Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the communication filed on November 13, 2025. Claims 1-20 have been amended. Therefore, claims 1-20 are pending and addressed below.
Response to Arguments
Applicant's arguments filed November 13, 2025 have been fully considered but they are not persuasive for the following reasons.
Applicant’s arguments with respect to the rejections of amended claims 11 and 20 under 35 U.S.C 102(a)(1) have been fully considered but are not persuasive because additional citations from the same prior art (Ladnai et al: US PG-PUB No. 20210250366 A1) are added to support the examiner’s response regarding “raising of the event is indicative of a violation of the security policy”. The same additional citations from the same prior art are also added to support the examiner’s response regarding “raising of the event is indicative of a violation of the security policy” in claims 1 and 19. (see below rejection details);
Applicant’s arguments with respect to the rejections of amended claims 1 and 19 under 35 U.S.C 102(a)(1) have been fully considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. A new ground of rejection under 35 U.S.C 103 is made in view of the combination of prior art of Ladnai et al (US PG-PUB No. 20210250366 A1) and Bailey et al (US PG-PUB No. 20230070650 A1) (see below rejection details)
Therefore, claims 1 and 19 are rejected under 35 U.S.C 103. As claims 2-10 are dependent directly or indirectly on claim 1, applicant’s argument with respect to the rejections of claim 2-10 are moot; Claims 11 and 20 are rejected under 35 U.S.C 102(a)(1). As claims 12-18 are dependent directly or indirectly on claim 11, applicant’s argument with respect to the rejections of claim 12-18 are not persuasive and addressed below.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 11-12 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ladnai et al (US PG-PUB No. 20210250366 A1).
Regarding claim 11 and claim 20, Ladnai teaches a non-transitory machine-readable medium and a method, the non-transitory machine-readable medium storing program code, which when executed by for causing one or more processors of a data processing system, cause the data processing system to:
establish a software entity at the data processing system configured to act as a local monitoring entity for the data processing system; monitor the data processing system using the local monitoring entity (Paragraph [0006]: “activity on an endpoint is monitored (monitor the data processing system using the local monitoring entity) in two stages with a local agent (local monitoring entity). In a first stage, particular computing objects on the endpoint are selected for tracking. In a second stage, particular types of changes to those objects are selected. By selecting objects and object changes in this manner (in dependence on one or more criteria), a compact data stream of information highly relevant to threat detection can be provided from an endpoint to a central threat management facility (raise an event based on the monitoring of the data processing system).”);
raise an event based on the monitoring of the data processing system in dependence on one or more criteria specified by a security policy, wherein raising of the event is indicative of a violation of the security policy (Paragraph [0159]: “As shown in step 1114, the method 1100 may include processing the filtered event stream at the threat management facility to evaluate a security state of the endpoint. This may include any processing suitable for analyzing the events within the filtered event stream. For example, processing the filtered event stream may include searching for potential malicious activity on the endpoint, e.g., based on a pattern of activities within the filtered event stream, or based on a specific activity such as an unauthorized change to a registry entry (monitoring of the data processing system in dependence on one or more criteria specified by a security policy). Processing the filtered event stream may also or instead include searching for a security exposure on the endpoint such as a missing security patch, a change in a firewall configuration, a de-installation of a malware scanner, and so forth (raising an event in dependence on the criteria specified by a security policy). In another aspect, processing the filtered event stream may include securely verifying a status of the endpoint, e.g., with a secure heartbeat or the like from the endpoint, in order to ensure that the endpoint has not been otherwise compromised. In another aspect, processing the filtered event stream may include monitoring for changes (monitoring the changes on the data processing system) that bring the endpoint out of compliance with a security policy (violations of the security policies) for an enterprise, or otherwise present an actual or potential risk to network security for the enterprise (raise an event based on the monitoring of the data processing system in dependence on one or more criteria specified by a security policy, wherein raising of the events are indicative violations of the security policies).”);
assign a reporting priority to the event in dependence on a reporting priority associated with the security policy; and report to a remote monitoring entity the occurrence of events in dependence on their respective reporting priorities (Paragraph [0006]: “In order to support dynamic threat response, the locus and level of detection applied by the local agent can be controlled by the threat management facility and/or the endpoint (assign a reporting priority associated with the security policy to the event)”; Paragraph [0007]: “in a threat management platform (data processing system), a number of endpoints log events (monitor the data processing system) in an event data recorder (buffer). A local agent (local monitoring entity) filters this data and feeds a filtered data stream to a central threat management facility (report to a remote monitoring entity the occurrence of events in dependence on their respective reporting priorities).”).
Regarding claim 12, Ladnai teaches all of the features with respect to claim 11, as outlined above.
Ladnai further teaches wherein the program code causes events to be stored in a buffer at the data processing system in dependence on their respective reporting priorities (Paragraph [0007]: “in a threat management platform (data processing system), a number of endpoints log events (causes events to be stored) in an event data recorder (buffer).”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5-10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ladnai et al (US PG-PUB No. 20210250366 A1) in view of Bailey et al (US PG-PUB No. 20230070650 A1).
Regarding claim 1 and claim 19, Ladnai teaches a non-transitory machine-readable medium storing program code which when executed by one or more processors of a data processing system, cause the data processing system to:
establish a software entity at the data processing system configured to act as a local monitoring entity for the data processing system; monitor the data processing system using the local monitoring entity (Paragraph [0006]: “activity on an endpoint is monitored (monitor the data processing system using the local monitoring entity) in two stages with a local agent (local monitoring entity). In a first stage, particular computing objects on the endpoint are selected for tracking. In a second stage, particular types of changes to those objects are selected. By selecting objects and object changes in this manner (in dependence on one or more criteria), a compact data stream of information highly relevant to threat detection can be provided from an endpoint to a central threat management facility (raise an event based on the monitoring of the data processing system). In order to support dynamic threat response, the locus and level of detection applied by the local agent can be controlled by the threat management facility and/or the endpoint.”);
raise an event based on the monitoring of the data processing system in dependence on one or more criteria specified by a security policy of a plurality of security policies, wherein raising of the event is indicative of a violation of the security policy (Paragraph [0159]: “As shown in step 1114, the method 1100 may include processing the filtered event stream at the threat management facility to evaluate a security state of the endpoint. This may include any processing suitable for analyzing the events within the filtered event stream. For example, processing the filtered event stream may include searching for potential malicious activity on the endpoint, e.g., based on a pattern of activities within the filtered event stream, or based on a specific activity such as an unauthorized change to a registry entry (monitoring of the data processing system in dependence on one or more criteria specified by a security policy). Processing the filtered event stream may also or instead include searching for a security exposure on the endpoint such as a missing security patch, a change in a firewall configuration, a de-installation of a malware scanner, and so forth (raising an event in dependence on the criteria specified by a security policy). In another aspect, processing the filtered event stream may include securely verifying a status of the endpoint, e.g., with a secure heartbeat or the like from the endpoint, in order to ensure that the endpoint has not been otherwise compromised. In another aspect, processing the filtered event stream may include monitoring for changes (monitoring the changes on the data processing system) that bring the endpoint out of compliance with a security policy (violations of the security policies) for an enterprise, or otherwise present an actual or potential risk to network security for the enterprise (raise an event based on the monitoring of the data processing system in dependence on one or more criteria specified by a security policy, wherein raising of the events are indicative violations of the security policies).”)
Ladnai is not relying on, but Bailey teaches “in dependence on the event having been raised, assign a heightened reporting priority to one or more other events, the one or more other events being raised in dependence on one or more other criteria of one or more other security policies of the plurality of security policies, wherein raising of the one or more other events are indicative of one or more violations of the one or more other security policies (Paragraph [0060]: “An event priority engine receives event data detected by event agents executing on devices. The events are prioritized and ranked according to threat scores for events generated according to threat indicators which are fed event data and threat data.”; Paragraph [0027]: “prioritizing these events have been based on pattern matching of various captured events whereby events or sequences of events are compared to patterns associated with “kill chains” (assign a heightened reporting priority retroactively to one or more other events raised previously), which represent sets of steps that attackers usually preform when attempting to compromise an endpoint device. Such pattern matching requires grouping and correlation of events (The event prioritization engine scores that event based on threat indicators, if that event has a high score, meaning it might indicate a serious threat or chain of malicious behavior, the system will pull in and analyze other events from that same endpoint or correlated endpoints to see if these subsequent events are part of a larger pattern).”; Paragraph [0059]: “The threat indicators may be assigned a weight value, often relative to significance of a threat indicator compared with other threat indicators, in other words, the degree to which a threat indicator is determinative of a threat. The threat indicators may also be assigned a threat criticality that designates whether a threat indicator is critical or non-critical to determining threat level. The threat score, in this way, is modified by weights and criticalities of the threat indicators (assign a heightened reporting priority to one or more other events).”).
Ladnai and Bailey are both considered to be analogous to the claimed invention because they both teach network endpoint events monitoring and threats detection. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified solution disclosed by Ladnai with adding assigning a heightened reporting priority to reprioritize the related events based on an event triggering a particular security breach disclosed by Bailey.
One of the ordinary skills in the art would have been motivated to make this modification in order to prioritize the events based on the damage to the enterprise that may occur if those events were to compromise security, as suggested by Bailey in Paragraph [0008].
Regarding claim 2, Ladnai and Baily, hereinafter LB, teaches all of the features with respect to claim 1, as outlined above.
Ladnai further teaches wherein the program code is configured to cause the one or more processors to report to a remote monitoring entity the occurrence of events in dependence on their respective reporting priorities (Paragraph [0006]: “By selecting objects and object changes in this manner, a compact data stream of information highly relevant to threat detection (in dependence on their respective reporting priorities) can be provided from an endpoint (from a processor on the endpoint) to a central threat management facility (report to a remote monitoring entity)”).
Regarding claim 3, LB teaches all of the features with respect to claim 1, as outlined above.
Ladnai further teaches wherein the program code causes events to be stored in a buffer at the data processing system in dependence on their respective reporting priorities (Paragraph [0007]: “in a threat management platform (data processing system), a number of endpoints log events (causes events to be stored) in an event data recorder (buffer).”).
Regarding claim 5, LB teaches all of the features with respect to claim 1, as outlined above.
Bailey also teaches wherein the one or more other events raised in dependence on the one or more other criteria are one or more events raised previously to the event, and wherein the heightened reporting priority is assigned retroactively to the one or more events raised previously (Paragraph [0027]: “prioritizing these events have been based on pattern matching of various captured events whereby events or sequences of events are compared to patterns associated with “kill chains” (assign a heightened reporting priority retroactively to one or more other events raised previously), which represent sets of steps that attackers usually preform when attempting to compromise an endpoint device. Such pattern matching requires grouping and correlation of events (The event prioritization engine scores that event based on threat indicators, if that event has a high score, meaning it might indicate a serious threat or chain of malicious behavior, the system will pull in and analyze other events from that same endpoint or correlated endpoints to see if these subsequent events are part of a larger pattern).”).
Regarding claim 6, LB teaches all of the features with respect to claim 1, as outlined above.
Ladnai further teaches wherein the one or more other events are related or dependent events to the event (Paragraph [0074]: “The endpoint 302 (local monitoring entity) may include a filter 322 to manage a flow of information from the data recorder 304 (buffer) to a remote resource (remote monitoring entity) such as the threat detection tools 314 of the threat management facility 308. In this manner, a detailed log of events may be maintained locally on each endpoint, while network resources can be conserved for reporting of a filtered event stream that contains information believed to be most relevant to threat detection. The filter 322 may also or instead be configured to report causal information that causally relates collections of events to one another (other events are related events to the event).”).
Regarding claim 7, LB teaches all of the features with respect to claim 1, as outlined above.
Ladnai further teaches wherein the raised event is a result of activity of a user and wherein the one or more other events are other events associated with that user's activity (Paragraph [0006]: “activity on an endpoint is monitored in two stages with a local agent.”; Paragraph [0031]: “The threat management facility 100 may include certain facilities, such as identity management facility 172. It should be understood that the threat management facility 100 may be implemented in whole or in part on a number of different compute instances, with some parts of the threat management facility on different compute instances in different locations (the threat management facility may be implemented either on the local endpoint or remote server). For example, Some or all of one or more of the facilities 100, 112-174 may be provided on the same physical hardware or logical resource.”; Paragraph [0034]: “The identity management facility 172 may determine a risk score for a user based on the events, observations, and inferences about that user and the compute instances associated with the user (the raised event is a result of activity of a user).”).
Regarding claim 8, LB teaches all of the features with respect to claim 1, as outlined above.
Bailey also teaches wherein the program code causes the one or more processors to learn which other events are to be assigned a heightened reporting priority when a respective event is raised (Paragraph [0027]: “prioritizing these events have been based on pattern matching of various captured events whereby events or sequences of events are compared to patterns associated with “kill chains” (the program code causes the one or more processors to learn which other events are to be assigned a heightened reporting priority when a respective event is raised), which represent sets of steps that attackers usually preform when attempting to compromise an endpoint device. Such pattern matching requires grouping and correlation of events (The event prioritization engine scores that event based on threat indicators, if that event has a high score, meaning it might indicate a serious threat or chain of malicious behavior, the system will pull in and analyze other events from that same endpoint or correlated endpoints to see if these subsequent events are part of a larger pattern).”)
Regarding claim 9, LB teaches all of the features with respect to claim 1, as outlined above.
Ladnai further teaches wherein the data processing system is configured to store a directed acyclic graph of events raised by the local monitoring entity that are indicative of violations of respective security policies of the plurality of security policies and wherein the one or more processors are configured to determine which of the events to assign a heightened reporting priority to in dependence on the directed acyclic graph (Paragraph [0088]: “In response to detecting the security event 502 (detecting the violations of respective security policies), the event graph 500 (directed acyclic graph of events) may be traversed in a reverse order from a computing object associated with the security event 502 based on the sequence of events included in the event graph 500.” Paragraph [0090]: “The event graph 500 may similarly be traversed going forward from one or more of the root cause 504 or the security event 502 to identify one or more other computing objects affected by the root cause 504 or the security event 502.” Paragraph [0091]: “The event graph 500 may include one or more computing objects or events that are not located on a path between the security event 502 and the root cause 504. These computing objects or events may be filtered or ‘pruned’ from the event graph 500 (determine which events to assign a heightened reporting priority to in dependence on the graph) when performing a root cause analysis or an analysis to identify other computing objects affected by the root cause 504 or the security event 502.”).
Regarding claim 10, LB teaches all of the features with respect to claim 1, as outlined above.
Ladnai further teaches wherein the local monitoring entity is configured to present raised events in an interface viewable by a system administrator, wherein the events are presented in dependence on their respective reporting priorities (Paragraph [0186:]” As shown in step 1314, the method 1300 may include presenting a list of the one or more intermediate threats (raised events) in the user interface. As discussed above, the list may be ranked according to a combination of an objective score of riskiness or suspiciousness (e.g., from the integrative model) (events are presented in dependence on their respective reporting priorities) and an objective score for the business value (e.g., from the valuation model).”).
Claims 4 is rejected under 35 U.S.C. 103 as being unpatentable over Ladnai et al (US PG-PUB No. 20210250366 A1) and Bailey et al (US PG-PUB No. 20230070650 A1), in view of Dhurandher (NPL: Discloses Priority based Buffer Management Technique for Opportunistic Networks).
Regarding claim 4, LB teaches all of the features with respect to claim 3, as outlined above.
LB is not relying on teaching, but Dhurandher teaches wherein the events are stored in the buffer until there is sufficient connectivity between the data processing system and the remote monitoring entity to report the occurrence of the events to the remote monitoring entity (In the abstract, Dhurandher teaches “If the nodes (endpoint devices) are not able to forward the message (report the occurrence of the events to the remote monitoring entity) for reasons like missing connectivity, insufficient buffer space or low-confidence among nodes, the messages are temporarily buffered (events are stored in the buffer) according to the waiting-list policy and it is resumed when the connection is established again (until there is sufficient connectivity established).”).
LB and Dhurandher are both considered to be analogous to the claimed invention because they both teach event data processing in network. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filling date of the claimed invention to have modified the solution disclosed by LB with adding the limitation to the events buffer that the events are stored in the buffer until there is sufficient connectivity, disclosed by Dhurandher.
One of the ordinary skills in the art would have been motivated to make this modification in order to secure and efficient buffer utilization to prevent the loss of events, as suggested by Dhurandher in the abstract.
Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over Ladnai et al (US PG-PUB No. 20210250366 A1) in view of Dhurandher (NPL: Discloses Priority based Buffer Management Technique for Opportunistic Networks).
Regarding claim 13, Ladnai teaches all of the features with respect to claim 12, as outlined above.
Ladnai fails to explicitly teach, but Dhurandher teaches wherein the events are stored in the buffer until there is sufficient connectivity between the data processing system and the remote monitoring entity to report the occurrence of the events to the remote monitoring entity (In the abstract, Dhurandher teaches “If the nodes (endpoint devices) are not able to forward the message (report the occurrence of the events to the remote monitoring entity) for reasons like missing connectivity, insufficient buffer space or low-confidence among nodes, the messages are temporarily buffered (events are stored in the buffer) according to the waiting-list policy and it is resumed when the connection is established again (until there is sufficient connectivity established).”).
Ladnai and Dhurandher are both considered to be analogous to the claimed invention because they both teach event data processing in network. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filling date of the claimed invention to have modified the solution disclosed by Ladnai with adding the limitation to the events buffer that the events are stored in the buffer until there is sufficient connectivity, disclosed by Dhurandher.
One of the ordinary skills in the art would have been motivated to make this modification in order to secure and efficient buffer utilization to prevent the loss of events, as suggested by Dhurandher in the abstract.
Claims 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Ladnai et al (US PG-PUB No. 20210250366 A1) in view of AZZAM et al (US PG-PUB No. 20220294727 A1).
Regarding claim 14, Ladnai teaches all of the features with respect to claim 12, as outlined above.
Ladnai fails to explicitly teach, but AZZAM teaches wherein the events are stored in the buffer in a queue, each event being assigned a respective position in the queue in dependence on its respective reporting priority (Paragraph [0026]: “In some embodiments, a buffer is used to store the timestamped data packets and is adapted to dynamically increase or decrease in size such that there is no fixed size to define a queue indicative of an order (events are stored in the buffer in a queue, each event being assigned a respective position in the queue) in which data packets are communicated; where a subset of the data packets is periodically removed from the buffer based on a corresponding age (calculated based on the timestamps) of the data packets in the queue.”).
Ladnai and AZZAM are both considered to be analogous to the claimed invention because they both teach event data processing in network. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filling date of the claimed invention to have modified the data carrier and the method disclosed by Ladnai with adding assigning a position to an event in a queue based on the priority, disclosed by AZZAM.
One of the ordinary skills in the art would have been motivated to make this modification in order to reduce congestion issues to help improve data packet communications (e.g., fewer lost packets, improve overall throughput), as suggested by AZZAM in paragraph [0004].
Regarding claim 16, Ladnai teaches all of the features with respect to claim 12, as outlined above.
Ladnai fails to explicitly teach, but AZZAM teaches wherein the buffer has a variable capacity and wherein the program code causes the buffer to increase its capacity to accommodate an event with a higher reporting priority than one or more other events stored at the buffer (Paragraph [0160]: “In some embodiments, a buffer for data packets, the buffer adapted to dynamically increase or decrease in size (buffer has a variable capacity) such that there is no fixed size to define a queue indicative of an order in which data packets are communicated (increase its capacity to accommodate an event with a higher reporting priority);”). It would have been obvious for one of ordinary skill in the art before the effective filling date of the claimed invention to have modified the data carrier and the method disclosed by Ladnai with adding variable capacity of the buffer, disclosed by AZZAM.
One of the ordinary skills in the art would have been motivated to make this modification in order to improve overall throughput, as suggested by AZZAM in paragraph [0004].
Claims 15 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Ladnai et al (US PG-PUB No. 20210250366 A1) in view of Chandrasekaran et al (US PG-PUB No. 20050097569 A1).
Regarding claim 15, Ladnai teaches all of the features with respect to claim 12, as outlined above.
Ladnai fails to explicitly teach, but Chandrasekaran teaches wherein the buffer has a fixed capacity and wherein the program code causes events with a higher reporting priority to replace events with a lower reporting priority stored at the buffer (Paragraph [0055]: “a buffer size could be fixed (buffer has a fixed capacity). High priority events would supercede low priority events in the notification queue (events with a higher reporting priority to replace events with a lower reporting priority stored at the buffer).”).
Ladnai and Chandrasekaran are both considered to be analogous to the claimed invention because they both teach event notification in computer environment. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filling date of the claimed invention to have modified the data carrier and the method disclosed by Ladnai with adding fixed-capacity buffer, disclosed by Chandrasekaran.
One of the ordinary skills in the art would have been motivated to make this modification in order to provide efficient event notification in clustered computing environments, as suggested by Chandrasekaran in the abstract.
Regarding claim 17, Ladnai teaches all of the features with respect to claim 12, as outlined above.
Ladnai fails to explicitly teach, but Chandrasekaran teaches wherein the program code causes the one or more processors to, if the buffer has greater than a predetermined occupancy, coalesce one or more events stored at the buffer having a reporting priority below a threshold (Paragraph [0055]: “According to an aspect or embodiment, since the buffer size would be fixed, the free space would be pre-determined (buffer has a predetermined occupancy) and events would be coalesced (coalesce one or more events stored at the buffer) and event notifications could be appended onto existing message traffic until the free space is filled. Yet another variation is the employment of a priority queuing mechanism in order to determine priority for events. High priority events would supercede low priority events in the notification queue (coalesce one or more events stored at the buffer based on the priority).” ). It would have been obvious for one of ordinary skill in the art before the effective filling date of the claimed invention to have modified the data carrier and the method disclosed by Ladnai with adding coalesce events in the buffer based on the priorities, disclosed by Chandrasekaran.
One of the ordinary skills in the art would have been motivated to make this modification in order to provide efficient event notification in clustered computing environments, as suggested by Chandrasekaran in the abstract.
Regarding claim 18, Ladnai teaches all of the features with respect to claim 11, as outlined above.
Ladnai fails to explicitly teach, but Chandrasekaran teaches wherein the program code causes the one or more processors to direct raised events to one of multiple egress queues in dependence on their respective reporting priorities (Paragraph [0055]: “Furthermore, many notifications could be appended onto a message, and the procedure would be repeated indefinitely. For example, if a message is about to be sent to a particular node, all the event notifications that have not been sent to that node or that need to be sent to that node could be appended to that message (direct raised events to one of multiple egress queues in dependence on their respective reporting priorities).”).
It would have been obvious for one of ordinary skill in the art before the effective filling date of the claimed invention to have modified the data carrier and the method disclosed by Ladnai with adding directing raised events to one of multiple egress queues based on the priorities, disclosed by Chandrasekaran.
One of the ordinary skills in the art would have been motivated to make this modification in order to provide efficient event notification in clustered computing environments, as suggested by Chandrasekaran in the abstract.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. (see PTO-892 form for details)
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASMINE DAY whose telephone number is (571)272-0204. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 571-272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/J.M.D./Examiner, Art Unit 2499 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499