DETAILED ACTION
1.	Claims 1-20 are pending in this examination.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Examiner's Note:  Note for invoking 35 U.S.C. 112, sixth paragraph
4.	As per claims 1, 3-6, 8-11; and 20 claim elements “...data module configured to…’”; “…match module configured to…”; “…action module configured to…”; “…breach module configured to…”; and mean for receiving, mean for determining, mean for triggering has/have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
5.	A review of the specification shows that the above appears to be supported the corresponding structure described in the specification.
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Interpretation - 35 USC § 112
6.1.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding

6.2.	Referring to claim 20, claim element mean for receiving, mean for determining, mean for triggering is a means plus function limitation that invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for the claimed function.  Applicant does not specify the means in the specification.  Therefore, it is unclear to examiner as to the required hardware/structure and algorithms the means for language represents. 
Applicant is required to:(a)    Amend the claim so that the claim limitation will no longer be a means  plus function limitation under 35 U.S.C. 112, sixth paragraph; or(b)     Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the claimed function without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant is required to clarify the record by either: 	(a)    Amending the written description of the specification such that it expresslyrecites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 	(b)    Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function.

Double Patenting
7.1.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

7.2. 	Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of US Patent No. 11314889.
Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-20 are anticipated by claims 1-20 of the US Patent No. 11314889.
Claims 1-20 of the US Patent No. 11314889as shown in the table below contains every element of claims 1-20 of the instant application and as such anticipates claims 1-20 of the instant application:
Instant application 
Claims: 1-20
US Patent No. 11314889
Claims: 1-20
1. An apparatus, comprising:
a data module configured to receive user data from a darknet, the user data comprising user credential information that has been misappropriated;

a match module configured to determine whether the user credential information matches a user’s credentials for the user’s one or more online accounts; and




an action module configured to trigger a security action related to the user’s one or more online accounts to make the user’s one or more online accounts more secure in response to determining that the user credential data matches the user’s credentials at the user’s one or more online accounts.
2. The apparatus of claim 1, wherein the security action comprises one or more of: 
logging in to the user’s one or more online accounts and changing the user’s credential information;



initiating a reset of the user’s credential information at third-party service providers for the user’s one or more online accounts;
communicating with the third-party service providers for the user’s one or more online accounts using an out-of-band communication network;
initiating use of two-factor authentication to securely login to the user’s one or more online accounts; and
locking the user’s one or more online accounts.
3. The apparatus of claim 1, wherein the action module is further configured to notify third-party service providers associated with the user’s one or more online accounts that the user’s credential information was misappropriated.
4. The apparatus of claim 1, further comprising a breach module configured to detect a data breach at one or more third-party service providers associated with the user’s one or more online accounts.
5. The apparatus of claim 4, wherein the breach module detects a data breach by:
determining that the user data received from the darknet comprises a plurality of user credential information for a plurality of different users from a third-party service provider; and
determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider.
6. The apparatus of claim 4, wherein the breach module is further configured to determine a type of the data breach based on metadata associated with the received user data.

7. The apparatus of claim 6, wherein the metadata comprises information that indicates that the type of the data breach comprises one or more of a keylogging breach, a rootkit breach, and a botnet breach.
 
8. The apparatus of claim 1, wherein the data module is further configured to emulate a buyer of misappropriated user credential information to receive the user data from the darknet.

9. The apparatus of claim 1, wherein: the match module is further configured to determine whether the user has one or more different online accounts that use the same user credential information to login; and
the action module is further configured to trigger a security action at third- party service providers associated with the user’s one or more different online accounts.
10. The apparatus of claim 1, wherein the data module is further configured to constantly monitor the darknet for user credential information for the user at periodic intervals.
11. The apparatus of claim 1, wherein the action module is further configured to interface with a data aggregation server to trigger the security action associated with the user’s one or more online accounts, the aggregation server communicatively coupled to a plurality of third-party service providers to aggregate data from a plurality of the user’s online accounts at the third-party service providers.
- 12. The apparatus of claim 1, wherein the user’s one or more online accounts comprise one or more of a financial account, a social media account, a photo- sharing account, a video-sharing account, an ecommerce account, and a work account.


13. A method, comprising:

receiving user data from a darknet, the user data comprising user credential information that has been misappropriated;


determining whether the user credential information matches a user’s credentials for the user’s one or more online accounts; and






triggering a security action related to the user’s one or more online accounts to make the user’s one or more online accounts more secure in response to determining that the user credential data matches the user’s credentials at the user’s one or more online accounts.


14. The method of claim 13, wherein the security action comprises one or more of:

logging in to the user’s one or more online accounts and changing the user’s credential information; 




initiating a reset of the user’s credential information at third-party service providers for the user’s one or more online accounts; communicating with the third-party service providers for the user’s one or more online accounts using an out-of-band communication network; initiating use of two-factor authentication to securely login to the user’s one or more online accounts; and 

locking the user’s one or more online accounts.


15. The method of claim 13, further comprising notifying third-party service providers associated with the user’s one or more online accounts that the user’s credential information was misappropriated

16. The method of claim 13, further comprising detecting a data breach at one or more third-party service providers associated with the user’s one or more online accounts by:

determining that the user data received from the darknet comprises a plurality of user credential information for a plurality of different users from a third-party service provider; and

determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider.

17. The method of claim 16, further comprising determining a type of the data breach based on a metadata associated with the received user data, the metadata comprising information that indicates that the type of the data breach comprises one or more of a keylogging breach, a rootkit breach, and a botnet breach.

18. The method of claim 13, further comprising emulating a buyer of misappropriated user credential information to receive the user data from the darknet.

19. The method of claim 13, further comprising: determining whether the user has one or more different online accounts that use the same user credential information to login; and triggering a security action at third-party service providers associated with the user’s one or more different online accounts.

20. An apparatus, comprising: means for receiving user data from a darknet, the user data comprising user credential information that has been misappropriated; means for determining whether the user credential information matches a user’s credentials for the user’s one or more online accounts; and means for triggering a security action related to the user’s one or more online accounts to make the user’s one or more online accounts more secure in response to determining that the user credential data matches the user’s credentials at the user’s one or more online accounts. 
1. An apparatus, comprising:
 a data module configured to receive user data from a darknet by emulating a buyer of user credential information that has been misappropriated, the user data comprising the user credential information that has been misappropriated; 
a match module configured to determine whether the user credential information matches a user's credentials for the user's one or more online accounts; 
a breach module configured to: determine that the user data received from the darknet comprises user credential information for a plurality of different users from a third-party service provider; determine that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider; and an action module configured to trigger a security 
action related to the user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that the user credential data matches the user's credentials at the user's one or more online accounts,
the security action comprising: 

logging in to the user's one or more online accounts using previously-stored electronic credentials for the user's one or more accounts; and changing the user's credential information without user intervention.
2. The apparatus of claim 1, wherein the security action further comprises one or more of:
 initiating a reset of the user's credential information at third-party service providers for the user's one or more online accounts;
 communicating with the third-party service providers for the user's one or more online accounts using an out-of-band communication network; 
initiating use of two-factor authentication to securely login to the user's one or more online accounts; and 
locking the user's one or more online accounts.
3. The apparatus of claim 1, wherein the action module is further configured to notify third-party service providers associated with the user's one or more online accounts that the user's credential information was misappropriated.
4. The apparatus of claim 1, wherein the breach module is configured to detect a data breach at the third-party service provider, the third-party service provider associated with the user's one or more online accounts.

1.  … determine that the user data received from the darknet comprises user credential information for a plurality of different users from a third-party service provider;
determine that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider; …
5. The apparatus of claim 4, wherein the breach module is further configured to determine a type of the data breach based on metadata associated with the received user data.

6. The apparatus of claim 5, wherein the metadata comprises information that indicates that the type of the data breach comprises one or more of a keylogging breach, a rootkit breach, and a botnet breach.

1.  … a data module configured to receive user data from a darknet by emulating a buyer of user credential information that has been misappropriated, the user data comprising the user credential information that has been misappropriated; 
7. The apparatus of claim 1, wherein: the match module is further configured to determine whether the user has one or more different online accounts that use the same user credential information to login; and 
the action module is further configured to trigger a security action at third-party service providers associated with the user's one or more different online accounts.
8. The apparatus of claim 1, wherein the data module is further configured to constantly monitor the darknet for user credential information for the user at periodic intervals.
9. The apparatus of claim 1, wherein the action module is further configured to interface with a data aggregation server to trigger the security action associated with the user's one or more online accounts, the aggregation server communicatively coupled to a plurality of third-party service providers to aggregate data from a plurality of the user's online accounts at the third-party service providers.
10. The apparatus of claim 1, wherein the user's one or more online accounts comprise one or more of a financial account, a social media account, a photo-sharing account, a video-sharing account, an ecommerce account, and a work account.

11. A method, comprising: 
receiving user data from a darknet by emulating a buyer of user credential information that has been misappropriated, the user data comprising the user credential information that has been misappropriated; 
determining whether the user credential information matches a user's credentials for the user's one or more online accounts; determining that the user data received from the darknet comprises user credential information for a plurality of different users from a third-party service provider; determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider; and 
triggering a security action related to the user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that the user credential data matches the user's credentials at the user's one or more online accounts, 

the security action comprising: 
logging in to the user's one or more online accounts using previously-stored electronic credentials for the user's one or more accounts; and changing the user's credential information without user intervention.
12. The method of claim 11, wherein the security action further comprises one or more of: 
initiating a reset of the user's credential information at third-party service providers for the user's one or more online accounts; communicating with the third-party service providers for the user's one or more online accounts using an out-of-band communication network; initiating use of two-factor authentication to securely login to the user's one or more online accounts; and

 locking the user's one or more online accounts.

13. The method of claim 11, further comprising notifying third-party service providers associated with the user's one or more online accounts that the user's credential information was misappropriated.
14. The method of claim 11, further comprising detecting a data breach at the third-party service provider, the third-party service provider associated with the user's one or more online accounts.
1. … determining whether the user credential information matches a user's credentials for the user's one or more online accounts; determining that the user data received from the darknet comprises user credential information for a plurality of different users from a third-party service provider; 
determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider; and 
15. The method of claim 14, further comprising determining a type of the data breach based on a metadata associated with the received user data, the metadata comprising information that indicates that the type of the data breach comprises one or more of a keylogging breach, a rootkit breach, and a botnet breach.

1…. receiving user data from a darknet by emulating a buyer of user credential information that has been misappropriated, the user data comprising the user credential information that has been misappropriated; 
16. The method of claim 11, further comprising: determining whether the user has one or more different online accounts that use the same user credential information to login; and triggering a security action at third-party service providers associated with the user's one or more different online accounts.

17. A computer program product comprising executable program code stored on a non-transitory computer readable storage medium, the program code executable by a processor to perform operations, the operations comprising: receiving user data from a darknet by emulating a buyer of user credential information that has been misappropriated, the user data comprising the user credential information that has been misappropriated; determining whether the user credential information matches a user's credentials for the user's one or more online accounts; determining that the user data received from the darknet comprises user credential information for a plurality of different users from a third-party service provider; determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider; and triggering a security action related to the user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that the user credential data matches the user's credentials at the user's one or more online accounts, the security action comprising: logging in to the user's one or more online accounts using previously-stored electronic credentials for the user's one or more accounts; and changing the user's credential information without user intervention.
.


This is a nonstatutory obviousness-type double patenting rejection.


Claim Rejections - 35 USC § 103
8.1.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


8.2.	Claims 1, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20180027001 to Park et al (“Park”) in view of “Strong Passwords: Practical Issues” by Kato et al., (“Kato”).
 	As per claim 1, Park discloses an apparatus, comprising: a data module configured to receive user data from a darknet, the user data comprising user credential information that has been misappropriated; ([0057]-[0058]) The cyber-security system 201 may initiate a scan for digitally-available information, such as by instructing the cyber-traffic event analysis system 222 to scan for consumer information (addresses, credit card numbers, credentials, social security numbers, etc.) that correspond to the consumer… the cyber-security system 201 may determine if a credit card number previously found on a dark web page and stored in a database of detected credit card numbers matches a credit card number entered by the consumer, also see [0066]);
a match module configured to determine whether the user credential information matches a user’s credentials for the user’s one or more online accounts; ([0058]) cyber-security system 201 may determine if data compiled by the cyber-traffic event analysis system matches data associated with the consumer. For example, the cyber-security system 201 may determine if a credit card number previously found on a dark).
an action module configured to trigger a security action related to the user’s one or more online accounts to changes in response to determining that the user credential data matches the user’s credentials at the user’s one or more online accounts ([0091], These systems would monitor a consumer's accounts to determine whether an account had been breached. If the system determined a breach of an account had occurred, cyber-security system 201 would then analyze the impact of the breach and whether it affects multiple accounts of the consumer. Cyber-security system 201 would then provide the consumer with a notice of the breach as well as the extent of the breach. The consumer may then instruct cyber-security system 201 to close the compromised account. The consumer may then determine which compromised accounts should be closed, also see [0067]-[0068], an action event may be an action taken by the consumer. A consumer may register a new account online, open up a new financial service account, start using a password manager)
	Park does not explicitly disclose however in the same field of endeavor, Kato discloses make the user’s one or more online accounts more secure (page 608, right col).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Park with the teaching of Kato by including the feature of secure creational, in order for Park’s system to analyzing the tendencies in the password protection. We survey 262 students of the University of Aizu. A questionnaire consists of 15 questions about length of a password, strategy to create a new password and etc. We discuss useful techniques to create strong passwords and compare them. Our analysis is based on our data and the state of the art literature review. Our results can be helpful for the users to create a new password and/or change it and make it strong (Kato, Abstract).

Claims 13 and 20, are rejected for similar reasons as stated above.

8.3.	Claims 2-6, 9-12, 14-16, 19, are rejected under 35 U.S.C. 103 as being unpatentable over Park, and Kato as applied to claim above, and in view of US Patent No. 7424473 to Orton, III et al (“Orton, III”).

As per claim 2, the combination of Park, and Kato discloses the invention as described above. Park discloses the apparatus of claim 1, wherein the security action comprises one or more of: initiating a reset of the user’s credential information at third-party service providers for the user’s one or more online accounts;  communicating with the third-party service providers for the user’s one or more online accounts using an out-of-band communication network;  initiating use of two-factor authentication to securely login to the user’s one or more online accounts; and locking the user’s one or more online accounts (Park [0091]).
Park, and Kato do not explicitly disclose however in the same field of endeavor, Orton, III discloses logging in to the user’s one or more online accounts and changing the user’s credential information (38:25-40, Administrator can login as a Subscriber to change pass words etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Park/Kato with the teaching of Orton, III by including the feature of changing credential information, in order for Park’s system to protecting user’s valuable information/assets.

As per claim 3, the combination of Park, Kato and Orton, III discloses the apparatus of claim 1, wherein the action module is further configured to notify third-party service providers associated with the user’s one or more online accounts that the user’s credential information was misappropriated. (Park [0068], cyber-security system 201 may notify a credit card company that a credit card number for the consumer was detected on the dark web. The consumer and/or service provider may then take action to reduce any potential damage resulting from the data breach.).
As per claim 4, the combination of Park, Kato and Orton, III discloses the apparatus of claim 1, further comprising a breach module configured to detect a data breach at one or more third-party service providers associated with the user’s one or more online accounts. (Park [0058], a credit monitoring service may report fraudulent activity on a credit card, which may decrease the digital safety score. In another example, a consumer identify protection service may provide information on whether any breaches have been detected by their service).
As per claim 5, the combination of Park, Kato and Orton, III discloses the apparatus of claim 4, wherein the breach module detects a data breach by: determining that the user data received from the darknet comprises a plurality of user credential information for a plurality of different users from a third-party service provider (Park [0046], also see [0044]), and 
determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider. (Park [0050], criteria, also see [0052]).

As per claim 6, the combination of Park, Kato and Orton, III discloses the apparatus of claim 4, wherein the breach module is further configured to determine a type of the data breach based on metadata associated with the received user data. (Park [0091], Cyber-security system 201 would then provide the consumer with a notice of the breach, the extent of the breach).

As per claim 9, the combination of Park, Kato and Orton, III discloses the apparatus of claim 1, wherein: the match module is further configured to determine whether the user has one or more different online accounts that use the same user credential information to login; (Park, [0028], [0050], password/id, determined - match/compare); and
the action module is further configured to trigger a security action at third- party service providers associated with the user’s one or more different online accounts. (Park [0068], cyber-security system 201 may notify a credit card company that a credit card number for the consumer was detected on the dark web. The consumer and/or service provider may then take action to reduce any potential damage resulting from the data breach.
As per claim 10, the combination of Park, Kato and Orton, III discloses the apparatus of claim 1, wherein the data module is further configured to constantly monitor the darknet for user credential information for the user at periodic intervals. (Park [0071], monitoring, also see [0035]).
As per claim 11, the combination of Park, Kato and Orton, III discloses the apparatus of claim 1, wherein the action module is further configured to interface with a data aggregation server to trigger the security action associated with the user’s one or more online accounts, the aggregation server communicatively coupled to a plurality of third-party service providers to aggregate data from a plurality of the user’s online accounts at the third-party service providers. (Park [0025]-[0026], collected conumers data- profiles, also see [0045]).
As per claim 12, the combination of Park, Kato and Orton, III discloses the apparatus of claim 1, wherein the user’s one or more online accounts comprise one or more of a financial account, a social media account, a photo- sharing account, a video-sharing account, an ecommerce account, and a work account. (Park, [0031], also see [0038]).
Claims 14-16, 19, are rejected for similar reasons as stated above.

8.4.	Claims 7, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Park, Kato and Orton, III as applied to claim above, and in view of US Patent Application No. 20150347965 to Wardman et al (“Wardman”).

As per claim 7, the combination of Park, Kato and Orton, III discloses the invention as described above. Park, Kato and Orton, III do not explicitly disclose however in the same field of endeavor, Wardman discloses wherein the metadata comprises information that indicates that the type of the data breach comprises one or more of a keylogging breach, a rootkit breach, and a botnet breach. ([0045]-[0046]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Park with the teaching of Wardman by including the feature of data breach, in order for Park’s system to impose restrictions on the compromised card account at the merchant or at the payment service provider to prevent loss. the card issuing banks may send a responding ISO8583 transaction message back to the merchant or the payment service provider to confirm that the information reporting the compromised card account is received. The card issuing banks may begin to take appropriate actions to prevent loss, such as restricting further use of the compromised card account and/or notify users of the compromised card account. The merchant or payment provider server also may take appropriate actions based on the responses received from the card issuing banks. For example, if the merchant or the payment provider server receives confirmation from the card issuing bank indicating that the information reporting the compromised card account has been received, the merchant or the payment provider server may remove usage restrictions on the compromised card account, because the merchant or the payment provider server has passed the liability to the card issuing bank by notifying the card issuing bank. On the other hand, if the merchant or the payment provider server does not receive confirmation from the card issuing bank indicating that the information reporting the compromised card account has been received, the merchant or the payment provider server may continue to impose restrictions on the compromised card account at the merchant or at the payment service provider. (Wardman, [0013]),

Claim 17, is rejected for similar reasons as stated above.

	
8.5.	Claims 8, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Park, Kato and Orton, III as applied to claim above, and in view of US Patent Application No. 20160134653 to Vallone et al (“Vallone”).

	As per claim 8, the combination of Park, Kato and Orton, III discloses the invention as described above. Park, Kato and Orton, III do not explicitly disclose however in the same field of endeavor, Vallone discloses the apparatus of claim 1, wherein the data module is further configured to emulate a buyer of misappropriated user credential information to receive the user data from the darknet. ([0040], also see fig. 5 and associated texts).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Park with the teaching of Kato by including the feature of emulation, in order for Park’s system for assessing a target network's vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether any modifications to the same or a new synthesized test is preferred. The technology includes self-healing processes that, using the feedback mechanisms, can attempt to find patches for known vulnerabilities, test for unknown vulnerabilities, and configure the target network's resources in accordance with predefined service-level agreements.

Claim 18, is rejected for similar reasons as stated above.

9. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure
 a). US Patent Application No. 20160044011 to Gordon et al discloses [0035] Signals can be initiated by an end user 111 or an administrator 105. The signals can be manually triggered (e.g. when an administrator logs in to a console and enters the username of a compromised account) and/or built into existing workflows (e.g. the user changes password, which causes their associated sessions to be revoked across relying parties and devices). The signals can also be automatically generated upon detecting unusual account activity (e.g. the same account has a sign in from the U.S. and China within a short timespan). These different signaling methods allow relying parties 123 to keep long session artifacts (e.g. two days or more) and use signaling to immediately lock out users if an account compromise has been detected/reported. 
Conclusion
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497