Office Action Predictor
Last updated: April 15, 2026
Application No. 18/174,417

SECURITY SYSTEM FOR DIRECTING 5G NETWORK TRAFFIC

Non-Final OA §103
Filed
Feb 24, 2023
Examiner
HERZOG, MADHURI R
Art Unit
2438
Tech Center
2400 — Computer Networks
Assignee
T-Mobile Usa, INC.
OA Round
5 (Non-Final)
78%
Grant Probability
Favorable
5-6
OA Rounds
2y 11m
To Grant
90%
With Interview

Examiner Intelligence

Grants 78% — above average
78%
Career Allow Rate
516 granted / 662 resolved
+19.9% vs TC avg
Moderate +12% lift
Without
With
+11.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
35 currently pending
Career history
697
Total Applications
across all art units

Statute-Specific Performance

§101
12.4%
-27.6% vs TC avg
§103
45.7%
+5.7% vs TC avg
§102
13.0%
-27.0% vs TC avg
§112
17.0%
-23.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 662 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 have been examined. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 05/19/2025 has been entered. Information Disclosure Statement The information disclosure statement (IDS) submitted on 05/19/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Amendment Claims 1, 8, and 15 have been amended. Applicant's arguments filed 05/19/2025 have been fully considered but they are not persuasive. As per the applicant’s arguments that prior art of record Alperovitch does not teach the limitations: “dynamically adjust network resources based on current load information of each of the one or more traffic groups” and “monitor the one or more traffic groups to detect changes in the current load information”, the examiner respectfully disagrees. Alperovitch teaches: [0020]: For example, if there are classifications of business traffic having first priority, news traffic having second priority, and spam traffic having third priority, the business traffic can be allocated bandwidth first, the news traffic can be allocated bandwidth second (if any bandwidth is available), and the spam traffic can be allocated bandwidth third (if any bandwidth is available). [0022] In still further implementations, the network traffic prioritization system 110 can communicate high priority traffic first, and wait for periods of inactivity during which to send lower priority traffic based upon the prioritization scheme. For example, if high priority traffic can be placed in a high priority queue for transmission, while lower priority traffic can be placed in a low priority queue for transmission. In such examples, the data in the low priority queue might not be transmitted until the high priority queue is empty. Thus, the network traffic prioritization system can transmit all of the high priority traffic and then transmit lower priority traffic until more high priority traffic is received, i.e., the different types of traffic (traffic groups) are monitored to detect changes in the load of high priority traffic and network resources to the traffic groups are allocated based on the detected load. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over prior arts of record US 20180063195 to Nimmagadda et al (hereinafter Nimmagadda), US 20070118894 to Bhatia (hereinafter Bhatia) and US 20120011252 to Alperovitch et al (hereinafter Alperovitch). As per claims 1 and 15, Nimmagadda teaches: A security system for a wireless telecommunication network, the security system comprising: a processor; and a memory coupled to the processor and configured to store instructions for the processor, the processor including: a traffic-inspection module configured to inspect addressing information associated with network traffic in the (Nimmagadda: [0030]: As shown, each high level security rule of the table 105 includes a security group (i.e., dynamic group) that defines the source nodes of the traffic, a security group that defines the destination nodes for the traffic. [0032] As shown, the security group 110 includes three virtual servers that implement a particular distributed application (or a particular layer of a distributed application) (destination network function), while security group 115 includes three other virtual servers that implement a different application (or a different layer of the same distributed application) (destination network function). [0079]: In processing a packet, the firewall module 280 will determine whether the packet's source and destination IP addresses are within a corresponding dynamic group, respectively); a traffic-sorting module configured to divide the network traffic into one or more traffic groups according to respective security levels corresponding to the plurality of destination network functions indicated for the network traffic (Nimmagadda: [0030]: A security rule, in some embodiments, is a high-level firewall rule for a network traffic from one or more source nodes to one or more destination nodes. As shown, each high level security rule of the table 105 includes a security group (i.e., dynamic group) that defines the source nodes of the traffic, a security group that defines the destination nodes for the traffic, and an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule (i.e., the identification data of the packet matches the identification data stored in the rule). [0032] As shown, the security group 110 includes three virtual servers that implement a particular distributed application (or a particular layer of a distributed application) (destination network function), while security group 115 includes three other virtual servers that implement a different application (or a different layer of the same distributed application) (destination network function), i.e., the packet is sorted based on the security group (security level) associated with the destination network function. [0079].); and a traffic-routing module configured to dynamically route the one or more traffic groups based on the respective security levels according to which the one or more traffic groups are divided (Nimmagadda: [0030]: A security rule, in some embodiments, is a high-level firewall rule for a network traffic from one or more source nodes to one or more destination nodes. As shown, each high level security rule of the table 105 includes a security group (i.e., dynamic group) that defines the source nodes of the traffic, a security group that defines the destination nodes for the traffic, and an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule (i.e., the identification data of the packet matches the identification data stored in the rule). [0034]: The second security rule allows network traffic to be sent from the first security group (SG1) to the second security group (SG2). [0081]: When the packet's header attributes and/or dynamic group attributes match a firewall rule, the firewall module determines that the packet matches the firewall rule and then performs the firewall action as specified by the rule's firewall service parameter (such as sending traffic from the first security group (SG1) to the second security group (SG2))). Nimmagadda does not explicitly teach network traffic in the wireless telecommunication network, identify non-compliance of the addressing information with a criterion applied to inspect the network traffic and dynamically adjust network resources based on current load information of each of the one or more traffic groups and dynamically route the one or more traffic groups based on the adjusted network resources and the respective security levels according to which the one or more traffic groups are divided such that a traffic group corresponding to a high security level is prioritized over a traffic group corresponding to a low security level, wherein the traffic-routing module is further configured to monitor the one or more traffic groups to detect changes in the current load information. However, Bhatia teaches: inspect addressing information associated with network traffic in the wireless telecommunication network and identify non-compliance of the addressing information with a criterion applied to inspect the network traffic (Bhatia: [0023]: the disclosed preferred embodiment a DoS attack is shown on a VoIP network (wireless telecommunication network) utilizing SIP packets. [0029] In the general form, the packet filter layer entries which may have one or more of the following pieces of information (so-called "rules") to filter packets with: (i) IP address (like A.B.C.D) as shown in list form as black and white lists 29 and 30 in FIG. 2; (ii) a protocol (like TCP, UDP etc.); (iii) a network layer 4 port (like 50000); (iv) an arbitrary pattern in the network layer 4 payload (like joe@imx.net); and/or (v) any other piece of information (rule) useful for detecting a denial of service attack. Once a packet arrives, it is examined for a match against this information in each entry and a policy is applied which matches this entry. The policy may be one of the following: (i) drop the packet; (ii) process the packet at a lower priority; and/or (iii) control the packet rate according to a burst/peak rate etc.). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Bhatia in the invention of Nimmagadda to include the above limitations. The motivation to do so would be to prevent DoS attacks by thwarting bad traffic before it hits the session layer boundary itself or providing it a lower class of service until it has been authenticated (Bhatia: [0020]). Nimmagadda in view of Bhatia does not teach the rest of the limitations. However, Alperovitch teaches: dynamically adjust network resources based on current load information of each of the one or more traffic groups and dynamically route the one or more traffic groups based on the adjusted network resources and the respective security levels according to which the one or more traffic groups are divided such that a traffic group corresponding to a high security level is prioritized over a traffic group corresponding to a low security level, wherein the traffic-routing module is further configured to monitor the one or more traffic groups to detect changes in the current load information (Alperovitch: [0014]: the traffic can be prioritized based upon a classification associated with the traffic. The prioritization, in various implementations, can operate to allocate more bandwidth to higher priority communications while allocating less bandwidth to lower priority communications. For example, communications that are classified as the highest priority (e.g., national security (high security level traffic), commercial, business oriented, etc.) can be allocated bandwidth first, while communications classified as the lowest priority (e.g., spam, music downloads, adult content, social traffic, gaming content, entertainment content, malicious content, etc.) can be allocated any remaining bandwidth after higher priority communications have been transmitted. [0022] In still further implementations, the network traffic prioritization system 110 can communicate high priority traffic first, and wait for periods of inactivity during which to send lower priority traffic based upon the prioritization scheme. For example, if high priority traffic can be placed in a high priority queue for transmission, while lower priority traffic can be placed in a low priority queue for transmission. In such examples, the data in the low priority queue might not be transmitted until the high priority queue is empty. Thus, the network traffic prioritization system can transmit all of the high priority traffic and then transmit lower priority traffic until more high priority traffic is received, i.e., the changes in the load of the high priority traffic monitored and the network resources to the different traffic groups are allocated based on the load). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Alperovitch in the invention of Nimmagadda in view of Bhatia to include the above limitations. The motivation to do so would be to prioritize communications between a first entity and a second entity over a network (Alperovitch: [0014]). As per claim 8, Nimmagadda teaches: A method for a wireless telecommunication network, the method comprising: inspecting, by a security system dynamically instantiated in the wireless telecommunication network, addressing information associated with network traffic in the (Nimmagadda: [0030]: As shown, each high level security rule of the table 105 includes a security group (i.e., dynamic group) that defines the source nodes of the traffic, a security group that defines the destination nodes for the traffic. [0032] As shown, the security group 110 includes three virtual servers that implement a particular distributed application (or a particular layer of a distributed application) (destination network function), while security group 115 includes three other virtual servers that implement a different application (or a different layer of the same distributed application) (destination network function). [0028]: The firewall module of some embodiments is instantiated in the virtualization software (e.g., hypervisor) of the host machine and applies the network security policy on the network traffic that passes through the hypervisor. [0079]: In processing a packet, the firewall module 280 will determine whether the packet's source and destination IP addresses are within a corresponding dynamic group, respectively); sorting, by the security system, the network traffic into one or more traffic groups according to respective security levels corresponding to the one or more destination network functions (Nimmagadda: [0030]: A security rule, in some embodiments, is a high-level firewall rule for a network traffic from one or more source nodes to one or more destination nodes. As shown, each high level security rule of the table 105 includes a security group (i.e., dynamic group) that defines the source nodes of the traffic, a security group that defines the destination nodes for the traffic, and an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule (i.e., the identification data of the packet matches the identification data stored in the rule). [0032] As shown, the security group 110 includes three virtual servers that implement a particular distributed application (or a particular layer of a distributed application) (destination network function), while security group 115 includes three other virtual servers that implement a different application (or a different layer of the same distributed application) (destination network function), i.e., the packet is sorted based on the security group (security level) associated with the destination network function. [0079].); and dynamically routing, by the security system, the one or more traffic groups based on the respective security levels corresponding to the one or more traffic groups (Nimmagadda: [0030]: A security rule, in some embodiments, is a high-level firewall rule for a network traffic from one or more source nodes to one or more destination nodes. As shown, each high level security rule of the table 105 includes a security group (i.e., dynamic group) that defines the source nodes of the traffic, a security group that defines the destination nodes for the traffic, and an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule (i.e., the identification data of the packet matches the identification data stored in the rule). [0034]: The second security rule allows network traffic to be sent from the first security group (SG1) to the second security group (SG2). [0081]: When the packet's header attributes and/or dynamic group attributes match a firewall rule, the firewall module determines that the packet matches the firewall rule and then performs the firewall action as specified by the rule's firewall service parameter (such as sending traffic from the first security group (SG1) to the second security group (SG2))). Nimmagadda does not explicitly teach network traffic in the wireless telecommunication network, identifying non-compliance of the addressing information with a criterion applied to inspect the network traffic; monitor, by the security system, the one or more traffic groups to detect changes in current load information of each of the one or more traffic groups; dynamically adjusting, by the security system, network resources based on the current load information of each of the one or more traffic groups; and dynamically routing, by the security system, the one or more traffic groups based on the adjusted network resources and the respective security levels corresponding to the one or more traffic groups such that a traffic group corresponding to a high security level is prioritized over a traffic group corresponding to a low security level. However, Bhatia teaches: inspecting addressing information associated with network traffic in the wireless telecommunication network and identifying non-compliance of the addressing information with a criterion applied to inspect the network traffic (Bhatia: [0023]: the disclosed preferred embodiment a DoS attack is shown on a VoIP network (wireless telecommunication network) utilizing SIP packets. [0029] In the general form, the packet filter layer entries which may have one or more of the following pieces of information (so-called "rules") to filter packets with: (i) IP address (like A.B.C.D) as shown in list form as black and white lists 29 and 30 in FIG. 2; (ii) a protocol (like TCP, UDP etc.); (iii) a network layer 4 port (like 50000); (iv) an arbitrary pattern in the network layer 4 payload (like joe@imx.net); and/or (v) any other piece of information (rule) useful for detecting a denial of service attack. Once a packet arrives, it is examined for a match against this information in each entry and a policy is applied which matches this entry. The policy may be one of the following: (i) drop the packet; (ii) process the packet at a lower priority; and/or (iii) control the packet rate according to a burst/peak rate etc.). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Bhatia in the invention of Nimmagadda to include the above limitations. The motivation to do so would be to prevent DoS attacks by thwarting bad traffic before it hits the session layer boundary itself or providing it a lower class of service until it has been authenticated (Bhatia: [0020]). monitor, by the security system, the one or more traffic groups to detect changes in current load information of each of the one or more traffic groups; dynamically adjusting, by the security system, network resources based on the current load information of each of the one or more traffic groups; and dynamically routing, by the security system, the one or more traffic groups based on the adjusted network resources and the respective security levels corresponding to the one or more traffic groups such that a traffic group corresponding to a high security level is prioritized over a traffic group corresponding to a low security level (Alperovitch: the traffic can be prioritized based upon a classification associated with the traffic. The prioritization, in various implementations, can operate to allocate more bandwidth to higher priority communications while allocating less bandwidth to lower priority communications. For example, communications that are classified as the highest priority (e.g., national security (high security level traffic), commercial, business oriented, etc.) can be allocated bandwidth first, while communications classified as the lowest priority (e.g., spam, music downloads, adult content, social traffic, gaming content, entertainment content, malicious content, etc.) can be allocated any remaining bandwidth after higher priority communications have been transmitted. [0022] In still further implementations, the network traffic prioritization system 110 can communicate high priority traffic first, and wait for periods of inactivity during which to send lower priority traffic based upon the prioritization scheme. For example, if high priority traffic can be placed in a high priority queue for transmission, while lower priority traffic can be placed in a low priority queue for transmission. In such examples, the data in the low priority queue might not be transmitted until the high priority queue is empty. Thus, the network traffic prioritization system can transmit all of the high priority traffic and then transmit lower priority traffic until more high priority traffic is received, i.e., the changes in the load of the high priority traffic monitored and the network resources to the different traffic groups are allocated based on the load). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Alperovitch in the invention of Nimmagadda in view of Bhatia to include the above limitations. The motivation to do so would be to prioritize communications between a first entity and a second entity over a network (Alperovitch: [0014]). Claims 2, 7, 9, 14, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Nimmagadda in view of Bhatia and Alperovitch as applied to claims 1, 8, and 15 above, and further in view of prior art of record CN104301895A to Zhang et al (hereinafter Zhang). As per claims 2 and 9, Nimmagadda in view of Bhatia and Alperovitch does not teach the limitations of claims 2 and 9. However, Zhang teaches: wherein the security system is configured to be instantiated at one or more edge devices of the wireless telecommunication network in response to a detection of suspicious network traffic (Zhang: [0031]-[0032]: Trigger judgment step: the base station sends an abnormal alarm to the aggregation node when the difference between the predicted flow value and the actual value exceeds the predetermined threshold, and the local intrusion detection system starts to be activated in the abnormal area; [0033]: Steps to enable the local intrusion detection model: when the sink node receives an abnormal alarm, the sink node and the common node in the area where the alarm occurs abnormally will start the second layer of intrusion detection model, that is, the local intrusion detection model. [0045], [0128]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Zhang in the invention of Nimmagadda in view of Bhatia and Alperovitch to include the above limitations. The motivation to do so would be to reduce the energy consumption of the network to a large extent and to achieve the accuracy of detection (Zhang: [0050]). As per claims 7 and 14, Nimmagadda in view of Bhatia and Alperovitch does not teach the limitations of claims 7 and 14. However, Zhang teaches: wherein the security system is configured to be terminated in response to a change in a security threat level associated with the wireless telecommunication network (Zhang: [0046]: 3) If no abnormality is found in the network within the continuous time T of the local intrusion detection operation, the node will send an application to deactivate the local intrusion detection to the aggregation node, and the monitoring node information in the abnormal alarm activity list of the node is recorded in the application packet. [0047]-[0048]: 7 5) After the nodes in the area receive the end abnormal alarm command, delete the relevant monitoring node information in their own abnormal alarm activity list, scan the node abnormal activity list at this time, if the abnormal activity list is empty, close the local intrusion detection of the node model. Also, [0129]-[0131]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Zhang in the invention of Nimmagadda in view of Bhatia and Alperovitch to include the above limitations. The motivation to do so would be to reduce the energy consumption of the network to a large extent and to achieve the accuracy of detection (Zhang: [0050]). As per claim 16, Nimmagadda in view of Bhatia and Alperovitch teaches: The at least one non-transitory computer-readable storage medium of claim 15, the instructions further comprising wherein the security system is configured to dynamically route the one or more traffic groups (Nimmagadda: [0030]: an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule (i.e., the identification data of the packet matches the identification data stored in the rule). [0034]: The second security rule allows network traffic to be sent from the first security group (SG1) to the second security group (SG2)). Nimmagadda in view of Bhatia and Alperovitch does not teach: further comprising dynamically instantiating a security system at one or more edge devices of the wireless telecommunication network in response to a detection of suspicious network traffic. However, Zhang teaches: further comprising dynamically instantiating a security system at one or more edge devices of the wireless telecommunication network in response to a detection of suspicious network traffic (Zhang: [0031]-[0032]: Trigger judgment step: the base station sends an abnormal alarm to the aggregation node when the difference between the predicted flow value and the actual value exceeds the predetermined threshold, and the local intrusion detection system starts to be activated in the abnormal area; [0033]: Steps to enable the local intrusion detection model: when the sink node receives an abnormal alarm, the sink node and the common node in the area where the alarm occurs abnormally will start the second layer of intrusion detection model, that is, the local intrusion detection model. [0045], [0128]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Zhang in the invention of Nimmagadda in view of Bhatia and Alperovitch to include the above limitations. The motivation to do so would be to reduce the energy consumption of the network to a large extent and to achieve the accuracy of detection (Zhang: [0050]). Claims 3, 5, 10, 12, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nimmagadda in view of Bhatia and Alperovitch as applied to claims 1, 8, and 15 above, and further in view of prior art of record US 20070022468 to Iijima et al (hereinafter Iijima). As per claims 3, 10, and 17, Nimmagadda in view of Bhatia and Alperovitch does not teach the limitations of claims 3, 10, and 17. However, Iijima teaches: wherein the traffic-routing module is configured to, for the traffic group corresponding to a high security level, divert the traffic group to an alternative network function different than a destination network function indicated for the traffic group (Iijima: [0024]: After receiving a packet from the user via the packet transfer processor 21, the platform module 12 transfers that packet to the user identification module 31 and verifies the user sending that packet. [0025] The user destination module table 34 within the packet processor 22 contains the table in FIG. 5 recording the link between the user and security level, and the table shown in FIG. 6 recording the link between the security level and transfer module. Here, the lower the security level value, the stronger the security. The security level 1 for user 1 is the highest level of security, and the FW module and IDS module are set as its destination application module). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Iijima in the invention of Nimmagadda in view of Bhatia and Alperovitch to include the above limitations. The motivation to do so would be to transfer traffic from those users with harmful intent to a module for secure processing (Iijima: [0011]). As per claims 5, 12, and 19, Nimmagadda in view of Bhatia and Alperovitch does not teach the limitations of claims 5, 12, and 19. However, Iijima teaches: wherein the traffic-routing module is configured to, for a given traffic group, direct the given traffic group to a destination network function indicated for the given traffic group via an alternative network path (Iijima: [0025]: The security level 1 for user 1 is the highest level of security, and the FW module and IDS module are set as its destination application module. The security level 1 is mainly for those users sending harmful traffic. A security level 2 is set for user 2 and the FW module is set as its destination application module. This security level 2 is usually assigned to users sending unusual traffic whose results show contamination such as from a virus. [0026]-[0027]. [0028]: The packet from the user 2 is security level 2 and its transfer (destination) application module is judged to be an FW module. This packet therefore contains an IP address and data packet so an internal header listing the user identifier and security level 2 is attached to it and it is then transferred to the FW module. After processing the packet in the FW module, the internal header is removed as shown in the flow chart of FIG. 12 if found to be normal and the packet is sent to an outside network. Packets from the user 1 are sent via the FW module and IDS module to the outside network in the same way). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Iijima in the invention of Nimmagadda in view of Bhatia and Alperovitch to include the above limitations. The motivation to do so would be to transfer traffic from those users with harmful intent to a module for secure processing (Iijima: [0011]). Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Nimmagadda in view of Bhatia and Alperovitch as applied to claims 1, 8, and 15 above, and further in view of Iijima and prior art of record US 20210051175 to Lyle (hereinafter Lyle). As per claims 4, 11, and 18, Nimmagadda in view of Bhatia and Alperovitch does not teach the limitations of claims 4, 11, and 18. However, Iijima teaches: wherein the traffic-routing module is configured to, for the traffic group corresponding to a high security level, divert the traffic group (Iijima: [0024]: After receiving a packet from the user via the packet transfer processor 21, the platform module 12 transfers that packet to the user identification module 31 and verifies the user sending that packet. [0025] The user destination module table 34 within the packet processor 22 contains the table in FIG. 5 recording the link between the user and security level, and the table shown in FIG. 6 recording the link between the security level and transfer module. Here, the lower the security level value, the stronger the security. The security level 1 for user 1 is the highest level of security, and the FW module and IDS module are set as its destination application module). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Iijima in the invention of Nimmagadda in view of Bhatia and Alperovitch to include the above limitations. The motivation to do so would be to transfer traffic from those users with harmful intent to a module for secure processing (Iijima: [0011]). Nimmagadda in view of Bhatia, Alperovitch and Iijima teaches diverting the network traffic to a FW module and IDS module but does not teach diverting to a quarantine containment area that is communicatively separate from the wireless telecommunication network. However, Lyle teaches: divert to a quarantine containment area that is communicatively separate from the wireless telecommunication network (Lyle: [0018]: If traffic is determined to originate from a known or potentially malicious actor, the traffic is routed to a decoy computing environment. One or more SDN switches are dynamically managed by the controller, which is structured to parse new packet(s), evaluate them against a whitelist, identify malicious traffic, create SDN switch entries to forestall future attacks, and re-route the offending packet(s), via the SDN switch, to a honeypot (decoy) environment, which may include application impersonation services to provide decoy applications, time-out messages, etc.). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Lyle in the invention of Nimmagadda in view of Bhatia, Alperovitch and Iijima to include the above limitations. The motivation to do so would be to entice bad actors to think that their attacks have been successful and forestalls future attacks and/or redirects future traffic to decoy hosts (Lyle: [0018]). Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nimmagadda in view of Bhatia and Alperovitch as applied to claims 1, 8, and 15 above, and further in view of prior art of record US 9516053 to Muddu et al (hereinafter Muddu). As per claims 6, 13, and 20, Nimmagadda in view of Bhatia and Alperovitch does not teach the limitations of claims 6, 13 and 20. However, Muddu teaches: wherein the processor further includes: a security-scoring module configured to output one or more labels for the network traffic, each label indicating a security score based on a vulnerability parameter, a risk parameter, and a threat parameter, wherein the traffic-sorting module is configured to divide the network traffic into the one or more traffic groups further according to the one or more labels for the network traffic (Muddu: Column 60, lines 12- 26: Calculation of the threat indicator score is based on the processing logic contained within the threat indicator model and represents a quantification of a degree to which the processed anomaly data is associated with activity that may be a threat to the security of the network (risk parameter). Column 62, lines 8-10, 43-67: The process continues with identifying a threat indicator if the measure of anomalies associated with the particular entity satisfies a specified criterion. In an embodiment, the specified criterion may simply be a threshold number of anomalies associated with a particular entity (threat parameter). Column 104, lines 44-67: In some embodiments, generating the plurality of feature scores includes analyzing a sequencing of communications associated with an entity (internal or external) over a time period and assigning a feature score based on the analysis, wherein the feature score is indicative of a level of confidence that the communications are associated with an exploit chain (vulnerability parameter). Column 105, lines 36-65: the plurality of feature scores may be processed according to one or more machine learning models to generate an anomaly score. Column 9, line 65-column 10, line 11: When the security-related conclusion indicates that a potential security breach (e.g., a threat or a threat indicator) has occurred, at step 2110, the model deliberation process thread can generate a user interface element to solicit an action command to activate a threat response. In one example, the user interface element triggers the action command for sending a message to the target-side computer system to demand ..., blocking of specific network traffic). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Muddu in the invention of Nimmagadda in view of Bhatia and Alperovitch to include the above limitations. The motivation to do so would be to detect security related anomalies and threats, regardless of whether such anomalies and threats are previously known or unknown (Muddu: column 9, lines 5-7). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: CN106793098A to Wei-jie et al: adjusting the bandwidth of each subband according to the transmission service load includes at least one of the following: adjusting the bandwidth of the second subband according to the service load of large-scale machine type communication; adjusting the bandwidth of the third subband according to the service load of low-latency and high reliability communication; adjusting the bandwidth of the first subband according to at least one of the adjusted bandwidth of the second subband and the adjusted bandwidth of the third subband. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-4:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached at (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. MADHURI R. HERZOG Primary Examiner Art Unit 2438 /MADHURI R HERZOG/Primary Examiner, Art Unit 2438
Read full office action

Prosecution Timeline

Feb 24, 2023
Application Filed
Jul 19, 2023
Non-Final Rejection — §103
Nov 16, 2023
Examiner Interview Summary
Nov 16, 2023
Applicant Interview (Telephonic)
Nov 27, 2023
Response Filed
Jan 30, 2024
Final Rejection — §103
Apr 09, 2024
Examiner Interview Summary
Apr 09, 2024
Applicant Interview (Telephonic)
May 03, 2024
Response after Non-Final Action
Jul 02, 2024
Request for Continued Examination
Jul 09, 2024
Response after Non-Final Action
Sep 09, 2024
Non-Final Rejection — §103
Dec 02, 2024
Examiner Interview Summary
Dec 02, 2024
Applicant Interview (Telephonic)
Dec 11, 2024
Response Filed
Feb 13, 2025
Final Rejection — §103
May 19, 2025
Request for Continued Examination
May 24, 2025
Response after Non-Final Action
Jul 21, 2025
Non-Final Rejection — §103
Oct 09, 2025
Interview Requested
Apr 06, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12592925
METHOD AND SYSTEM FOR AUTHENTICATING A USER ON AN IDENTITY-AS-A-SERVICE SERVER WITH A TRUSTED THIRD PARTY
2y 5m to grant Granted Mar 31, 2026
Patent 12592820
SYSTEMS AND METHODS FOR DIGITAL RETIREMENT OF INFORMATION HANDLING SYSTEMS
2y 5m to grant Granted Mar 31, 2026
Patent 12587383
METHOD AND SYSTEM FOR OUT-OF-BAND USER IDENTIFICATION IN THE METAVERSE VIA BIOGRAPHICAL (BIO) ID
2y 5m to grant Granted Mar 24, 2026
Patent 12556550
THREAT DETECTION PLATFORMS FOR DETECTING, CHARACTERIZING, AND REMEDIATING EMAIL-BASED THREATS IN REAL TIME
2y 5m to grant Granted Feb 17, 2026
Patent 12531754
BLOCKCHAIN MACHINE COMPUTE ACCELERATION ENGINE WITH OUT-OF-ORDER SUPPORT
2y 5m to grant Granted Jan 20, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
78%
Grant Probability
90%
With Interview (+11.9%)
2y 11m
Median Time to Grant
High
PTA Risk
Based on 662 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month