Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed 12/9/2025 has been entered.
Response to Arguments
Applicant’s arguments filed 12/9/2025 have been fully considered.
Applicant argues that Jayamohan fails to teach packet capture caches associated with packet capture points. However, Jayamohan discloses packet capture cache points where packet data is captured in at least ¶ 77-80, 85, 87, 92.
Applicant argues the claims require an edge-cache architecture. Applicant’s arguments are not persuasive as applicant is arguing for features not recited in the claims.
Applicant argues that the prior art fails to teach a “prune-then-send” pipeline including pruning before tenant-store delivery. Applicant’s arguments are not persuasive in this regard as they amount to a general allegation without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Applicant argues for the impropriety of the combination of Taylor and Sarin with Jayamohan. Applicant’s arguments in this regard rely upon applicant’s previous argument that Jayamohan fails to teach packet capture caches associated with packet capture points. However, Jayamohan discloses the packet capture points and functionality as described above.
Applicant argues further for the impropriety of the combination because “preserving storage space” is inapposite to the system of Jayamohan. Applicant’s arguments are not persuasive because preserving storage space is advantageous for efficiency and monetarily.
Applicant’s further arguments are moot in view of the new grounds of rejection presented herein.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
Claims 11-20 are rejected under 35 U.S.C. 112(a), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 11 is directed to a computer-readable medium which when executed causes data collection, retention, sending, and deletion functions to occur. Applicant has amended the claims to include recitations enacted by disparate entities such as a “multi-tenant packet capture authority” that performs various functions such as pushing pruning instructions. Applicant’s specification is devoid of support for such features enacted by the execution of a single computer-readable medium where the same computer-readable medium is executed on disparate network entities.
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claim(s) 1-20 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Claims 1 and 11 recite the limitation "the tenant packet store". There is insufficient antecedent basis for this limitation in the claim.
Regarding claim 1, applicant' s recitation of “retaining the packet capture data at one or more packet capture caches associated with the one or more capture points, locally at the capture points as time-sliced portions indexed and reported to a multi-tenant packet capture central authority that based on security telemetry, pushes pruning instructions to the capture points so that the packet capture data is pruned in the packet capture caches before being sent to the tenant packet store and is expunged from the packet capture caches after being sent”” would have been unclear to one of ordinary skill in the art. The claim is directed to the method stop of “retaining packet capture data”. It is unclear whether the additional functions couched within the retaining step are steps of the method, merely intended use type limitations, or non-functionally descriptive language. For example, it is not clear whether the “reporting” function is a required step of the method since it is not positively recited and since it is couched within the “retaining” step. The claim is obfuscated via the “pushing”, “sending” (sending to the tenant packet store), and “expunging” steps in the same manner. Claim 11 is obfuscated in a similar manner.
Dependent claims not addressed are rejected for incorporating the deficiencies of their respective parent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-5, 8, 11-15, 18 are rejected and are rejected under 35 U.S.C. 103 as being unpatentable 20220086178 to Jayamohan in view of US 20170195353 to Taylor in view of US 20190199793 to Sarin in view of US 20240364743 to Agarwal.
Regarding claim 1,
Jayamohan teaches a method comprising steps of:
collecting, at one or more capture points distributed across one or more cloud environments, packet capture data (¶ 77-78, 84-85, 87, cloud environment collecting packet capture data);
retaining the packet capture data at one or more packet capture caches associated with the one or more capture points (¶ 77-80, 85, 87, 92, logging packet capture data); locally at the capture points as time-sliced portions indexed (92, indexed time sliced portions) and reported to a multi-tenant packet capture central authority (¶ 96, reporting to forensic analysis server).
sending the packet capture data to a packet store associated with a tenant of a cloud-based system (¶ 92-96, transmitting packet capture data); and
Jayamohan fails to teach but Taylor teaches: deleting the packet capture data from the one or more packet capture caches, wherein deleting the packet capture data from the one or more packet capture caches is performed based on intelligent pruning instructions, which are determined by predefined policies and security events, and wherein the pruning includes retaining only relevant data based on event-based triggers (¶ 47, deletion based on instructions determined by policies/security events, retaining only relevant data and event based trigger, LRU, expiry).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Taylor. The motivation to do so is that the teachings of Taylor would have been advantageous in terms of facilitating the preservation of storage space (Taylor, ¶ 47).
Jayamohan fails to teach but Sarin teaches: wherein the pruning includes retaining only relevant data based on risk scores (¶ 17, cache deletion bases on risk level/thresholds)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Sarin. The motivation to do so is that the teachings of Sarin would have been advantageous in terms of facilitating risk mitigation (Sarin, ¶ 17).
Jayamohan fails to teach but Agarwal teaches a packet capture central authority hat based on security telemetry, pushes pruning instructions to the capture points so that the packet capture data is pruned in the packet capture caches before being sent to the tenant packet store and is expunged from the packet capture caches after being sent (¶ 96).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of . The motivation to do so is that the teachings of would have been advantageous in terms of facilitating the updated of network data policies (Agarwal, ¶ 96).
Regarding claim 2, 12,
Jayamohan teaches:
wherein the collecting is performed based on preconfigured policy (¶ 91-93, packet capture and analysis policy).
Regarding claim 3, 13,
Jayamohan teaches:
analyzing the packet capture data at the one or more capture points prior to the sending (¶ 20, 92-93, analysis and derivation of information from packet data prior to transmission).
Regarding claim 4, 14,
Jayamohan teaches:
causing an action at the one or more packet capture caches based on one or more triggers,
wherein one or more triggers initiate actions at the packet capture caches based on real-time telemetry, security event signatures, or risk assessments, including deleting, retaining metadata, or purging unimportant flows (¶ 93, security risk trigger and responsive functions).
Regarding claim 5, 15,
Jayamohan teaches:
wherein the triggers are based on any of telemetry received from one or more cloud security systems, and preconfigured policy (¶ 77-78, 84-87, 93, capture/analysis policy).
Regarding claim 8, 18,
Jayamohan teaches:
collecting packet capture data at one or more capture points along a path between the user device and the application (¶ 61, capture at firewall).
Claim 11 is addressed by similar rationale as claim 1.
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Jayamohan, Taylor, Sarin, and Agarwal in view of US 20200272742 to Kataria.
Regarding claim 6, 16,
Jayamohan teaches:
wherein the one or more capture points include a capture point at the end of a flow; and wherein validating packet capture data at each end of the flow includes comparing data or integrity checks at an application to ensure no modification of data during transit (¶ 77-82, 85, 87-88, 92-93 (validation at application end of flow; validation via fingerprinting).
Jayamohan fails to teach but Kataria teaches a capture point at the other end of the flow; and wherein validating packet capture data at each end of the flow includes comparing data or integrity checks at a user device to ensure no modification of data during transit (¶ 18-21, 26-28, 47, client integrity verifier validates capture data).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Kataria. The motivation to do include the teachings of Kataria is that it would have been advantageous in terms of facilitating the verification of data (Kataria, ¶ 47).
Claims 7, 9-10, 17, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Jayamohan, Taylor, and Sarin, and Agarwal in view of US 20170325113 to Markopoulou.
Regarding claim 7, 17,
Jayamohan teaches collecting packet capture data at capture points located at an application; and analyzing the packet capture data at the capture points for determining application session characteristics (¶ 37, 77-80, 85, 87, 92-96).
Jayamohan fails to teach, but Markopoulou teaches: collecting packet capture data at capture points located at a user device; and analyzing the packet capture data at the capture points for determining application session characteristics (¶ 43, 47-4979, 136-138).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Markopoulou. The motivation to do so is that the teachings of Markopoulou would have been advantageous in terms of facilitating monitoring, data analysis, and privacy enhancement (Markopoulou, ¶ 47).
Regarding claim 9, 19,
Jayamohan fails to teach but Markopoulou teaches:
wherein at least one of the one or more capture points is a component of a connector application executing on an endpoint device (¶ 43, 47-4979, 136-138).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Markopoulou. The motivation to do so is that the teachings of Markopoulou would have been advantageous in terms of facilitating monitoring, data analysis, and privacy enhancement (Markopoulou, ¶ 47).
Regarding claim 10, 20,
Jayamohan fails to teach but Markopoulou teaches:
wherein at least one of the one or more capture points is a component of an application connector (¶ 43, 47-4979, 136-138).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Markopoulou. The motivation to do so is that the teachings of Markopoulou would have been advantageous in terms of facilitating monitoring, data analysis, and privacy enhancement (Markopoulou, ¶ 47).
CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RYAN J JAKOVAC whose telephone number is (571)270-5003. The examiner can normally be reached on 8-4 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on 572-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RYAN J JAKOVAC/Primary Examiner, Art Unit 2445