DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application discloses and claims only subject matter disclosed in prior application no16/190,066, filed11/13/2018, and names the inventor or at least one joint inventor named in the prior application. Accordingly, this application may constitute a continuation. Should applicant desire to claim the benefit of the filing date of the prior application, attention is directed to 35 U.S.C. 120, 37 CFR 1.78, and MPEP § 211 et seq.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on the 02/28/22.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Instant application 17/563,440
US 11265323 B2
8.	1. A system comprising: a non-transitory memory storing instructions; and one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising:
 directing, in response to determining that a login attempt into a first account indicates fraud, a computing device to a login into a second account; 








generating imitation account data for the second account, wherein the imitation account data is usable to simulate transactions; 
providing for display on a user interface on the computing device the second account with imitation account data, wherein the imitation account data is actionable for executing fake transactions; and 

recording interactions between the computing device and the imitation account data on the second account.
1. A system comprising: a non-transitory memory storing instructions; and one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising: 
detecting an account login attempt from a computing device; determining that the account login attempt indicates fraud; 
determining, in response to the determining that the account login attempt indicates fraud, a fictitious account that provides limited account functionality; permitting the computing device to log in to the fictitious account; and monitoring account usage data of the fictitious account, wherein the monitoring comprises: receiving a transaction processing request, 
generating imitation account data for the transaction processing request using the fictitious account, 
wherein the imitation account data displays a fake completion of the transaction processing request without processing a payment for the transaction processing request, outputting a user interface that displays the imitation account data as the fake completion of the transaction processing request, 
detecting a response to the imitation account data in the user interface, and adjusting the imitation account data based on the response.




Claims 1-20 are rejected on the ground of non-statutory double patenting as being unpatentable over claim 1-20 of U.S. Patent No. US 11265323 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because of similar limitations with minor variations.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over McClintock et al(US 10574697 B1).

With regards to claim 1, McClintock discloses,  A system comprising: a non-transitory memory storing instructions; and one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising: 
directing, in response to determining that a login attempt into a first account indicates fraud, a computing device to a login into a second account (FIG 3 318 with “yes”, step 321 and associated text; );
 generating imitation account data for the second account, wherein the imitation account data is usable to simulate transactions (col 2line 40-55; However, in reality, the server has detected fraudulent intent by the user and is providing access to a honeypot environment configured to mimic a successful login. A variety of criteria as will be discussed may be leveraged in order to determine whether the user has fraudulent intent. For example, multiple failed logins beyond a certain threshold may be indicative of fraudulent intent. Alternatively, if the user has provided one or more password dictionary credentials or credentials that correspond to known compromised credentials, fraudulent intent may be inferred. );
 providing for display on a user interface on the computing device the second account with imitation account data, wherein the imitation account data is actionable for executing fake transactions (Col 2line 50-60; However, in reality, the server has detected fraudulent intent by the user and is providing access to a honeypot environment configured to mimic a successful login. A variety of criteria as will be discussed may be leveraged in order to determine whether the user has fraudulent intent. .. In some cases, portions of this fake data may be generated based at least in part on real data associated with the account for which a malicious user is attempting to gain access. In some cases, it may be configured to use the real name, or real first name, of the user account identified by the malicious user via the entered email address. Here, the user interface 112 greets the malicious user as “Welcome, John Doe!,” where “John Doe” may be the name associated with the user account identified by the email address “johndoe123@email.”  ); and 
recording interactions between the computing device and the imitation account data on the second account (FIG 3 327 and associated text; Col 9 line 25-35; After box 321, the authentication service 215 may record the incorrect credential in the recorded honeypot credentials 236. ). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify  McClintock base embodiment(FIG 1-2) with teaching of other embodiments in order to provide secure authentication by limiting Brute-force attacks(McClintock Col 1line 5-15; )

With regards to claim 2, McClintock further discloses, wherein the operations further comprise updating the imitation account data based on the interactions between the computing device and the imitation account data on the second account (FIG 3 315 and associated text; Col 6 line 40-50; ) The honeypot log data 239 may record any or all actions performed in the honeypot environment by users. For example, if a user navigates to an order history in the honeypot environment, the honeypot log data 239 may record that action as well as what was displayed to the user. In addition, the honeypot log data 239 may record network addresses, user agent strings, timestamps, data supplied by the user, and/or other information relevant to user sessions in the honeypot environment. ).

With regards to claim 3, McClintock further discloses, wherein the first account is a real account and the second account is a fictitious account (FIG 3 309 and 321 and associated text;).

With regards to claim 4, McClintock further discloses, wherein the fictitious account provides access to an account dashboard interface including false personal information and false financial information, the false personal information and false financial information being generated using the imitation account data (Col 2line 50-60; However, in reality, the server has detected fraudulent intent by the user and is providing access to a honeypot environment configured to mimic a successful login. A variety of criteria as will be discussed may be leveraged in order to determine whether the user has fraudulent intent. .. In some cases, portions of this fake data may be generated based at least in part on real data associated with the account for which a malicious user is attempting to gain access. In some cases, it may be configured to use the real name, or real first name, of the user account identified by the malicious user via the entered email address. Here, the user interface 112 greets the malicious user as “Welcome, John Doe!,” where “John Doe” may be the name associated with the user account identified by the email address johndoe123@email.; col 6 line 55-65; The fake honeypot data 243 may include fake or bogus data generated as part of the operation of the honeypot application 221. Such data may be leveraged for the honeypot environment to appear to resemble or mimic the production environment for a legitimate account. Such fake honeypot data 243 may include fake names, fake payment instruments, fake order history, and so on. In some scenarios, the fake honeypot data 243 may be generated based at least in part on real account data 224. The fake honeypot data 243 may be stored for return accesses to honeypot environments.).

With regards to claim 5, McClintock further discloses, wherein the first account is determined based on the credentials provided in the login attempt (FIG 3 309 and associated text;).

With regards to claim 6, McClintock further discloses, wherein the imitation account data is generated based on at least one of credentials provided in the login attempt or real account data associated with the first account (FIG 3 312 and associated text;).

With regards to claim 7, McClintock further discloses, wherein the operations further comprise: determining, based on the recorded interactions, that a subsequent account login attempt is a valid login attempt (FIG 3 306 with “Y”, and associated text;); and logging a computing device associated with the valid login attempt into the real account (FIG 3 309, and associated text;).

With regards to claim 8, McClintock further discloses, wherein the second account is provided for display on the user interface of on the computing device with limited account functionalities using the imitation account data(FIG 4 410 and associated text;).

With regards to claim 9, McClintock further discloses, wherein the limited account functionalities include at least one of electronic transaction processing services, funding source usage processes, account transaction history lookup, or account information lookup (col 6 line 55-65; The fake honeypot data 243 may include fake or bogus data generated as part of the operation of the honeypot application 221. Such data may be leveraged for the honeypot environment to appear to resemble or mimic the production environment for a legitimate account. Such fake honeypot data 243 may include fake names, fake payment instruments, fake order history, and so on. In some scenarios, the fake honeypot data 243 may be generated based at least in part on real account data 224. The fake honeypot data 243 may be stored for return accesses to honeypot environments.).

With regards to claim 10, McClintock discloses,  A method comprising: 
generating, for a login request from a computing device identified as using compromised login credentials (FIG 3 321 and associated text; ), a fictitious account corresponding to a real account associated with the compromised login credentials ((col 2line 40-55; However, in reality, the server has detected fraudulent intent by the user and is providing access to a honeypot environment configured to mimic a successful login. A variety of criteria as will be discussed may be leveraged in order to determine whether the user has fraudulent intent. For example, multiple failed logins beyond a certain threshold may be indicative of fraudulent intent. Alternatively, if the user has provided one or more password dictionary credentials or credentials that correspond to known compromised credentials, fraudulent intent may be inferred.); 
directing the computing device to a login into the fictious account (FIG 3 321 and associated text;);
 providing for display on a user interface on the computing device the fictitious account, the fictitious account using imitation account data (Col 2line 50-60; However, in reality, the server has detected fraudulent intent by the user and is providing access to a honeypot environment configured to mimic a successful login. A variety of criteria as will be discussed may be leveraged in order to determine whether the user has fraudulent intent. .. In some cases, portions of this fake data may be generated based at least in part on real data associated with the account for which a malicious user is attempting to gain access. In some cases, it may be configured to use the real name, or real first name, of the user account identified by the malicious user via the entered email address. Here, the user interface 112 greets the malicious user as “Welcome, John Doe!,” where “John Doe” may be the name associated with the user account identified by the email address “johndoe123@email.”); and 
recording account usage data of interactions between the computing device and the fictitious account (FIG 3 327 and associated text; Col 9 line 25-35; After box 321, the authentication service 215 may record the incorrect credential in the recorded honeypot credentials 236. ). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify  McClintock base embodiment(FIG 1-2) with teaching of other embodiments in order to provide secure authentication by limiting Brute-force attacks(McClintock Col 1line 5-15; )

With regards to claim 11, McClintock further discloses, wherein the imitation account data is usable to simulate transactions (col 4 line 5-20; 18) The honeypot application 221 may comprise any number of applications configured to provide a honeypot environment for users who have been identified as likely having fraudulent intent. The honeypot application 221 may be configured to simulate or mimic the environment provided by the production application 218. In some cases, the honeypot application 221 may be a modified version of the production application 218. In other cases, the honeypot application 221 may be an entirely different application from the production application 218. ).

With regards to claim 12, McClintock further discloses, wherein the imitation account data is generated based on at least one of the compromised credentials or real account data associated with the compromised credentials (Col 5 line 45-60; The honeypot selection criteria 230 may consider numbers of user accounts (e.g., a threshold for number of user accounts impacted), frequency of login attempts (e.g., a threshold for login attempts per minute), source network address (e.g., network addresses from certain geographic regions may be considered suspicious depending on a login history of the user), login history for the user accounts (e.g., previous N attempts to login were always successful), and/or other criteria. In some embodiments, the honeypot selection criteria 230 may specify that access to a honeypot environment is to be provided if the failed login attempt specifies a credential from compromised credential data 233, recorded honeypot credentials 236, or a credential dictionary 242.).

With regards to claim 13, McClintock further discloses, further comprising updating the imitation account data based on the recorded account usage data of the interactions between the computing device and the fictitious account (Col 2 line 15-20; Recorded honeypot credentials 236 may correspond to credentials that were supplied by users before they were provided access to a honeypot environment. If a user provides a credential “password1” for username “johndoe123” and then is routed to a honeypot environment, “password1” is recorded in association with “johndoe123” so that when the user returns and supplies the credential “password1,” the same honeypot environment may be provided. This results in a consistent experience for attackers across visits, which is unlikely to tip them off to the fact that a honeypot environment is being provided. The recorded honeypot credentials 236 may be shared with other organizations in order to detect when an attacker attempts to reuse such credentials to access accounts provided by the other organizations ).

With regards to claim 14, McClintock further discloses, further comprising: determining, based on performing an analysis of the account usage data , that the login request was legitimate; and redirecting, based on the determining that the login request was legitimate, the computing device to a real account associated with the login credentials (col 8 line 45-60;  Beginning with box 303, the authentication service 215 receives an authentication request from a client device 206. For example, the client device 206 may submit an HTTP GET or POST request that specifies a username, a password, and/or other credentials for an account. In box 306, the authentication service 215 determines whether the authentication request specifies correct security credentials 245 (FIG. 2). If the request specifies the correct security credentials 245, in box 309, the authentication service 215 allows the client device 206 to log into the production environment via the production application 218 (FIG. 2).).

With regards to claim 15, McClintock further discloses, wherein the analysis comprises at least one of a de- anonymization process (Col 7 line 35-40; The authentication service 215 receives login requests from the client device 206 corresponding to login attempts by the attacker. If the real user logs in initially with the correct security credentials 245, authentication proceeds as normal, and the user is routed to the production application 218. ), a tracking of endpoints, a performance of tests to detect activity associated with bad actors, or a fingerprinting process

Claims 16-17 is a product claims corresponding system claim 1-2, also rejected accordingly.

Claim 18 is a product claims corresponding system claims combining  3-4, also rejected accordingly.

Claim 19 is a product claims corresponding system claims combining  5-6, also rejected accordingly.

Claim 20 is a product claims corresponding system claims combining  8-9, also rejected accordingly.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498