and the second result; determining the first data processing transactions based on the selection of the domain; generating a risk score log based on the first result and the second result, wherein the risk score log comprises a performance comparison of the first risk model based on first data processing transactions and the second data processing transactions; and audit computing environment does not include an adjudication operation to execute processing decisions from the risk scores of the data traffic as described in the claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
St. Pierre; Brian			US-PGPUB	US 20210320943 A1	Detecting over-mitigation of network traffic by a network security element
Key; Christopher B.		US-PGPUB	US 20170244743 A1	Method for controlling execution of malicious behavior in production network                                                                                                                                                                                        
Ehle; Braxton Chase		USPAT		US 10686811 B1	Techniques for customer-derived training of intrusion management systems

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435