Prosecution Insights
Last updated: July 17, 2026
Application No. 18/329,337

INTELLIGENT FIREWALL USING IDENTIFICATION OF VALID TRAFFIC

Non-Final OA §103
Filed
Jun 05, 2023
Priority
Jun 07, 2022 — provisional 63/365,978
Examiner
ABDULLAH, SAAD AHMAD
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
CenturyLink Intellectual Property LLC
OA Round
4 (Non-Final)
77%
Grant Probability
Favorable
4-5
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 77% — above average
77%
Career Allowance Rate
60 granted / 78 resolved
+18.9% vs TC avg
Strong +35% interview lift
Without
With
+35.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
24 currently pending
Career history
117
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
91.9%
+51.9% vs TC avg
§102
1.2%
-38.8% vs TC avg
§112
2.7%
-37.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 78 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the application 18/329,337 in response to the Remarks filed on 08/28/2025. Claims 1-6, 8-10, 16, 18-20 have been examined and are pending in this application. This application is being reopened and this Action is count as a Non-FINAL. Response to Arguments Applicants’ arguments in the instant Amendment, filed on 08/28/2025, with respect to limitations listed below, have been fully considered but they are not persuasive. Applicant arguments on page 3-4 of the remarks have been considered. The Examiner agrees with the Applicant. In light of this clarification, prosecution is reopened and the application is being returned to non-final status. A new rejection under 35 USC § 103 is present bellowed based on new considered prior art. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 4, 9, 16, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ludin (US 2020/0162432 A1), in view of Fenton (US 2022/0131835 A1) and in further view of Velugu (US 2022/0368672 A1). Regarding Claim 1 Ludin discloses: A method, comprising: receiving, by a security device, a packet including a ticket identifier and the packet comprising a header and a payload (Ludin ¶39–45: teaches that the proxy server (security device) receives TCP and TLS packets from a client, including a ClientHello message that initiates a TLS handshake. Ludin further explains that the proxy server checks the ClientHello for a TLS session ticket or PSK identity field containing a proxy token (ticket identifier). It would be understood by one of ordinary skill in the art that TLS handshake messages, such as ClientHello, are transmitted as TLS records each comprising a header and payload according to the TLS protocol specification.); determining, by the security device, a disposition of the packet (Ludin ¶45–47: Ludin teaches that the proxy server (security device) analyzes the received packet to determine whether the proxy token (ticket identifier) is present and valid, and based on that determination, decides the disposition by either forwarding the packet to the origin if valid or rejecting/blocking the connection if invalid.); Ludin teaches determining, by the security device, a disposition of a packet such as allowing or blocking traffic based on trust status and proxy handling logic. However, they do not disclose the following limitation “logging, by the security device, the disposition of the packet, with: the ticket identifier, and an identifier of the security device” However, in an analogous art, Fenton discloses a logging system/method that includes: logging, by the security device, the disposition of the packet, with: the ticket identifier, and an identifier of the security device (Fenton ¶53: discloses a packet filtering network appliance (e.g., TIG 120) that applies filtering rules having dispositions (e.g., allow, block, or drop) and includes logging directives that cause the device to generate logs for packets matching the rules. Fenton ¶38-39 and ¶55 further teaches that such logs include: the disposition of the packet (e.g., allow or block), packet-associated identifiers (e.g., header-derived values such as 5-tuple or flow identifier), and an identifier of the security device (e.g., TIG identifier). Thus, Fenton teaches logging, by the security device, the disposition of the packet together with identifiers corresponding to both the packet (ticket identifier) and the security device.). It would have been obvious to one of ordinary skill in the art at the time of the invention to modify Ludin to incorporate the logging functionality taught by Fenton in order to enable monitoring, auditing, and traceability of packet handling decisions. Logging packet disposition together with identifiers is a known and routine practice in network security systems for troubleshooting and security analysis. The modification represents a predictable use of prior art elements according to their established functions and would have improved the functionality and observability of Ludin’s proxy packet processing system. Ludin and Fenton combined teaches determining a disposition of a packet by the security device and logging the disposition of the packet with a ticket identifier and an identifier of the security device. However, they do not disclose the following limitation “forwarding the packet after removing only a portion of the payload” However, in an analogous art, Velugu discloses a pattern matching system/method that includes: and forwarding the packet after removing only a portion of the payload (Velugu ¶114: teaches that the firewall (security device), upon detecting a pattern match in the response, may modify the response by removing the portion of the content generated by a specific service while forwarding the remaining portion of the contents to the client. This directly corresponds to forwarding a packet after removing only a portion of its payload.). Given the teachings of Velugu, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teachings of Ludin and Fenton to include selective payload removal. Velugu discloses that a firewall may remove only a portion of response content matching a specified pattern and forward the modified response to the client (¶114). It would have been obvious to apply this known selective filtering technique to Ludin’s proxy system and Fenton’s logging system so that instead of forwarding or blocking an entire packet the security device could remove only a portion of the payload and forward the remainder, thereby enhancing control and efficiency in packet handling. Regarding Claim 4 Ludin discloses: The method of claim 1, wherein the ticket identifier comprises a source IP address (Ludin ¶66: Ludin teaches that the proxy token (ticket identifier) includes the client’s IP address and a random salt, encrypted with a secret key known only to the proxy operator.). Regarding Claim 9 Ludin discloses: The method of claim 1, wherein the determining, by the security device, of the disposition of the packet, comprises determining whether the security device has received another packet including the same ticket identifier (Ludin ¶47: Ludin teaches that the proxy server (security device) monitors for multiple uses of the same proxy token (ticket identifier) by tracking the number of simultaneous connections using that token, and rejects or blocks the connection if the token is being reused too many times. This corresponds to determining whether another packet including the same ticket identifier has been received in order to decide the packet’s disposition.). Regarding Claim 16 Claim 16 is directed to a method corresponding to the computer-implemented method in claim 1. Claim 16 is similar in scope to claim 1 and is therefore rejected under similar rationale. Regarding Claim 19 Claim 19 is directed to a method corresponding to the computing platform recited in claim 9. Claim 19 is similar in scope to claim 9 and is therefore rejected under similar rationale. Claims 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ludin (US 2020/0162432 A1), in view of Fenton (US 2022/0131835 A1), in view of Velugu (US 2022/0368672 A1) as applied to claim 1 above, and in further view of Wright (US 2021/0306315 A1). Regarding Claim 2 Ludin, Fenton and Velugu teaches a non-terminating TLS proxy that receives packets, validates a proxy token (ticket ID), determines whether to forward or block the packet, and logs the disposition with the ticket ID and proxy device identifier. However, they do not disclose the following limitation “wherein the ticket identifier comprises a password”. However, in an analogous art, Wright discloses a packet identifier system/method that includes: The method of claim 1, wherein the ticket identifier comprises a password (Wright ¶16: The smartphone receives a packet containing a password as part of its payload (ticket identifier).). Given the teaching of Wright, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Ludin, Fenton and Velugu by incorporating a method of using a password as part of a ticket identifier for enforcing secure access or policies. Wright discloses a system where firmware analyzes a packet, detects that it contains a password, and enforces compliance with a password policy. This demonstrates that passwords can be included within a packet for validation and control purposes. It would have been obvious to incorporate a password as part of a ticket identifier to facilitate secure identification, access management, or policy enforcement. Wright’s teaching of detecting passwords within packets and validating them against password policies aligns directly with the claimed limitation, fulfilling the requirement that the ticket identifier comprises a password (Wright ¶16). Claims 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ludin (US 2020/0162432 A1), in view of Fenton (US 2022/0131835 A1), in view of Velugu (US 2022/0368672 A1) as applied to claim 1 above, and in further view of Swain (US 2023/0344815 A1). Regarding Claim 3 Ludin and Velugu teaches a sniffer that identifies packet origin using MAC/SSID, determines whether to anonymize or retain data, removes payloads if needed, logs the decision, and forwards the processed packet. However, they do not disclose the following limitation “wherein the ticket identifier comprises a user-supplied number”. However, in an analogous art, Swain discloses a ticket identifier system/method that includes: The method of claim 1, wherein the ticket identifier comprises a user-supplied number (Swain ¶98: The ticket generator 316 generates a ticket associated with a unique identifier, including values, characters, or symbols provided in the access request or data packet from the client device 304.). Given the teaching of Swain, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teachings of Ludin, Fenton and Velugu by incorporating a user supplied number as part of a ticket identifier for session establishment and authentication. Swain discloses that a ticket generator issues a ticket in response to a request to establish a session or access resources, and the ticket includes information such as unique values, characters, or symbols associated with the session or client device. This information is provided by the client device or server during the access request and forms part of the ticket. It would have been obvious to include a user-supplied number as part of a ticket identifier, as Swain’s disclosure of tickets containing unique identifiers derived from data provided in the access request. This approach ensures secure identification and session management by associating the ticket with specific user supplied information (Swain ¶ 98). Claims 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ludin (US 2020/0162432 A1), in view of Fenton (US 2022/0131835 A1), in view of Velugu (US 2022/0368672 A1) as applied to claim 1 above, and in further view of Holness (US 10,652,024 B2). Regarding Claim 5 Ludin, Fenton and Velugu teaches a sniffer that identifies packet origin using MAC/SSID, determines whether to anonymize or retain data, removes payloads if needed, logs the decision, and forwards the processed packet. However, they do not disclose the following limitation “wherein the ticket identifier comprises a digital signature”. However, in an analogous art, Holness discloses a ticket identifier system/method that includes: The method of claim 1, wherein the ticket identifier comprises a digital signature (Holness Column 1, Lines 45-50: the digital signature, carried in-band with the packet, acts as a unique identifier and is updated at each network element using a CRC-based process, enabling verification and representation of the packet's path trace through the network.). Given the teaching of Holness, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teachings of Ludin, Fenton and Velugu by incorporating a method of utilizing a digital signature as a ticket identifier to enhance security and integrity in network communication. Holness discloses a method for using a digital signature in a packet to represent traceable network path information, where the digital signature is updated and carried in-band within the packet header or context. This teaching demonstrates the utility of embedding digital signatures within packets for verification and integrity purposes. Ludin, Fenton and Velugu discloses mechanisms for managing ticket identifiers to regulate access and control network operations. By combining these teachings, it would have been obvious to use a digital signature as the ticket identifier, leveraging its cryptographic properties to ensure secure verification and traceability of network packets (Holness Column 1, Lines 45-50). Claims 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ludin (US 2020/0162432 A1), in view of Fenton (US 2022/0131835 A1), in view of Velugu (US 2022/0368672 A1) as applied to claim 1 above, and in further view of Rogers (EP 3,132,587 B1). Regarding Claim 6 Ludin, Fenton and Velugu teaches a sniffer that identifies packet origin using MAC/SSID, determines whether to anonymize or retain data, removes payloads if needed, logs the decision, and forwards the processed packet. However, they do not disclose the following limitation “determining, based on information received from an access authority, that forwarding of packets including a source IP address equal to a source IP address of the packet, and a destination IP address equal to a destination IP address of the packet is authorized; and configuring the security device to forward packets including a source IP address equal to the source IP address of the packet, and a destination IP address equal to the destination IP address of the packet”. However, in an analogous art, Rogers discloses a ticket identifier system/method that includes: The method of claim 1, further comprising: determining, based on information received from an access authority, that forwarding of packets including a source IP address equal to a source IP address of the packet, and a destination IP address equal to a destination IP address of the packet is authorized (Rogers ¶ 5: describes dynamic security policies received from a security policy management server (access authority). These policies define specific packet-identification criteria (e.g., source IP, destination IP) and indicate whether to authorize forwarding based on rules. Rogers ¶ 30: describes rule-based filtering and forwarding using a five-tuple of values (source IP, destination IP, source port, destination port, and protocol). Specific forwarding rules based on source and destination IP addresses are part of the configuration, enabling packet forwarding only if criteria are met.); and configuring the security device to forward packets including a source IP address equal to the source IP address of the packet, and a destination IP address equal to the destination IP address of the packet (Rogers ¶ 69-70: highlights the packet transformation functions, including forwarding packets meeting specific criteria. Security devices are dynamically configured to forward packets based on the defined policies.). Given the teaching of Rogers, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teachings of Ludin, Fenton and Velugu by configuring a security device to forward packets based on source and destination IP addresses, in accordance with authorization rules received from an access authority. Rogers discloses that a security policy management server (i.e., an access authority) provides dynamic security policies to the security device, which include packet-identification criteria such as source IP and destination IP addresses. These policies govern whether a packet is authorized for forwarding. Rogers further teaches that the security device uses a five-tuple of header values, including source and destination IP addresses, to determine whether a packet meets the forwarding criteria defined by the policy. Once a match is found, the security device is configured to forward the packet, as described in the policy received from the access authority. Additionally, Rogers notes that packet transformation functions include forwarding packets that satisfy specified criteria and that security devices are dynamically configured based on these access policies. It would have been obvious to a person of ordinary skill in the art to determine, based on information received from an access authority, that forwarding of packets matching a specific source and destination IP address pair is authorized, and to configure the security device to forward such packets. This approach is a direct application of Rogers’ teachings and would predictably result in improved network access control and security policy enforcement (Rogers ¶5, 30, 69–70). Claims 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ludin (US 2020/0162432 A1), in view of Fenton (US 2022/0131835 A1), in view of Velugu (US 2022/0368672 A1) as applied to claim 1 above, and in further view of Arora (US 2021/0111995 A1). Regarding Claim 8 Ludin, Fenton and Velugu teaches a sniffer that identifies packet origin using MAC/SSID, determines whether to anonymize or retain data, removes payloads if needed, logs the decision, and forwards the processed packet. However, they do not disclose the following limitation “wherein the determining, by the security device, of the disposition of the packet comprises determining whether a time-to-live associated with the ticket identifier has expired”. However, in an analogous art, Arora discloses a TTL system/method that includes: The method of claim 1, wherein the determining, by the security device, of the disposition of the packet comprises determining whether a time-to-live associated with the ticket identifier has expired (Arora ¶15-16: Demonstrates the process of receiving a packet (MPLS LSP Echo Request) with a label stack (ticked id). A determination is then made on the disposition of a packet based on its time-to-live (TTL) value, where a packet is processed or dropped when the TTL reaches zero, indicating that it has expired.). Given the teaching of Arora, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teachings of Ludin, Fenton and Velugu by incorporating a method of determining packet disposition based on whether the time-to-live (TTL) associated with the packet has expired. Arora describes the behavior of an MPLS LSP Echo Request, where a router examines the TTL value of an incoming packet to determine its disposition. Specifically, if a packet is received with a TTL of 0, the router processes it (e.g., drops the packet or prevents further traversal) to maintain the integrity of the network. Arora further discloses incrementing the TTL as packets move through the network and highlights scenarios where a packet is dropped due to TTL expiration at a router (e.g., R3 230 dropping the packet when TTL equals 0). This demonstrates the mechanism for determining whether the TTL has expired and using that determination to decide the disposition of the packet. It would have been obvious to apply this method to a security device that determines whether a packet's TTL has expired (Arora ¶s 15-16) Regarding Claim 18 Claim 18 is directed to a method corresponding to the computing platform recited in claim 8. Claim 18 is similar in scope to claim 8 and is therefore rejected under similar rationale. Claims 10 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ludin (US 2020/0162432 A1), in view of Fenton (US 2022/0131835 A1), in view of Velugu (US 2022/0368672 A1) as applied to claim 1 above, and in further view of Liu (US 2022/0174072 A1). Regarding Claim 10 Ludin, Fenton and Velugu teaches a sniffer that identifies packet origin using MAC/SSID, determines whether to anonymize or retain data, removes payloads if needed, logs the decision, and forwards the processed packet. However, they do not disclose the following limitation “wherein the determining, by the security device, of the disposition of the packet, comprises determining whether the security device has received another packet including the same ticket identifier”. However, in an analogous art, Liu discloses a ticket identifier system/method that includes: The method of claim 1, wherein an Internet Protocol (IP) Options field of a header of the packet includes the ticket identifier (Liu ¶179: The IPv4 header includes an "optional item" field, which is used to store specific identifiers. In one example, the optional item field can include a verification code, demonstrating that this field can hold a ticket identifier.). Given the teaching of the Liu, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teachings of Ludin, Fenton and Velugu by incorporating a method of embedding identifiers in the optional item field of an IPv4 header to support verification or tracking functionalities. Liu discloses that the IPv4 header includes an optional item field, which stores a verification code, demonstrating the use of this field to embed data related to packet validation. It would have been obvious to extend this method to include a ticket identifier in the optional item field (IP Options field) of the IPv4 header (Liu ¶ 179). Regarding Claim 20 Claim 20 is directed to a method corresponding to the computing platform recited in claim 10. Claim 20 is similar in scope to claim 10 and is therefore rejected under similar rationale. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD ABDULLAH whose telephone number is 571-272-1531. The examiner can normally be reached on Monday-Friday 9am-5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, LYNN FIELD can be reached on 571-272-2092. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800- 786-9199 (IN USA OR CANADA) or 571-272-1000. /SAAD AHMAD ABDULLAH/Examiner, Art Unit 2431 /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431
Read full office action

Prosecution Timeline

Show 1 earlier event
Dec 27, 2024
Non-Final Rejection mailed — §103
Mar 20, 2025
Response Filed
Jun 04, 2025
Final Rejection mailed — §103
Aug 28, 2025
Request for Continued Examination
Sep 10, 2025
Response after Non-Final Action
Oct 22, 2025
Non-Final Rejection mailed — §103
Jan 14, 2026
Response Filed
May 15, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683985
METHOD OF DETECTING SEQUENCE-BASED INTRUSION BY USING DBC FILE
2y 12m to grant Granted Jul 14, 2026
Patent 12676898
Method and Framework for Internet of Things Network Security
4y 5m to grant Granted Jul 07, 2026
Patent 12665877
ONION ROUTING NETWORK FOR SMART HOMES
3y 1m to grant Granted Jun 23, 2026
Patent 12651084
SYSTEMS AND METHODS FOR GENERATING CONTEXT-AWARE PAGERANKS
3y 3m to grant Granted Jun 09, 2026
Patent 12632596
SYSTEMS AND METHODS FOR SURGICAL VIDEO DE-IDENTIFICATION
3y 0m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
77%
Grant Probability
99%
With Interview (+35.1%)
2y 11m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 78 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month