DETAILED ACTION
Remarks and amendments submitted by the Applicant by October 16, 2020, for the above-identified application, are herein being considered and examined by the Examiner.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
No claim for priority has been made to date.
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on August 18, 2021, complies with the provisions of 37 CFR 1.97, and has been considered by the examiner.
Drawings
No concerns have been noted with respect to the drawings.
Specification
No concerns have been noted with respect to the specification.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claim(s) 1, 10 and 19: rejected under 35 U.S.C. 102(a)(2) as being anticipated by Santana et al. (US20210377307A1), hereinafter, “Santana”.

Per claim 1, Santana discloses:
A system for generating responsive actions based on unauthorized access events associated with imitation networks (Santana FIGS. 1, 3-4), the system comprising:
at least one non-transitory storage device (Santana FIG. 4, “Main Memory 408”, “Secondary Memory 410”); and
at least one processing device (Santana FIG. 4, “Processor 404”) coupled to the at least one non-transitory storage device, wherein the at least one processing device is configured to:
electronically retrieve information associated with one or more unauthorized access attempts (Santana para. [0051], “…Any input from the attacker session may be recorded via proxy 132, for example. Recorded input log 134 may be any data store, structured or unstructured, that may be used to capture and store live attacker inputs to feed back to a future RL training session, in some embodiments, in order to improve performance in a subsequent version of the model 176 as retrained, and/or record as part of successful attack episodes 174 for later reference, according to some embodiments…”; Santana FIG. 3, operations 302-304) associated with an imitation dataset (Santana FIG. 1, “Fake Database 154”; Santana para. [0054], “…storage available to production application clone 148 may be a fake database 154, which may include simulated data in lieu of production data …”) stored in one or more data repositories (Santana FIG. 1, “Fake Database 154”), wherein the information associated with the one or more unauthorized access attempts comprises at least one or more types of unauthorized access attempts (Santana, para. [0077], “…Example types of unauthorized access attempts (intrusion attempts or attacks) may include, without limitation, brute-force attacks, buffer-overflow attacks, SQL injection, code injection, XSRF, XSS, directory traversal, or the like…”; Santana para. [0054], “…Fake database 154 may further include canary values, canarytokens, or other similar values that may further be used to identify attacker 166 in different contexts or environments…”);
generate one or more penetration test scenarios based on at least the one or more types of unauthorized access attempts associated with the imitation dataset (Santana, para. [0084], “…the reinforcement-learning model may be trained based at least in part on inputs received from an attacker, test inputs from an authorized penetration tester, a plurality of known malicious inputs from a given dataset, or a combination thereof.…”; Santana para. [0067], “…A reinforcement-learning environment 170 may react or interact in real time under a real or simulated attack or penetration test…”);
initiate the one or more penetration test scenarios (Santana, para. [0012], “…Unauthorized access attempts may be simulated via automated or manual penetration testing, even if this type of test is performed with consent or authorization secured from …”; Santana para. [0045], “…Pentester 104 may use browser 106 and/or any pentest tools 108 (which may be identical to any hacking tools 168) to conduct penetration testing on the test application 120 in the penetration testing environment 110 (also known as a security testing environment)…”) on one or more real datasets stored in one or more data repositories within a network environment (Santana, para. [0049], “…in some use cases, attacker 164 may be a hired security researcher tasked with penetration testing from the outside, more with a focus to test deception technology 130 in production environment 128…”; FIG. 1’s production environment 128 contains production database 146 which is a “real dataset”);
determine one or more automated network security responses to the one or more penetration test scenarios (Santana, para. [0050], “…proxy 132 may use additional logic, in some embodiments, to distinguish malicious traffic from legitimate traffic and to identify attacker 164, thereby routing legitimate traffic to production application 140 and routing malicious traffic to production application clone 148, at least for at least one identified attacker 164. …”);
determine that the one or more automated network security responses have not successfully blocked and/or reported each of the one or more unauthorized access attempts (Santana para. [0051], “…Recorded input log 134 may be …used to capture and store live attacker inputs to feed back to a future RL training session, …and/or record as part of successful attack episodes 174 for later reference…”; Santana, para. [0060], “…State may be represented as …some or all data already disclosed to the attacker (e.g., request/response log)…”; the situation of “successful attack episodes” and “some or all data already disclosed to the attacker” are a “determination” that network security responses have not successfully blocked at least one unauthorized access attempt);
determine the one or more unauthorized access attempts that were not successfully blocked and/or reported (Santana, para. [0016], “…Training data to protect against insiders (and against lost credentials) may be gained by recording penetration testing (or actual attacks) on authenticated sessions. …”; Santana, para. [0051], “…Recorded input log 134 may be …used to capture and store live attacker inputs to feed back to a future RL training session, …and/or record as part of successful attack episodes 174 for later reference……”; recording of a “request/response log” and “live attacker inputs” is being used to determine an unauthorized access attempt that was not successfully blocked and/or reported);
determine one or more actions to be executed in response to the one or more unauthorized access attempts that were not successfully blocked and/or reported (Santana, para. [0051], “…transactions with production environment 128 may be mediated by proxy 132,  …proxy 132 may use additional logic, in some embodiments, …to identify attacker 164, thereby …routing malicious traffic to production application clone 148, at least for at least one identified attacker 164.…”; Santana para. [0051], “…Recorded input log 134 may be …used to capture and store live attacker inputs to feed back to a future RL training session, in some embodiments, in order to improve performance in a subsequent version of the model 176 as retrained …”); and
update the one or more network security features with the one or more actions (Santana para. [0051], “…Recorded input log 134 may be …used to capture and store live attacker inputs to feed back to a future RL training session, in some embodiments, in order to improve performance in a subsequent version of the model 176 [sic, 178] as retrained …”; the retrained model 178 trained within Santana’s FIG. 1 Reinforcement Learning Environment 170, is subsequently used by the Proxy 132 within Santana’s FIG. 1 Production Environment 128 and would include updated network security features; Santana, para. [0025], “…In some embodiments of the enhanced techniques described herein, deceptive technology may be applied in phases, such as a phase of data collection from penetration-testing sessions (e.g., by a human expert), a phase of reinforcement-learning training 176 defensive agents (or offensive software agents, for other use cases), and a phase of deploying the agents at runtime.”).

Per claim 10: the computer program product  claim 10 recites features/limitations corresponding to the ones of the system claim 1.  Therefore, claim 10 is rejected with the same rationale and motivation set forth above for claim 1.

Per claim 19: the method claim 19 recites features/limitations corresponding to the ones of the system claim 1.  Therefore, claim 19 is rejected with the same rationale and motivation set forth above for claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 2-6, 11-15 and 20: rejected under 35 U.S.C. 103 as being unpatentable over Santana et al. (US20210377307A1), hereinafter, “Santana”, in view of Herbert et al. (US20210075790A1), hereinafter, “Herbert ‘790”.

Per claim 2, the rejection of parent claim 1 (from which this claim depends) is incorporated by reference.  In addition, Santana does not specifically/explicitly disclose, but Herbert ‘790 teaches determining one or more actions to be executed in response to an unblocked and/or unreported unauthorized access attempt, where the action will successfully block and report the unauthorized access attempts.  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Santana’s system to include Herbert ‘790’s blocking/reporting action to result in an arrangement:
wherein the at least one processing device is further configured to: 
determine the one or more actions to be executed in response to the one or more unauthorized access attempts that were not successfully blocked and/or reported (Herbert ‘790, para. [0012], “…The server assigns a unique fingerprinting cookie to each user when no fingerprinting cookie is detected in the request from the user. In the example where the request to obtain the administration console is deemed to be malicious, then the fingerprinting cookie assigned to the user is recorded as malicious…”), wherein the execution of the one or more actions will successfully block and report the one or more unauthorized access attempts that were not successfully blocked and/or reported (Herbert ‘790, para. [0012], “…Thereafter, subsequent requests from the user would have the same fingerprinting cookie and thus would be identified as malicious immediately regardless of the nature of the requests. In such a way, if the same user later sends a login request, the server would deem the request malicious (even though a login request is usually considered a legitimate activity), thereby protecting the system and legitimate user information. …”).

Motivation for modifying would have been Santana’s explicit teaching (Santana para. [0026]) that “…positively identifying attackers may be achieved with help of fingerprinting, such as that of U.S. patent application Ser. No. 16/549,087, the entirety of which is incorporated by reference herein. …”.  U.S. patent application Ser. No. 16/549,087 is the originally-filed application for the Herbert ‘790 publication.

Per claim 11, the rejection of parent claim 10 is incorporated by reference.  In addition, the computer program product claim 11 recites features/limitations corresponding to the ones of the system claim 2.  Therefore, claim 11 is rejected with the same rationale and motivation set forth above for system claim 2.

Per claim 20, the rejection of parent claim 19 is incorporated by reference.  In addition, the method claim 20 recites features/limitations corresponding to the ones of the system claim 2.  Therefore, claim 20 is rejected with the same rationale and motivation set forth above for system claim 2.

Per claim 3, the rejection of parent claim 1 (from which this claim depends) is incorporated by reference.  Santana further teaches known arrangements to generate and display reports, such as regarding a success of automated network security responses.  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, for Santana’s system to maintain its report generating/displaying arrangements to result in an arrangement:
wherein the at least one processing device is further configured to:  
determine that the one or more automated network security responses successfully blocked and reported each of the one or more unauthorized access attempts (Santana, para. [0025], “…such an environment may allow different policies to be defined and tested by a data scientist or researcher actor, e.g., observer 102 shown in FIG. 1…”; the operation of testing is being interpreted as including a report being output indicative of a success or non-success of the testing);
generate a dashboard report indicating the one or more penetration test scenarios initiated on the one or more real datasets stored in the one or more data repositories and the one or more automated network security responses to each of the one or more penetration test scenarios (Santana, para. [0069], “…Penetration-testing reports may indicate whether any vulnerable parameters were discovered, which may lead to later use of the same parameters to determine successful attack episodes 174 during RL training 176 phase(s). Any requests, parameters, state representations, etc., corresponding to attack episodes 174, may be stored and handled for processing by tools and/or frameworks that may be configured to assist with RL training 176 …”); and
transmit control signals configured to cause a computing device of a user to display the dashboard report (Santana, para. [0094], “…Computer system 400 may also include user input/output device(s) 403, such as monitors, keyboards, pointing devices, etc., which may communicate with communication infrastructure 406 through user input/output interface(s) 402…”; Santana FIG. 1 shows a  “Penitester 104” personnel who is interfacing with a user input/output device (UI 124; e.g., monitor) within a Penetration-Testing Environment 110, where Penitester 104 would view the penetration-testing reports on the UI 124 (e.g., monitor)).
Motivation would have been to provide the Penitester 104 with a common display/report interface to facilitate the Penitester 104 performing testing while obtaining feedback from the testing.  

Per claim 12, the rejection of parent claim 10 is incorporated by reference.  In addition, the computer program product claim 12 recites features/limitations corresponding to the ones of the system claim 3.  Therefore, claim 12 is rejected with the same rationale and motivation set forth above for system claim 3.

Per claim 4, the rejection of parent claim 3 (from which this claim depends) is incorporated by reference.  Santana further teaches providing/utilizing a “honeypot” as a clone of a production application (e.g., real database), but which includes false data entries which are made accessible to an attacker upon detection of an unauthorized access request.  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, for Santana’s system to maintain its honeypot and rerouting arrangements to provide an arrangement:
 wherein the at least one processing device is further configured to: 
determine one or more network security features associated with a network environment (Santana, para. [0015], “…An example approach may include routing or re-routing an attacker session away from a production system and toward a clone of the production application, e.g., on a high-interaction honeypot, which may include a clone of a production application, but with fake database instead of the production database…”), wherein the one or more network security features are configured to protect one or more datasets stored in one or more data repositories from one or more unauthorized access attempts (Santana, para. [0015], “…routing or re-routing an attacker session away from a production system and toward a clone of the production application, e.g., on a high-interaction honeypot, which may include a clone of a production application, but with fake database instead of the production database …”);
store the imitation dataset in the one or more data repositories within the network environment (Santana, FIG. 1, “Fake Database 154”); and
remove at least one of the one or more network security features from protecting the imitation dataset within the network environment (Santana, para. [0025], “…routing or re-routing an attacker session away from a production system and toward a clone of the production application, e.g., on a high-interaction honeypot …”; Santana, para. [0057], “…The environment may be used to generate a representation for a vulnerable web application, for example, to be attacked or defended…”).
Motivation would have been (Santana para. [0017]) for “…encouraging attackers to spend more of their resources pursuing harmless attacks on decoys, and thereby diverting other attacks that may otherwise have been harmful.”

Per claim 13, the rejection of parent claim 12 is incorporated by reference.  In addition, the computer program product claim 13 recites features/limitations corresponding to the ones of the system claim 4.  Therefore, claim 13 is rejected with the same rationale and motivation set forth above for system claim 4.

Per claim 5, the rejection of parent claim 4 (from which this claim depends) is incorporated by reference.  Santana further teaches providing/utilizing a recording operation to continuously monitor inputs of an attack.  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, for Santana’s system to maintain its recording arrangement to provide an arrangement:
wherein the at least one processing device is further configured to: 
continuously monitor the one or more unauthorized access attempts associated with the imitation dataset (Santana, para. [0050], “…proxy 132 may use additional logic, in some embodiments, to distinguish malicious traffic from legitimate traffic and to identify attacker 164, thereby routing legitimate traffic to production application 140 and routing malicious traffic to production application clone 148, at least for at least one identified attacker 164. …”; Santana, para. [0051], “…Any input from the attacker session may be recorded via proxy 132, for example. Recorded input log 134 may be any data store, structured or unstructured, that may be used to capture and store live attacker inputs to feed back to a future RL training session, in some embodiments, in order to improve performance in a subsequent version of the model 176 as retrained, and/or record as part of successful attack episodes 174 for later reference, according to some embodiments. …”; recording of “any input from the attacker session” is being interpreted as the claimed “continuously monitoring …the access attempt associated with the imitation dataset”)); and
determine one or more types of unauthorized access attempts based on at least monitoring the one or more unauthorized access attempts associated with the imitation dataset (Santana, para. [0027]-[0032], “…The list below enumerates several non-exhaustive, non-limiting examples of specific attack patterns against which applications may self-defend using assistance from deceptive technology per the enhanced techniques described herein. Patterns of self-defense and deception may vary depending on the type or types of the given attack(s), or a given combination of attacks. Cross-Site Request Forgery (XSRF) …Login Brute-Force Attacks …SQL Injection …Cross-Site Scripting (XSS)”; varying self-defense and deception “depending on the type or types of the given attach(s)” is being interpreted as being indicative that a type of attack is determined, i.e., to decide on a variation); 

Per claim 14, the rejection of parent claim 13 is incorporated by reference.  In addition, the computer program product claim 14 recites features/limitations corresponding to the ones of the system claim 5.  Therefore, claim 14 is rejected with the same rationale and motivation set forth above for system claim 5.

Per claim 6, the rejection of parent claim 5 (from which this claim depends) is incorporated by reference.  Santana further teaches actions which are to be taken responsive to differing types of attacks.  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, for Santana’s system to maintain type-of-attack-action arrangements to provide an arrangement:
wherein the at least one processing device is further configured to: 
determine one or more actions executed on the imitation dataset during the one or more unauthorized access attempts (Santana, para. [0027]-[0030], “…The list below enumerates several non-exhaustive, non-limiting examples of specific attack patterns against which applications may self-defend using assistance from deceptive technology per the enhanced techniques described herein. Patterns of self-defense and deception may vary depending on the type or types of the given attack(s), or a given combination of attacks. …SQL Injection …[0030] A web-application defense agent may learn, using a reward function in real time or from recorded logs, that an HTTP response containing a database parse error following a request containing SQL-injection input may tend to be followed by subsequent requests of the same type. Thus, reproducing this pattern of responses may be expected to drive the attacker to explore more options for SQL-injection inputs on for the same input parameter, in some situations.”).


Per claim 15, the rejection of parent claim 14 is incorporated by reference.  In addition, the computer program product claim 15 recites features/limitations corresponding to the ones of the system claim 6.  Therefore, claim 15 is rejected with the same rationale and motivation set forth above for system claim 6.

Claim(s) 7-9 and 16-18: rejected under 35 U.S.C. 103 as being unpatentable over Santana et al. (US20210377307A1), hereinafter, “Santana”, in view of Herbert et al. (US20210075790A1), hereinafter, “Herbert”, further in view of Veeramachaneni et al. (US20180165475A1 hereinafter, “Veeramachaneni”.
Per claim 7, the rejection of parent claim 6 (from which this claim depends) is incorporated by reference.  In addition, the Santana/Herbert ‘790 combination does not disclose, but Veeramachaneni teaches:
wherein the at least one processing device (Veeramachaneni, para. [0009], “…at least one first processor of the computer or another processor of another computer synthesizes anonymized data…”) is further configured to: 
electronically receive, from the computing device of the user, a real dataset (Veeramachaneni, claim 1, “…a relational database stored in the computer memory, the method comprising: A) transforming the relational database to provide a restructured relational database …via at least one first processor of the computer…”; the processor getting the relational database from computer memory and transforming it, is being interpreted as the processor electronically “receiving” the database from memory of the computing device of the user);
initiate one or more machine learning algorithms on the real dataset (Veeramachaneni para. [0008], “…a methodology referred to herein as “Synthetic Data Vault” (SDV), builds a generative model of a relational database and samples from the model to create synthetic data. In one aspect, the SDV computes various statistics at the intersection of related database tables and models the data using a multivariate modeling approach. …”; Veeramachaneni FIG. 2, Step 206; Veeramachaneni para. [0072], “…The user then invokes the SDV's script to learn the generative model. The SDV iterates through tables sequentially, using a modeling algorithm designed to account for the relations between the tables.  …”; Veeramachaneni, claim 1, “…transforming the relational database to provide a restructured relational database and generate, via at least one first processor of the computer, a statistical model of the restructured relational database…”)
determine, using the one or more machine learning algorithms, one or more data distribution parameters associated with the real dataset (Veeramachaneni, claim 1, “…generate …a statistical model of the restructured relational database …”; Veeramachaneni para. [0106], “…Note that parameters represent different statistics for each distribution. For this reason, the SDV also keeps track of the type of distribution that was used to model each column. This lets the SDV know how to interpret the parameters at a later stage…”; example Veeramachaneni distribution parameters include: (Veermachaneni para. [0132] and [0165]) “…females…”; (Veermachaneni para. [0132] and [0165]) “…weight…”; (Veermachaneni para. [0165]) “…males…”    )  
electronically receive, from the computing device of the user, a first shift parameter (Veeramachaneni, para. [0057], “…The SDV can expose a simple API that allows users to specify an input and then perform synthesis to their specification. It can synthesize data for individual cells, columns, tables, or the entire database…”; Veeramachaneni para. [0133], “…it is important to model missing values overall. Furthermore, one of the goals of the systems and methods disclosed herein is to model and synthesize data that mimics the format of the original. If the original data has some missing values, these missing values should be synthesized too. Modeling the null values solves this problem.  …”; Veeramachaneni, para. [0202], “…, if user is synthesizing data for internally testing an application, they may realize that the application needs a balance of values. As a result, the user may decide to synthesize rows for under represented female customers only…”; with respect to the user decision to synthesize “female” parameter rows, the “female” parameter represents the “first shift parameter”, i.e., the number of females listed within the database rows for the “female” parameter has been decided to be “shifted” (increased)); 
skew the one or more data distribution parameters using the first shift parameter to generate one or more skewed data distribution parameters (Veeramachaneni para. [0214], “…The overall SDV is able to perform many types of synthesis and inference based on a combination of all the algorithms presented in this section. Given any set of parent or children rows and columns, the SDV can ultimately synthesize the missing values and return them to the user in the same format as the original table. …”; Veeramachaneni para. [0216], “…When the SDV is ready for the synthesis stage, it provides the user with a database object, from which the user can access individual tables with database.get_table(name). The table object is used for the synthesis. In this disclosure, the model-based and knowledge-based synthesis have been packed in two synthesis endpoints. The first is table.synth_row, that allows the user to synthesize a full row based on the table or its parent rows, while also performing updates based on observed values. …”; See Veeramachaneni para. [0223], Table 4’s Command, “customer.synth_row(gender=F)   Synthesize a female customer”; of relevance, Applicant’s original specification para. [0054] indicates that “…skewness may be a measure of how much the dataset deviates from the real dataset. …”; Hence, synthesizing (i.e., adding) even a single “female” row will “skew the one or more data distribution parameters” as claimed); and
generate, using the one or more machine learning algorithms, the imitation dataset using the one or more skewed data distribution parameters (Veeramachaneni para. [0214], “…Given any set of parent or children rows and columns, the SDV can ultimately synthesize the missing values and return them to the user in the same format as the original table. …”; Veeramachaneni, para. [0202], “…, if user is synthesizing data for internally testing an application, they may realize that the application needs a balance of values. As a result, the user may decide to synthesize rows for under represented female customers only…”; Weeramachaneni para. [0129]-[0131], “…Missing values in a column cannot simply be ignored because the reasons for which they are missing may reveal some extra information about the data. As an example, consider a table representing people with a column called weight, which is missing for some rows. The reasons for missing data can fall into one of three categories: …[0131] 2). Missing at random: The fact that the item is missing is linked with some other piece of data in that row. For example, perhaps a majority of females did not disclose their weight. So knowing that a person is female makes it more likely that the weight column will be missing.  …”; Veeramachaneni para. [0216], “…When the SDV is ready for the synthesis stage, it provides the user with a database object, from which the user can access individual tables with database.get_table(name). The table object is used for the synthesis. In this disclosure, the model-based and knowledge-based synthesis have been packed in two synthesis endpoints. …The second is table.synth_children, that allows the user to generate all children based on a parent table. This method is a convenient packaging of the MakeRowFromParent algorithm that allows the user to easily synthesize full tables and databases…”; Synthesizing “weight” children rows from synthesized “female” parent rows of the “skewed female parameter” to complete a database, would teach the claimed arrangement to “generate …the imitation dataset using the one or more skewed data distribution parameters).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the Santana/Herbert ‘790 combination to include Veeramachaneni’s arrangement to facilitate user-skewing of data distribution parameters, to generate an imitation dataset according to a user’s specifications.  Motivation for modifying would have been that Veeramachaneni’s arrangement facilitates (Veeramachaneni para. [0007]) generation of synthetic data based on the statistical model of the transformed database, such that the synthetic data maintains sufficiently similar or the same mathematical properties and relations as the original data stored in the database, while the ability for a user to shift distribution parameters increases a versatility, attractiveness and broadened adoption of the Santana/Herbert ‘790/Veeramachaneni combination within the database synthesizing field.

Per claim 16, the rejection of parent claim 15 is incorporated by reference.  In addition, the computer program product claim 16 recites features/limitations corresponding to the ones of the system claim 7.  Therefore, claim 16 is rejected with the same rationale and motivation set forth above for system claim 7.

Per claim 8, the rejection of parent claim 7 (from which this claim depends) is incorporated by reference.  In addition, the Santana/Herbert ‘790 combination does not disclose, but Veeramachaneni teaches:
wherein the at least one processing device is further configured to: 
electronically receive, from the computing device of the user, one or more conditional parameters (Veeramachaneni, para. [0199], rows 5-6 of Algorithm 5 table, “…MAKECHILDRENROWS ( row ) …until reached user - defined threshold …”; the “user-defined threshold” (e.g., user-defined number of female customer rows) is being interpreted as the claimed “one or more conditional parameters”, i.e., the algorithm will keep operating until the condition of the defined number of female customer rows is met);
determine that the imitation dataset meets one or more requirements associated with the conditional parameters (Veeramachaneni, para. [0199], rows 5-6 of Algorithm 5 table, “…MAKECHILDRENROWS ( row ) …until reached user - defined threshold …”; an instance where the number of children (e.g., female-customer) rows matches the “user-defined threshold” is being interpreted as an instance where the “imitation dataset meets one or more requirements associated with the conditional parameters”); and
finalize the imitation dataset based on at least determining that the imitation dataset meets the one or more requirements associated with the conditional parameters (concerning rows 8-13 following the above-discussed rows 5-6 of Veeramachaneni’s Algorithm 5 table, Veeramachaneni, para. [0199], teaches “…recursion to synthesize the children of those children until the entire database is synthesized …”; the entire database being “synthesized” is being interpreted as the claimed “finalize the imitation dataset”).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the Santana/Herbert ‘790 combination to include Veeramachaneni’s arrangement to facilitate fulfillment of user-defined conditional parameters, to generate an imitation dataset according to a user’s specifications.  Motivation for modifying would have been that Veeramachaneni’s arrangement facilitates (Veeramachaneni para. [0007]) generation of synthetic data based on the statistical model of the transformed database, such that the synthetic data maintains sufficiently similar or the same mathematical properties and relations as the original data stored in the database, while the ability for a user to effect conditional parameters increases a versatility, attractiveness and broadened adoption of the Santana/Herbert ‘790/Veeramachaneni combination within the database synthesizing field.

Per claim 17, the rejection of parent claim 16 is incorporated by reference.  In addition, the computer program product claim 17 recites features/limitations corresponding to the ones of the system claim 8.  Therefore, claim 17 is rejected with the same rationale and motivation set forth above for system claim 8.

Per claim 9, the rejection of parent claim 8 (from which this claim depends) is incorporated by reference.  In addition, the Santana/Herbert ‘790 combination does not disclose, but Veeramachaneni teaches:
wherein the at least one processing device is further configured to: 
determine that the imitation dataset does not meet the one or more requirements associated with the conditional parameters (Veeramachaneni, para. [0199], rows 3-6 of Algorithm 5 table, “…repeat …MAKECHILDRENROWS ( row ) …until reached user - defined threshold …”; an instance where the number of children (e.g., female-customer) rows does not yet match the “user-defined threshold” (and thus “repeats” the rows 3-6 loop) is being interpreted as an instance where the “imitation dataset does not meet one or more requirements associated with the conditional parameters”);
initiate an iterative optimization algorithm on the one or more skewed data distribution parameters (each instance where the number of children (e.g., female-customer) rows of the Veeramachaneni para. [0199] rows 3-6 Algorithm 5 does not yet result in a match the “user-defined threshold”, initiates another iteration of the rows 3-6 loop of Veeramachaneni’s Algorithm 5; such is being interpreted as to “initiate an iterative optimization algorithm”; Veeramachaneni’s Algorithm 5 is being interpreted as an algorithm to “optimize” to the “user-defined threshold”), wherein initiating further comprises:
updating, using the iterative optimization algorithm, the one or more skewed data distribution parameters (each iteration of the rows 3-6 loop of Veeramachaneni’s Algorithm 5 which makes (i.e., adds) a children row, increments the number of children (e.g., female-customer) rows of Veeramachaneni’s synthesized database and thus would skew data distribution parameters away from the original data distribution parameters (e.g., original number of rows of female-customers), and such incrementing is being interpreted as “updating the one or more skewed data distribution parameters”);
generating an updated imitation dataset based on at least the one or more updated skewed data distribution parameters (each iteration of the rows 3-6 loop of Veeramachaneni’s Algorithm 5 which makes (i.e., adds) a children row, increments the number of children (e.g., female-customer) rows of Veeramachaneni’s synthesized database, and such making (or adding) rows is being interpreted as “generating an updated imitation dataset”); and
determining whether the updated imitation dataset meets the one or more requirements associated with the conditional parameters (Veeramachaneni, para. [0199], rows 5-6 of Algorithm 5 table, “…MAKECHILDRENROWS ( row ) …until reached user - defined threshold …”; an instance where the number of children (e.g., female-customer) rows matches the “user-defined threshold” is being interpreted as an instance where the “imitation dataset meets one or more requirements associated with the conditional parameters”); and
finalize the imitation dataset based on at least determining that the updated imitation dataset meets the one or more requirements associated with the conditional parameters (concerning rows 8-13 following the above-discussed rows 5-6 of Veeramachaneni’s Algorithm 5 table, Veeramachaneni, para. [0199], teaches “…recursion to synthesize the children of those children until the entire database is synthesized …”; completing rows 3-6 loop of Veeramachaneni’s Algorithm 5 (and transitioning to rows 8-13) is being interpreted as a “determining that the updated imitation dataset meets the one or more requirements associated with the conditional parameters” (e.g., determining that the number of children (e.g., female-customer) rows matches the “user-defined threshold”), and progressing to rows 8-13 following rows 5-6 of Veeramachaneni’s Algorithm 5 table is being interpreted as an operation to “finalize the imitation dataset”).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the Santana/Herbert ‘790 combination to include Veeramachaneni’s arrangement to facilitate monitoring of fulfillment of user-defined conditional parameters, to generate an imitation dataset according to a user’s specifications.  Motivation for modifying would have been that Veeramachaneni’s arrangement facilitates (Veeramachaneni para. [0007]) generation of synthetic data based on the statistical model of the transformed database, such that the synthetic data maintains sufficiently similar or the same mathematical properties and relations as the original data stored in the database, while the ability for a user to effect conditional parameters increases a versatility, attractiveness and broadened adoption of the Santana/Herbert ‘790/Veeramachaneni combination within the database synthesizing field.

Per claim 18, the rejection of parent claim 17 is incorporated by reference.  In addition, the computer program product claim 18 recites features/limitations corresponding to the ones of the system claim 9.  Therefore, claim 18 is rejected with the same rationale and motivation set forth above for system claim 9.

Conclusion
The prior art made of record and listed on the attached Form PTO-892 not relied upon is considered pertinent to applicant's disclosure.  For example, some Form PTO-892-listed references include:
Shivanna et al. (US20210243216A1) teaches penetration tests for a system under test (SUT), and analyzes information traffic to identify a potential attack point in the SUT and a technology used by the SUT, and determines a collection of penetration tests for testing a stack comprising a plurality of layers associated with the SUT based on the identified potential attack point and the identified technology.
Shivanna et al. (US20210400076A1) teaches implementing an adaptive machine learning platform for security penetration and risk assessment, which: receives publicly-available information associated with a client computer system; processes the information to identify an input feature; implements a machine learning model to identify the corresponding risk associated with the input feature; recommends a penetration test for discovered weaknesses associated with the input feature; and helps make changes to the client computer system to improve security and reduce risk overall.
Russ et al. (US20080256638A1) teaches providing network penetration testing from an end-user computer, including: determining at least one of a version of a Web browser of a target computer; determining contact information associated with an end-user that uses the target computer, and applications running on the target computer, determining exploits that are associated with the running applications and that can be used to compromise the target computer; and, launching the exploits to compromise the target computer.
Wittenbach et al. (US20220067737A1) teaches that machine learning (ML) is the scientific study of algorithms and statistical models that computer systems use to perform a specific task without using explicit instructions, relying on patterns and inference instead.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul J Skwierawski whose telephone number is (571)272-2642. The examiner can normally be reached 7:30am-4:00pm weekdays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisory primary examiner (SPE) Yin-Chen Shaw can be reached on (571)272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional 
questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Paul Skwierawski/
Patent Examiner, Art Unit 2498


/Jeremy S Duffield/Primary Examiner, Art Unit 2498