DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/01/2025 has been entered. Claims 1-20 have been examined.
Response to Arguments
Applicant’s arguments, see Remarks – Pages 6-10 , filed on 12/01/2025, with respect to the rejections of claims 1, 11 under 102 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Rodrigo in view of Kim.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1,2,11,12 are rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo et al. Publication No. US 2023/0179653 A1 ( Rodrigo hereinafter) in view of Kim et al. Publication No. US 2020/0274892 A1 ( Kim hereinafter
Regarding claim 1,
Rodrigo teaches a network traffic analysis system, comprising:
one or more processors; and a memory having stored thereon instructions that, upon execution by the one or more processors, cause the one or more processors to: receive, from a first network function in a communication exchange with a second NF on a 5G network, a first copy of traffic of a request-response pair from the communication exchange (Para 0077 - The
network may be a fifth generation (5G) network or any other generation network. In some embodiments, the network may be a core network or a radio access network (RAN). The techniques described herein are implemented by a first service communication proxy (SCP) node and a first network function (NF) node – Para 0097 - The method of FIG. 6 is performed in response to receiving information indicative that no response is received from the second NF node to a first request. The first request is transmitted towards the second NF node via the first SCP node 10 and is for the second NF node to execute ( or provide) a service for the first NF node 20).
determine whether a second copy of traffic of the request-response pair corresponding to the first copy of traffic has been received from the second NF in the communication exchange, in response to not receiving the second copy of traffic, issue a [..] notification to the first NF indicating a network[..] error (Para 0018 - The method comprises initiating transmission of information towards the first NF node if no response is received from the second NF node to a first request transmitted towards the second NF node via the first SCP node. The first request is for the second NF node to execute a service requested by the first NF node. The information is indicative that no response is received from the second NF node to the first request. – Para 0015 -As illustrated by arrow 644 of FIG. 2A-C, if no response is received by the first SCP node 10, the first SCP node 10 initiates transmission of a response to the first NF node 20. The response comprises information (e.g. an existing HTTP error, such as a 504 error) indicative that there is an error situation); and
However, Rodrigo does not explicitly teach that the notification is a security notification indicating a network intrusion.
Kim teaches
in response to not receiving a second copy of traffic, issue a security notification to the first NF indicating a network intrusion (¶ 0044 - the system of the present disclosure can determine the second controller failed to be authenticated as an anomalous controller, and take subsequent actions such as sending an intrusion alert message to the backend server 110. When no response is received for a preset duration from one or more of the second controllers 100, 101 and 102 upon receiving the inherent information request, the relevant one of the second controllers 100, 101 and 102 may be determined to be an anomalous controller – ¶ 0074 - On the other hand, when the verification result of Step S420 is a failure, the suspicious controller 100 that failed authentication is determined to be an anomalous controller, and follow-up action can be taken such as sending an intrusion warning message to the backend server 110. In addition, when no response is received for a preset time from the suspicious controller 100 that received the inherent information request in Step S410, the suspicious controller 100 may be determined to be an anomalous controller to take follow-up action. ) .
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Kim. The motivation for doing so is to allow the system to determine that the device is anomalous device in order to take follow up action ( ¶ 0044 – Kim).
Regarding claim 2,
Rodrigo in view of Kim further teaches
in response to receiving the second copy of traffic, determine that there is not a network intrusion ( Rodrigo – ¶ 0013 - As illustrated by arrow 618 of FIG. 2A-C, the first SCP node 10 initiates transmission of the service request towards the selected second NF node 30. As illustrated by arrow 620 of FIG. 2A-C, the first SCP node 10 receives a response comprising the result. The result may comprise some business logic (BL) information, e.g. as a result of the service execution. As illustrated by arrow 622 of FIG. 2A-C, the first SCP node 10 initiates transmission of the response comprising the result towards the first NF node 20. As illustrated by blocks 506 and 624 of FIG. 2A-C, the first NF node 20 can store the result. Note: Since the response is received then the system won’t detect any error or network intrusion – See Also Kim - ¶ 0046 - The inherent information reception unit 210 according to at least one embodiment is responsive to when the second controllers 100, 101, 102 in receipt of the certificate from the certificate transmission unit 200 or from the request transmission unit 201 succeeds I verifying that certificate, for receiving encrypted information after encrypting the inherent information of the second controllers 100, 101, 102 from the same controllers. Herein, the inherent information of the second controllers 100, 101, 102 may include, but not limited to, boot loader, or MAC information, and the like among other information that can represent information inherent to the second controllers 100, 101 and 102. -See ¶ 0069).
Regarding claim 11,
Rodrigo teaches a method, comprising:
Operating a network traffic analysis system of network including: receiving, from a first network function in a communication exchange with a second NF on a 5G network, a first copy of traffic of a request-response pair from the communication exchange (Para 0077 – The network may be a fifth generation (5G) network or any other generation network. In some embodiments, the network may be a core network or a radio access network (RAN). The techniques described herein are implemented by a first service communication proxy (SCP) node and a first network function (NF) node – Para 0097 - The method of FIG. 6 is performed in response to receiving information indicative that no response is received from the second NF node to a first request. The first request is transmitted towards the second NF node via the first SCP node 10 and is for the second NF node to execute ( or provide) a service for the first NF node 20).
determining whether a second copy of traffic of the request-response pair corresponding to the first copy of traffic has been received from the second NF in the communication exchange, in response to not receiving the second copy of traffic, issue a [..] notification to the first NF indicating a network[..] error (Para 0018 - The method comprises initiating transmission of information towards the first NF node if no response is received from the second NF node to a first request transmitted towards the second NF node via the first SCP node. The first request is for the second NF node to execute a service requested by the first NF node. The information is indicative that no response is received from the second NF node to the first request. – Para 0015 -As illustrated by arrow 644 of FIG. 2A-C, if no response is received by the first SCP node 10, the first SCP node 10 initiates transmission of a response to the first NF node 20. The response comprises information (e.g. an existing HTTP error, such as a 504 error) indicative that there is an error situation); and
However, Rodrigo does not explicitly teach that the notification is a security notification indicating a network intrusion.
Kim teaches
in response to not receiving a second copy of traffic, issue a security notification to the first NF indicating a network intrusion (¶ 0044 - the system of the present disclosure can determine the second controller failed to be authenticated as an anomalous controller, and take subsequent actions such as sending an intrusion alert message to the backend server 110. When no response is received for a preset duration from one or more of the second controllers 100, 101 and 102 upon receiving the inherent information request, the relevant one of the second controllers 100, 101 and 102 may be determined to be an anomalous controller – ¶ 0074 - On the other hand, when the verification result of Step S420 is a failure, the suspicious controller 100 that failed authentication is determined to be an anomalous controller, and follow-up action can be taken such as sending an intrusion warning message to the backend server 110. In addition, when no response is received for a preset time from the suspicious controller 100 that received the inherent information request in Step S410, the suspicious controller 100 may be determined to be an anomalous controller to take follow-up action. ) .
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Kim. The motivation for doing so is to allow the system to determine that the device is anomalous device in order to take follow up action ( ¶ 0044 – Kim).
Regarding claim 12,
Rodrigo in view of Kim further teaches
determine that there is not a network intrusion in response to receiving the second copy of traffic ( Rodrigo – ¶ 0013 - As illustrated by arrow 618 of FIG. 2A-C, the first SCP node 10 initiates transmission of the service request towards the selected second NF node 30. As illustrated by arrow 620 of FIG. 2A-C, the first SCP node 10 receives a response comprising the result. The result may comprise some business logic (BL) information, e.g. as a result of the service execution. As illustrated by arrow 622 of FIG. 2A-C, the first SCP node 10 initiates transmission of the response comprising the result towards the first NF node 20. As illustrated by blocks 506 and 624 of FIG. 2A-C, the first NF node 20 can store the result. Note: Since the response is received then the system won’t detect any error or network intrusion – See Also Kim - ¶ 0046 - The inherent information reception unit 210 according to at least one embodiment is responsive to when the second controllers 100, 101, 102 in receipt of the certificate from the certificate transmission unit 200 or from the request transmission unit 201 succeeds I verifying that certificate, for receiving encrypted information after encrypting the inherent information of the second controllers 100, 101, 102 from the same controllers. Herein, the inherent information of the second controllers 100, 101, 102 may include, but not limited to, boot loader, or MAC information, and the like among other information that can represent information inherent to the second controllers 100, 101 and 102. -See ¶ 0069).
Claims 3,4,13,14 are rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim further in view of Lu et al. Publication No. US 2023/0261953 A1 ( Lu hereinafter)
Regarding claim 3,
Rodrigo further teaches the communication exchange ( ¶ 0077 – ¶ 0097). However, Rodrigo does not explicitly teach
communication exchange includes a service-based interface (SBI) exchange
Lu teaches
communication exchange includes a service-based interface (SBI) exchange (Fig.1, ¶ 0061 - For a default notification subscription in the above Model D, an NF producer as an HTTP client may send an initial request to an SCP in a form like: [0062] <HTTPMETHOD>http(s): //{ authority of SCP}/ <service-path>3gpp-sbi-discovery-* [0063] Here, for a service request operation, the <service path> in the request URI http(s ): // { authority of SCP}/<service- path> is specified explicitly in 3GPP standard specifications per API: e.g. _ ¶ 0069 - When the SCP receives such request, it will perform an NF discovery with discovery factors carried in the request, -See Fig.9, ¶ 0190-0193)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Lu. The motivation for doing so is to allow the system to use SBI in 5Gin order to enhance flexibility and enable network functions to communicate and interact using common set of standardized interfaces and facilitate more modular and scalable network.
Regarding claim 4,
Rodrigo further teaches
receive a service request as the first copy of traffic; and determine whether a corresponding service response is received as the second copy of traffic (Para 0018 - The method comprises initiating transmission of information towards the first NF node if no response is received from the second NF node to a first request transmitted towards the second NF node via the first SCP node. The first request is for the second NF node to execute a service requested by the first NF node. The information is indicative that no response is received from the second NF node to the first request. – Para 0015 -As illustrated by arrow 644 of FIG. 2A-C, if no response is received by the first SCP node 10, the first SCP node 10 initiates transmission of a response to the first NF node 20. The response comprises information (e.g. an existing HTTP error, such as a 504 error) indicative that there is an error situation);
However, Rodrigo does not explicitly teach that the request is SBI service request and that the response is SBI response.
Lu teaches
the request is SBI service request and that the response is SBI response (Fig.1, ¶ 0061 - For a default notification subscription in the above Model D, an NF producer as an HTTP client may send an initial request to an SCP in a form like: [0062] <HTTPMETHOD>http(s): //{ authority of SCP}/ <service-path>3gpp-sbi-discovery-* [0063] Here, for a service request operation, the <service path> in the request URI http(s ): // { authority of SCP}/<service- path> is specified explicitly in 3GPP standard specifications per API: e.g. _ ¶ 0069 - When the SCP receives such request, it will perform an NF discovery with discovery factors carried in the request, -See Fig.9, ¶ 0190-0193)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Lu. The motivation for doing so is to allow the system to use SBI in 5G in order to enhance flexibility and enable network functions to communicate and interact using common set of standardized interfaces and facilitate more modular and scalable network.
Regarding claim 13,
Rodrigo further teaches the communication exchange ( ¶ 0077 – ¶ 0097). However, Rodrigo does not explicitly teach
communication exchange includes a service-based interface (SBI) exchange
Lu teaches
communication exchange includes a service-based interface (SBI) exchange (Fig.1, ¶ 0061 - For a default notification subscription in the above Model D, an NF producer as an HTTP client may send an initial request to an SCP in a form like: [0062] <HTTPMETHOD>http(s): //{ authority of SCP}/ <service-path>3gpp-sbi-discovery-* [0063] Here, for a service request operation, the <service path> in the request URI http(s ): // { authority of SCP}/<service- path> is specified explicitly in 3GPP standard specifications per API: e.g. _ ¶ 0069 - When the SCP receives such request, it will perform an NF discovery with discovery factors carried in the request, -See Fig.9, ¶ 0190-0193)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Lu. The motivation for doing so is to allow the system to use SBI in 5Gin order to enhance flexibility and enable network functions to communicate and interact using common set of standardized interfaces and facilitate more modular and scalable network.
Regarding claim 14,
Rodrigo further teaches
receive a service request as the first copy of traffic; and determine whether a corresponding service response is received as the second copy of traffic (Para 0018 - The method comprises initiating transmission of information towards the first NF node if no response is received from the second NF node to a first request transmitted towards the second NF node via the first SCP node. The first request is for the second NF node to execute a service requested by the first NF node. The information is indicative that no response is received from the second NF node to the first request. – Para 0015 -As illustrated by arrow 644 of FIG. 2A-C, if no response is received by the first SCP node 10, the first SCP node 10 initiates transmission of a response to the first NF node 20. The response comprises information (e.g. an existing HTTP error, such as a 504 error) indicative that there is an error situation);
However, Rodrigo does not explicitly teach that the request is SBI service request and that the response is SBI response.
Lu teaches
the request is SBI service request and that the response is SBI response (Fig.1, ¶ 0061 - For a default notification subscription in the above Model D, an NF producer as an HTTP client may send an initial request to an SCP in a form like: [0062] <HTTPMETHOD>http(s): //{ authority of SCP}/ <service-path>3gpp-sbi-discovery-* [0063] Here, for a service request operation, the <service path> in the request URI http(s ): // { authority of SCP}/<service- path> is specified explicitly in 3GPP standard specifications per API: e.g. _ ¶ 0069 - When the SCP receives such request, it will perform an NF discovery with discovery factors carried in the request, -See Fig.9, ¶ 0190-0193)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Lu. The motivation for doing so is to allow the system to use SBI in 5G in order to enhance flexibility and enable network functions to communicate and interact using common set of standardized interfaces and facilitate more modular and scalable network.
Claims 5,15 are rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim in view of Lu further in view of Chang et al. Patent No. US 10,868,881 B1 ( Chang hereinafter)
Regarding claim 5,
Rodrigo in view of Lu further teaches receiving an SBI request and SBI response ( Lu – Fig.1). However, Rodrigo in view of Lu does not explicitly teach
receive an SBI service response as the first copy of traffic; and determine whether a corresponding SBI service request is received as the second copy of traffic.
Chang teaches
receive an service response as the first copy of traffic; and determine whether a corresponding service request is received as the second copy of traffic (Abstract – The client proxy system is configured to obtain requests issued from a client device and responses to requests issued by a surrogate browser of a push server system. The client proxy system matches responses from the push server system with requests from the client device to determine responses to the requests from the client device.Fig.6, Col.16, lines 29-45 - The communication between the RPush client and the RPush server does not conform to HTTP standard and return messages from the RPush server. to the RPush client are to be matched to specific browser requests for the identified session in 636, based on matching rules table. If a match is found in the check 650, remove it from the pending list and return to browser as a response in 680. If a match is not found, insert it into the pending list waiting for the arrival of matching browser request in 634 (to be matched in 580).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo in view of Lu to include the teachings of Chang. The motivation for doing so is to allow the system to match returned or pushed resources with original client requests in order to satisfy them on the client side without the need to make round trips to origin servers (Chang – Col.2, lines 1-8).
Rodrigo in view of Lu teaches using SBI service in the communication exchange (SBI request -response) (Lu- Fig.1) and Chang teaches receive an service response as the first copy of traffic; and determine whether a corresponding service request is received as the second copy of traffic.
Therefore, It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo in view of Lu to include receive an SBI service response as the first copy of traffic; and determine whether a corresponding SBI service request is received as the second copy of traffic. The motivation for doing so is to allow the system to match responses with original client requests in order to determine missing original requests.
Regarding claim 15,
Rodrigo in view of Lu further teaches receiving an SBI request and SBI response ( Lu – Fig.1). However, Rodrigo in view of Lu does not explicitly teach
receive an SBI service response as the first copy of traffic; and determine whether a corresponding SBI service request is received as the second copy of traffic.
Chang teaches
receive an service response as the first copy of traffic; and determine whether a corresponding service request is received as the second copy of traffic (Abstract – The client proxy system is configured to obtain requests issued from a client device and responses to requests issued by a surrogate browser of a push server system. The client proxy system matches responses from the push server system with requests from the client device to determine responses to the requests from the client device.Fig.6, Col.16, lines 29-45 - The communication between the RPush client and the RPush server does not conform to HTTP standard and return messages from the RPush server. to the RPush client are to be matched to specific browser requests for the identified session in 636, based on matching rules table. If a match is found in the check 650, remove it from the pending list and return to browser as a response in 680. If a match is not found, insert it into the pending list waiting for the arrival of matching browser request in 634 (to be matched in 580).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo in view of Lu to include the teachings of Chang. The motivation for doing so is to allow the system to match returned or pushed resources with original client requests in order to satisfy them on the client side without the need to make round trips to origin servers (Chang – Col.2, lines 1-8).
Rodrigo in view of Lu teaches the using SBI service in the communication exchange (SBI request -response) (Fig.1) and Chang teaches receive an service response as the first copy of traffic; and determine whether a corresponding service request is received as the second copy of traffic.
Therefore, It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo in view of Lu to include receive an SBI service response as the first copy of traffic; and determine whether a corresponding SBI service request is received as the second copy of traffic. The motivation for doing so is to allow the system to match responses with original client requests in order to determine missing original requests.
Claims 6,16 are rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim in view of Lu further in view of Muraoka et al. Publication No. US 2016/0197934 A1 ( Muraoka hereinafter)
Regarding claim 6,
Rodrigo in view of Lu teaches the first copy of traffic and the second copy of traffic include a message sent and received by the first NF and the second NF in the communication exchange ( Rodrigo, ¶ 0077, Lu – Fig.1), However, Rodrigo in view of Lu does not explicitly teach the first copy of traffic and the second copy of traffic include a same message sent and received.
Muraoka teaches
wherein the first copy of traffic and the second copy of traffic include a same message sent and received by devices in the communication exchange ( ¶ 0053 - Certain embodiments may enable devices to be preregistered as paired devices and may grant a request for data from a device only when a same or similar request is received from its paired device(s ). when the devices are registered as paired devices, the device sending a request (e.g., the requesting device) to the server for access to an account or data may then request other paired device(s) to send a same or similar request to the server. The server may then grant the request (e.g. data exchange) when it has received the same or similar request from devices that were pre-registered or paired with the
requesting device)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the first copy of traffic and the second copy of traffic include a message sent and received by the first NF and the second NF in the communication exchange taught by Rodrigo in view of Lu to include the first copy of traffic and the second copy of traffic include a same message sent and received by devices in the communication exchange taught by Muraoka. The motivation for doing so is to allow the system to grant the request (e.g. data exchange) when it has received the same or similar request from devices (Muraoka – ¶ 0053).
Regarding claim 16,
Rodrigo in view of Lu teaches the first copy of traffic and the second copy of traffic include a message sent and received by the first NF and the second NF in the communication exchange (Rodrigo – ¶ 0077 , Lu – Fig.1), However, Rodrigo in view of Lu does not explicitly teach the first copy of traffic and the second copy of traffic include a same message sent and received.
Muraoka teaches
wherein the first copy of traffic and the second copy of traffic include a same message sent and received by devices in the communication exchange ( ¶ 0053 - Certain embodiments may enable devices to be preregistered as paired devices and may grant a request for data from a device only when a same or similar request is received from its paired device(s ). when the devices are registered as paired devices, the device sending a request (e.g., the requesting device) to the server for access to an account or data may then request other paired device(s) to send a same or similar request to the server. The server may then grant the request (e.g. data exchange) when it has received the same or similar request from devices that were pre-registered or paired with the
requesting device)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the first copy of traffic and the second copy of traffic include a message sent and received by the first NF and the second NF in the communication exchange taught by Rodrigo in view of Lu to include the first copy of traffic and the second copy of traffic include a same message sent and received by devices in the communication exchange taught by Muraoka. The motivation for doing so is to allow the system to grant the request (e.g. data exchange) when it has received the same or similar request from devices (Muraoka – ¶ 0053).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim in view of Lu further in view of Hu et al. Publication No. US 2021/0211439 A1 (Hu hereinafter)
Regarding claim 7,
Rodrigo further teaches
perform [..] analysis of a traffic of the communication exchange, including: receive the first copy of traffic; and evaluate incoming traffic to identify the second copy of traffic (¶ 0077 – The network may be a fifth generation (5G) network or any other generation network. In some embodiments, the network may be a core network or a radio access network (RAN). The techniques described herein are implemented by a first service communication proxy (SCP) node and a first network function (NF) node – ¶ 0097 - The method of FIG. 6 is performed in response to receiving information indicative that no response is received from the second NF node to a first request. The first request is transmitted towards the second NF node via the first SCP node 10 and is for the second NF node to execute ( or provide) a service for the first NF node 20).
However, Rodrigo does not explicitly teach perform hop by hop analysis of a traffic feed of the communication exchange to identify network intrusions
Hu teaches
perform hop by hop analysis of a traffic feed of the communication exchange to identify network intrusions (¶ 0039-¶ 0040 - Different from the proactive tracing system, in the reactive tracing system, the tracing is started after the DoS attacks are detected. Hop-by-hop tracing is proposed for the reactive tracing system. For example, a tracing program may be installed into every router. The tracing program in the router located closest to the attacker may be first used for monitoring incoming packets. If the attackers use spoofed IP addresses to launch the attacks, the packets with these IP addresses can be stored into the routers for monitoring. This procedure of monitoring will be repeated in the adjacency routers hop by hop until the attacker's originated IP address is identified).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Hu. The motivation for doing so is to allow the system to use hop by hop tracing in order to monitor incoming traffic. This procedure of monitoring will be repeated in the adjacency routers hop by hop until the attacker's originated IP address is identified (¶ 0040 – Hu).
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim further in view of Lu further in view of Hu further in view of Tanner et al. Publication No. GB 2461730 A ( Tanner hereinafter)
Regarding claim 8,
Rodrigo further teaches evaluate incoming traffic to identity the second copy of traffic ( ¶ 0077, ¶ 0097). However, Rodrigo does not explicitly teach
compare a consumer and a producer listed in the incoming traffic to the consumer and the producer listed in the first copy of traffic to identify corresponding traffic
Tanner teaches
compare a consumer and a producer listed in the incoming traffic to the consumer and the producer listed in the first copy of traffic to identify corresponding traffic (Abstract – when a recipient responds to a message, the communication address to which the response is sent and the communication address of the recipient enable the device to correlate the received message with the originally sent message. Since the source and destination addresses of the received reply are considered the same communication address. Description - as the message/response pairing is determined on unique pairing of receiving and transmitting communication addresses, the message server can use the same communication addresses for different recipients the combination of sending and receiving communication addresses are used to allow a pairing between a transmitted message and response to be made) 2) A communication address has been used as in 1) above but the recipient of the previous message has replied to that message, thereby freeing up this communication address for further use with the same recipient. ).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Tanner. The motivation for doing so is to allow the system to determine message/response pairing (Tanner – Description ).
Claims 9,10 are rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim further in view of Lu further in view of Hu further in view of Tanner further in view of Tang et al. Publication No. US 2020/0328935 A1 (Tang hereinafter)
Regarding claim 9,
Rodrigo further teaches
in response to not receiving the second copy of traffic, determine a security failure in the communication exchange; issue the security notification (Para 0018 - The method comprises initiating transmission of information towards the first NF node if no response is received from the second NF node to a first request transmitted towards the second NF node via the first SCP node. The first request is for the second NF node to execute a service requested by the first NF node. The information is indicative that no response is received from the second NF node to the first request. – Para 0015 -As illustrated by arrow 644 of FIG. 2A-C, if no response is received by the first SCP node 10, the first SCP node 10 initiates transmission of a response to the first NF node 20. The response comprises information (e.g. an existing HTTP error, such as a 504 error) indicative that there is an error situation);
However, Rodrigo does not explicitly teach
In response to not receiving the second copy of the traffic , increment a failure counter for the communication exchange; determine whether the failure counter is greater than a selected threshold; and when the failure counter is greater than the selected threshold, issue notification
Tang teaches
In response to not receiving the second copy of the traffic , increment a failure counter for the communication exchange; determine whether the failure counter is greater than a selected threshold; and when the failure counter is greater than the selected threshold, issue notification; (Fig.5, ¶ 0037 - if no response to a request is received, the process proceeds to 510. ¶ 0038 - At 510, the number of consecutive failed requests, or failures to respond to requests, that have occurred since the latest successful request of the modem is tracked ( e.g., failed requests are indicated when a timer expires before a response associated with the request of the timer is received and the timer is stopped and/or deactivated). At 512, if the number of consecutive failed responses match or exceed the failure threshold of the modem, the process proceeds to 514 At 514, a malfunction alert associated with the modem is triggered, whereby the computing device is enabled to perform modem recovery actions based on the triggered malfunction alert. In some examples, triggering the malfunction alert includes at least one of resetting the modem, restarting the modem, uninstalling and reinstalling software associated with the modem, verification of the state of the modem, and/or notifying a user of the modem's malfunction).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Tang. The motivation for doing so is to allow the system to promptly detect and handle device malfunctions while avoiding false malfunction detection (Tang - Abstract).
Regarding claim 10,
Rodrigo does not explicitly teach
increment the failure counter only for consecutive security failures in the communication exchange
However, Tang teaches
increment the failure counter only for consecutive security failures in the communication exchange (Fig.5, ¶ 0037 - if no response to a request is received, the process proceeds to 510. ¶ 0038 - At 510, the number of consecutive failed requests, or failures to respond to requests, that have occurred since the latest successful request of the modem is tracked ( e.g., failed requests are indicated when a timer expires before a response associated with the request of the timer is received and the timer is stopped and/or deactivated). At 512, if the number of consecutive failed responses match or exceed the failure threshold of the modem, the process proceeds to 514 At 514, a malfunction alert associated with the modem is triggered, whereby the computing device is enabled to perform modem recovery actions based on the triggered malfunction alert. In some examples, triggering the malfunction alert includes at least one of resetting the modem, restarting the modem, uninstalling and reinstalling software associated with the modem, verification of the state of the modem, and/or notifying a user of the modem's malfunction).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Tang. The motivation for doing so is to allow the system to promptly detect and handle device malfunctions while avoiding false malfunction detection (Tang - Abstract).
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim further in view of Hu
Regarding claim 17,
Rodrigo further teaches
perform [..] analysis of a traffic of the communication exchange, including: receive the first copy of traffic; and evaluate incoming traffic to identify the second copy of traffic ( Para 0077 – The network may be a fifth generation (5G) network or any other generation network. In some embodiments, the network may be a core network or a radio access network (RAN). The techniques described herein are implemented by a first service communication proxy (SCP) node and a first network function (NF) node – Para 0097 - The method of FIG. 6 is performed in response to receiving information indicative that no response is received from the second NF node to a first request. The first request is transmitted towards the second NF node via the first SCP node 10 and is for the second NF node to execute ( or provide) a service for the first NF node 20).
However, Rodrigo does not explicitly teach perform hop by hop analysis of a traffic feed of the communication exchange to identify network intrusions
Hu teaches
perform hop by hop analysis of a traffic feed of the communication exchange to identify network intrusions (¶ 0039- 0040 - Different from the proactive tracing system, in the reactive tracing system, the tracing is started after the DoS attacks are detected. Hop-by-hop tracing is proposed for the reactive tracing system. For example, a tracing program may be installed into every router. The tracing program in the router located closest to the attacker may be first used for monitoring incoming packets. If the attackers use spoofed IP addresses to launch the attacks, the packets with these IP addresses can be stored into the routers for monitoring. This procedure of monitoring will be repeated in the adjacency routers hop by hop until the attacker's originated IP address is identified).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Hu. The motivation for doing so is to allow the system to use hop by hop tracing in order to monitor incoming traffic. This procedure of monitoring will be repeated in the adjacency routers hop by hop until the attacker's originated IP address is identified (¶ 0040 – Hu).
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim further in view of Hu further in view of Tanner
Regarding claim 18,
Rodrigo further teaches evaluate incoming traffic to identity the second copy of traffic ( ¶ 0077, ¶ 0097). However, Rodrigo does not explicitly teach
compare a consumer and a producer listed in the incoming traffic to the consumer and the producer listed in the first copy of traffic to identify corresponding traffic
Tanner teaches
compare a consumer and a producer listed in the incoming traffic to the consumer and the producer listed in the first copy of traffic to identify corresponding traffic (Abstract – when a recipient responds to a message, the communication address to which the response is sent and the communication address of the recipient enable the device to correlate the received message with the originally sent message. Since the source and destination addresses of the received reply are considered the same communication address. Description - as the message/response pairing is determined on unique pairing of receiving and transmitting communication addresses, the message server can use the same communication addresses for different recipients the combination of sending and receiving communication addresses are used to allow a pairing between a transmitted message and response to be made) 2) A communication address has been used as in 1) above but the recipient of the previous message has replied to that message, thereby freeing up this communication address for further use with the same recipient. ).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Tanner. The motivation for doing so is to allow the system to determine message/response pairing (Tanner – Description ).
Claims 19,20 are rejected under 35 U.S.C. 103 as being unpatentable over Rodrigo in view of Kim further in view of Tang
Regarding claim 19,
Rodrigo further teaches
in response to not receiving the second copy of traffic, determine a security failure in the communication exchange; issue the security notification(Para 0018 - The method comprises initiating transmission of information towards the first NF node if no response is received from the second NF node to a first request transmitted towards the second NF node via the first SCP node. The first request is for the second NF node to execute a service requested by the first NF node. The information is indicative that no response is received from the second NF node to the first request. – Para 0015 -As illustrated by arrow 644 of FIG. 2A-C, if no response is received by the first SCP node 10, the first SCP node 10 initiates transmission of a response to the first NF node 20. The response comprises information (e.g. an existing HTTP error, such as a 504 error) indicative that there is an error situation);
However, Rodrigo does not explicitly teach
In response to not receiving the second copy of the traffic , increment a failure counter for the communication exchange; determine whether the failure counter is greater than a selected threshold; and when the failure counter is greater than the selected threshold, issue notification
Tang teaches
In response to not receiving the second copy of the traffic , increment a failure counter for the communication exchange; determine whether the failure counter is greater than a selected threshold; and when the failure counter is greater than the selected threshold, issue notification; (Fig.5, ¶ 0037 - if no response to a request is received, the process proceeds to 510. ¶ 0038 - At 510, the number of consecutive failed requests, or failures to respond to requests, that have occurred since the latest successful request of the modem is tracked ( e.g., failed requests are indicated when a timer expires before a response associated with the request of the timer is received and the timer is stopped and/or deactivated). At 512, if the number of consecutive failed responses match or exceed the failure threshold of the modem, the process proceeds to 514 At 514, a malfunction alert associated with the modem is triggered, whereby the computing device is enabled to perform modem recovery actions based on the triggered malfunction alert. In some examples, triggering the malfunction alert includes at least one of resetting the modem, restarting the modem, uninstalling and reinstalling software associated with the modem, verification of the state of the modem, and/or notifying a user of the modem's malfunction).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Tang. The motivation for doing so is to allow the system to promptly detect and handle device malfunctions while avoiding false malfunction detection (Tang - Abstract).
Regarding claim 20,
Rodrigo does not explicitly teach
increment the failure counter only for consecutive security failures in the communication exchange
However, Tang teaches
increment the failure counter only for consecutive security failures in the communication exchange (Fig.5, ¶ 0037 - if no response to a request is received, the process proceeds to 510. ¶ 0038 - At 510, the number of consecutive failed requests, or failures to respond to requests, that have occurred since the latest successful request of the modem is tracked ( e.g., failed requests are indicated when a timer expires before a response associated with the request of the timer is received and the timer is stopped and/or deactivated). At 512, if the number of consecutive failed responses match or exceed the failure threshold of the modem, the process proceeds to 514 At 514, a malfunction alert associated with the modem is triggered, whereby the computing device is enabled to perform modem recovery actions based on the triggered malfunction alert. In some examples, triggering the malfunction alert includes at least one of resetting the modem, restarting the modem, uninstalling and reinstalling software associated with the modem, verification of the state of the modem, and/or notifying a user of the modem's malfunction).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rodrigo to include the teachings of Tang. The motivation for doing so is to allow the system to promptly detect and handle device malfunctions while avoiding false malfunction detection (Tang - Abstract).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659. The examiner can normally be reached Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YOUNES NAJI/Primary Examiner, Art Unit 2445