Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 12/9/2025 have been fully considered but they are not persuasive.
In response to applicant’s argument that the prior art Avery does not teach use the SSH/WMI to obtain device-retained network traffic…” examiner respectfully disagrees, Avery teaches a concept of collecting and analyzing network traffic data and/or application data from entities of the network (see Avery 0028). Avery further discloses using SSH/ WMI (i.e. OS interface) to collect application data information from the network entities (see Avery 0059-0060). It is obvious that the using SSH/WMI to collect any type of information beside the application data such as the traffic information mentions in paragraph 0028 of Avery.
In response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Avery discloses the concept of collecting network traffic information and/or application information of network entities, but Avery does not clearly states that the collected network traffic information retained on the on the network entities, however it is obvious that the traffic information/application information of the network entities is either permanently or temporarily retained on the entities before it is collected. Thiel et al clearly discloses this concept.
The applicant’s argument is not persuasive, therefore the rejections are maintained.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-7, 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gao et al (us 8,386,593) (hereinafter Gao) in view of Avery et al (us 2019/0205154) (hereinafter Avery) and further in view of Thiel et al (us 2021/0126847) (hereinafter Thiel) and Lissack (us 2015/0127783).
As regarding claim 1, Gao discloses detecting one or more managed devices that are connected to a network (see Gao col.2, lines 38-55, col.3, lines 11-28, CANE system obtaining configuration information from network devices, it’s obvious that the CANE system carry out some kind of determining or identifying the connected network devices before the configuration can be obtained from the network devices);
generate network map of network devices based on the received configuration from the network devices (see Gao col.3, lines 53-62, generate network map of network devices based on the received configuration from the network devices.
Gao is silent in regard to the concept of accessing an operating system (OS) interface of each of the one or more managed devices, obtain network traffic information directly from each of the one or more managed devices through each OS interface.
Avery teaches the concept of accessing an operating system (OS) interface of each of the one or more managed devices (Avery teaches a concept of collecting and analyzing network traffic data and/or application data from entities of the network (see Avery 0028). Avery further discloses using SSH/ WMI (i.e. OS interface) to collect application data information from the network entities (see Avery 0059-0060), it is obvious that the management appliance 160 needs to know the interface of each devices before sending command such as SSH/VMI command to request for network traffic data); obtain network traffic information directly from each of the one or more managed devices through each OS interface (Avery teaches a concept of collecting and analyzing network traffic data and/or application data from entities of the network (see Avery 0028). Avery further discloses using SSH/ WMI (i.e. OS interface) to collect application data information from the network entities (see Avery 0059-0060). It is obvious that the using SSH/WMI to collect any type of information beside the application data such as the traffic information mentions in paragraph 0028 of Avery).
It would have been obvious to one with an ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Avery to Gao because they're analogous art. A person would have been motivated to modify Gao with Avery’s teaching for the purpose of easily and efficiently collecting traffic data from the network devices.
Gao-Avery is silent in regard to the concept of the one or more managed devices generates the network traffic information based on data that the one or more managed devices retains, which is associated with its own communications to or from other devices.
Thiel teaches the concept of the one or more managed devices generates the network traffic information based on data that the one or more managed devices retains, which is associated with its own communications to or from other devices (see 0018,0027,0054, telemetry data is observed and collected by client device/s during current connection and prior connections, it is obvious that when the prior connections is observed and collected, the client needs to store or retain that collected telemetry before transmit to the network repository).
It would have been obvious to one with an ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Thiel to Gao-Avery because they're analogous art. A person would have been motivated to modify Gao-Avery with Thiel’s teaching for the purpose of allowing the server to efficiently managing network devices.
The combination of Gao-Avery-Thiel is silent in regard to the concept of generating a network traffic map based on the network traffic information from devices.
Lissack teaches the concept of generating a network traffic map based on the network traffic information from devices (see Lissack, par 0054 further discloses the server generates tree (i.e. map) represent incoming /outgoing traffic obtain from node/s).
It would have been obvious to one with an ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Lissack to Gao-Avery-Thiel because they're analogous art. A person would have been motivated to modify Gao-Avery-Thiel with Lissack’s teaching for the purpose of efficiently managing and mitigating network problems (see Lissack 0033).
As regarding claim 2, Gao-Avery-Thiel-Lissack discloses the network traffic information is obtained from each of the one or managed devices without having an agent residing on each of the one or more managed devices (see Avery 0045, agentless, and utilized one or more APIs to gather network data such as link statistic). The same motivation was utilized in claim 1 applied equally well to claim 2.
As regarding claim 3, Gao-Avery-Thiel-Lissack discloses the OS interface includes secure shell (SSH) (see Avery 0059-0061, 0063, discovering devices/applications in the enterprise network using SSH/VMI and collects traffic data). The same motivation was utilized in claim 1 applied equally well to claim 3.
As regarding claim 4, Gao-Avery-Thiel-Lissack discloses the OS interface includes Windows Management Instrumentation (WMI) (see Avery 0059-0061, 0063, discovering devices/applications in the enterprise network using SSH/VMI and collects traffic data). The same motivation was utilized in claim 1 applied equally well to claim 4.
As regarding claim 5, Gao-Avery-Thiel-Lissack discloses the network traffic information comprises at least one of Layer 2 network traffic information or Layer 3 network traffic information (see Gao col.3, lines 19-28, col.4, lines 31-39, layer2/layer3 map).
As regarding claim 6, Gao-Avery-Thiel-Lissack discloses obtaining, from a network device, network traffic information from unmanaged devices that are connected to the network, wherein generating the network traffic map comprise generating the network traffic map further based on the network traffic information from each of the one or more managed devices and the network traffic information from each of the unmanaged devices (see Gao col.14, lines 10-27, when neighbor devices are not included, extend to all neighbor devices and further display the extended neighbor devices (i.e. unmanaged device/s) on the map, also see Lissack par 0054 further discloses the server generates tree (i.e. map) represent incoming /outgoing traffic obtain from node/s).
As regarding claim 7, Gao-Avery-Thiel-Lissack discloses the network device includes at least one of a switch, a router, a bridge, or a firewall (see Gao col.7, lines 45-48, col.8, lines 43-46, router, switch).
As regarding claim 10, Gao-Avery-Thiel-Lissack discloses presenting a visual representation of the network traffic map to a display (see Gao col.10, lines 1-6, display network map/topology on display).
As regarding claim 11, Gao-Avery-Thiel-Lissack discloses repeating the method periodically (see Gao col.5, lines 1-3, collect at the predetermined interval; also see Avery collect/discover devices at regular interval (Avery 0059) or at schedule time (Avery 0065).
As regarding claim 12, Gao-Avery-Thiel-Lissack discloses the network traffic information from each of the one or more managed network devices comprises a local connection address and a remote connection address (see Gao col.10, lines 35-54, display network connection (i.e. remote address) and local connection (i.e. local address).
As regarding claims 13-20, the limitations of claims 13-20 are similar to limitations of rejected claims 1-7,10-12 above, therefore rejected for the same rationale.
Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Gao-Avery-Thiel-Lissack as applied to claim 1 above and further in view of Lefebvre et al (us 9,503,467) (hereinafter Lefe).
As regarding claim 8, Gao-Avery-Thiel-Lissack discloses the invention as claims in claim 1 above however, Gao-Avery-Thiel-Lissack is silent in regard to the concept of communicating with a network device to limit or restrict communication of at least one of the one or more managed network devices, in response to the network traffic information.
Lefe teaches the concept of communicating with a network device to limit or restrict communication of at least one of the one or more managed network devices, in response to the network traffic information (see Lefe col.5, lines 4-10, restricting inbound/outbound traffic).
It would have been obvious to one with an ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Lefe to Gao-Avery-Thiel-Lissack because they're analogous art. A person would have been motivated to modify Gao-Avery-Thiel-Lissack with Lefe’s teaching for the purpose of efficiently alleviate or trouble shoot the detected anomaly.
As regarding claim 9, Gao-Avery-Thiel-Lissack discloses the invention as claims in claim 1 above however, Gao-Avery-Thiel-Lissack is silent in regard to the concept of causing a process to end on at least one of the one or more managed network devices, in response to the network traffic information.
Lefe teaches the concept of causing a process to end on at least one of the one or more managed network devices, in response to the network traffic information (see Lefe (see Lefe col.5, lines 4-10, prevent device to send/receive particular traffic, or block traffic (i.e. the process of sending/receiving traffic is terminate/end). The same motivation was utilized in claim 8 applied equally well to claim 9.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUYEN MY DOAN whose telephone number is (571)272-4226. The examiner can normally be reached (571)272-4226.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached at (571)272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DUYEN M DOAN/Primary Examiner, Art Unit 2459