DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. Claims 1-3, 6-13, and 16-21 are currently pending in this application.
Claims 1, 11, and 21 are amended as filed on 09/15/2025.
Claims 4-5 and 14-15 are canceled as filed on 09/15/2025.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-3, 6-9, 11-13, 16-19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Chen Kaidi (Patent No. US 12,143,405 B2), hereinafter Chen, in view of Reyes et al. (Pre-Grant Publication No. US 2021/0044563 A1), hereinafter Reyes, and in further view of Tran et al. (Pre-Grant Publication No. US 2025/0106232 A1), hereinafter Tran.
2. With respect to claims 11, 1, and 21, Chen taught a computer system, comprising: one or more processors (6:39-48); one or more computer readable storage media (6:39-48); and computer readable code stored collectively in the one or more computer readable storage media, with the computer readable code including data and instructions to cause the one or more computer processors to perform a method (6:39-48) comprising: receiving, by the one or more processors, data associated with web traffic from one or more requesters for a website (4:35-60, where the monitoring implicitly teaches receiving the data); analyzing, by the one or more processors, the flow data associated with the web traffic for the website (4:35-60, the analyzed activities); determining, by the one or more processors, whether the data associated with the web traffic for the website indicates a likelihood of a malicious enumeration attack (4:35-60, the enumeration attempts); and alerting, by the one or more processors, an administrator of the website of the likelihood of the malicious enumeration attack (12:25-37, where the valid user is alerted).
However, while Chen did express that device histories and address were analyzed (9:42-51 & 20:56-59), Chen did not explicitly state analyzing network traffic flow data. On the other hand, Reyes did teach analyzing network traffic flow data (0045). Both of the systems of Chen and Reyes are directed towards providing network security and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Chen, to utilize specifically analyzing flow data, as taught by Reyes, as doing so will allow the system to accurately monitor network traffic and more easily detect security threats. Furthermore, Chen undoubtedly performs the aforementioned flow monitoring but simply, does not explicitly state as much.
However, Chen did not explicitly state wherein the analyzing the flow data associated with the web traffic for the website further includes: determining a threshold percentage; and determining, by the one or more processors of the network detection and response computer system, whether a percentage of the requests made by the requester matches at least one name on a word list of common web pages is greater than the threshold percentage. On the other hand, Tran did teach wherein the analyzing the flow data associated with the web traffic for the website further includes: determining a threshold percentage (0085, where the percentage threshold hold is “at least one of parameter values” under broadest reasonable interpretation); and determining, by the one or more processors of the network detection and response computer system, whether a percentage of the requests made by the requester matches at least one name on a word list of common web pages is greater than the threshold percentage (0085, where the parameter is the word). Both of the systems of Chen and Tran are directed towards providing network security and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Chen, to utilize determining request threshold percentages as it relates to a request matching a word list, as taught by Tran, as doing so would provide an easy method of detecting problematic requests.
3. As for claims 2 and 12, they are rejected on the same basis as claims 1 and 11 (respectively). In addition, Chen taught storing, by the one or more processors of the network detection and response computer system, the flow data associated with web traffic for the website in a database, wherein the database is configured to maintain the flow data for a predetermined data retention period (7:61 to 8:12).
4. As for claims 3 and 13, they are rejected on the same basis as claims 1 and 11 (respectively). In addition, Chen taught determining, by the one or more processors of the network detection and response computer system, that a potential threat exists when a volume of requests by a requester of the one or more requesters over a predetermined data analysis period is greater than a threshold (3:54-61, the activities performed together implicitly teaches the time period and the volume accordingly).
5. As for claims 6 and 16, they are rejected on the same basis as claims 5 and 15 (respectively). In addition, Chen taught determining, by the one or more processors of the network detection and response computer system, whether the requester matches at least one name on an agent name list (20:56-59, the blacklist would list any blacklisted IP address which includes agent addresses).
6. As for claims 7 and 17, they are rejected on the same basis as claims 6 and 16 (respectively). In addition, Chen taught calculating, by the one or more processors of the network detection and response computer system, a security score based on: the volume of requests by the requester over the predetermined data analysis period (9:34-51); whether the threshold percentage of the requests made by the requester matches a request on the word list of common web pages; and whether the requester matches at least one name on an agent name list (20:56-59, the blacklist would list any blacklisted IP address which includes agent addresses).
7. As for claims 8 and 18, they are rejected on the same basis as claims 7 and 17 (respectively). In addition, Chen taught wherein the analyzing is performed at predetermined analysis intervals, wherein at each predetermined analysis interval a list of each determined potential threat is provided with a calculated security score for each of the potential threats (11:36-45, where the high-risk activity is identified by the score of 12:10-24).
8. As for claims 9 and 19, they are rejected on the same basis as claims 3 and 13 (respectively). In addition, Reyes taught wherein the volume of requests by a requester of the one or more requesters is adjustable (0054-0055), and wherein the predetermined data analysis period is adjustable by an administrator of the network detection and response computer system (0060, using the extracted portions teaches the time period selection under broadest reasonable interpretation).
Claim(s) 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chen, in view of Reyes, in view of Tran, and in further view of Official Notice.
9. As for claims 10 and 20, they are rejected on the same basis as claims 1 and 11 (respectively). However, Chen did not explicitly state wherein the one or more processors of the network detection and response computer system does not perform packet analysis in determining whether the flow data associated with the web traffic for the website indicates the likelihood of the malicious enumeration attack. On the other hand, the examiner gives official notice that there were a plurality of techniques and/or actions that could be taken in response to a potential security threat that were contemporary to the time of the invention and accordingly, including not performing packet analysis and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Chen, to utilize different techniques for mitigating threat, in order to have a robust and efficient security system.
Response to Arguments
Applicant’s arguments with respect to the claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
(a) Kruse et al. (Patent No. US 11,004,071 B2), column 15 & claim 4.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH L GREENE whose telephone number is (571)270-3730. The examiner can normally be reached Monday - Thursday, 10:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R. Taylor can be reached at 571 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSEPH L GREENE/Primary Examiner, Art Unit 2443
Prosecution Insights