DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The disclosure is objected to because of the following informalities: the CROSS-REFERENCE TO RELATED PATENT APPLCATIONS section needs updated to reflect applications that have matured into patents. Appropriate correction is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-8 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 12,063,232. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-8 of the instant application are anticipated by the reference claims 1-18 of the parent patent (‘232) as outlined below and/or rendered obvious in view of the patented claims.
1. A dynamic hybrid residential threat detection system comprising: a customer premises equipment (CPE) comprising: a non-transitory memory; a processor; a packet selector stored in the non-transitory memory of the CPE, that when executed by the processor of the CPE (claim 1): receives a plurality of communication sessions, selects and sends a predefined number of packets of each of the plurality of communication sessions to a CPE detection engine on the CPE based on packet selection rules (claim 1), and the CPE detection engine stored in the non-transitory memory of the CPE, that when executed by the processor of the CPE (claim 1): inspects the predefined number of packets of each of the plurality of communication sessions based on CPE detection rules, wherein the CPE detection rules establish what type of inspection is to be performed by the CPE detection engine based at least in part on resource constraints of the CPE, wherein different levels of inspection are performed by the CPE detection engine based at least in part on the resource constraints of the CPE including a first level of inspection when the resource constraints of the CPE are above a resource constraint threshold and a second level of inspection when the resource constraints of the CPE are below the resource constraint threshold, and wherein the first level of inspection is less CPE resource intensive than the second level of inspection (claim 1), and in response to the inspection, sends the predefined number of packets of at least some of the plurality of communication sessions to a cloud detection engine executing on a computer system for further inspection (claim 1).
2. The system of claim 1, wherein particular communication traffic is blocked based on the inspection performed by the CPE detection engine. (claim 1)
3. The system of claim 1, wherein the CPE detection rules are a subset of cloud detection rules applied by the cloud detection engine. (claim 1)
4. The system of claim 1, further comprising: the computer system comprising: a non-transitory memory; a processor; and a dynamic detection rule optimizer stored in the non-transitory memory of the computer system that, when executed by the processor of the computer system, selects and sends the CPE detection rules to the CPE detection engine. (claim 1)
5. The system of claim 1, further comprising: the computer system comprising: a non-transitory memory; a processor; and the cloud detection engine stored in the non-transitory memory of the computer system that, when executed by the processor of the computer system, receives and inspects the predefined number of packets of each of the at least some of the plurality of communication sessions based on cloud detection rules. (claim 1)
6. The system of claim 5, wherein particular communication traffic is blocked based on at least one of the inspection performed by the CPE detection engine or the inspection performed by the cloud detection engine. (claim 1)
7. The system of claim 1, further comprising a dynamic packet selection optimizer configured to: monitor at least one factor including at least one of asset characteristics or traffic protocol types, and creates the packet selection rules based on monitoring the at least one factor. (claim 2)
8. The system of claim 7, wherein the dynamic detection rule optimizer is stored and executed by the CPE or the computer system. (claim 1)
Claims 9-13 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,058,152. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 9-13 of the instant application are anticipated by the reference claims 1-20 of the parent patent (‘152) as outlined below and/or rendered obvious in view of the patented claims.
9. A dynamic hybrid residential threat detection method comprising: receiving, by a packet selector stored in non-transitory memory of a customer premises equipment (CPE) and executable by a processor of the CPE, a plurality of communication sessions (claim 1);
selecting and sending, by the packet selector, a predefined number of packets of each of the first plurality of communication sessions to a CPE detection engine on the CPE based on packet selection rules (claim 1), wherein the packet selection rules specify a greater predefined number of packets to be inspected when an endpoint of a given communication session possess first asset characteristics including one or more of a first operating system (claim 1),
being connected to a first endpoint, or storing a first type of data than when the endpoint of the given communication session possess second asset characteristics including one or more of a second, different operating system, being connected to a second, different endpoint, or storing a second, different type of data (claim 1);
performing, by the CPE detection engine, inspection on the predefined number of packets of each of the plurality of communication sessions based on CPE detection rules (claim 1);
sending, by the packet selector, the predefined number of packets of at least some of the first plurality of communication sessions to a cloud detection engine on a computer system for further inspection (claim 1); and
blocking particular communication traffic based on at least one of the inspection performed by the CPE detection engine or the further inspection performed by the cloud detection engine. (claim 1)
10. The method of claim 9, wherein the packet selection rules specify a greater predefined number of packets to be inspected when a first traffic protocol type is used in the given communication session than when a second, different traffic protocol type is used in the given communication session. (claim 1)
12. The method of claim 9, further comprising inspecting, by the cloud detection engine, the predefined number of packets of each of the at least some of the plurality of communication sessions by performing one or more of header inspection, DNS packet inspection, TLS handshake inspection, or deep packet inspection on the predefined number of packets. (claim 2)
13. The method of claim 9, wherein the predefined number of packets for a first communication session of the plurality of communication sessions is a different number of packets than the predefined number of packets for a second communication session of the plurality of communication sessions. (claim 1)
Claims 14-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 12,039,043. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 14-203 of the instant application are anticipated by the reference claims 1-19 of the parent patent (‘043) as outlined below and/or rendered obvious in view of the patented claims.
14. A residential threat detection system comprising: a dynamic optimizer stored in a non-transitory memory, that when executed by a processor: monitors one or more factors including at least one of internal threat information, external threat information, asset characteristics, or traffic protocol types (claim 1), creates packet selection rules based on monitoring the one or more factors, wherein the packet selection rules specify at least one of (1) a greater predefined number of packets to be inspected when an endpoint of a given communication session possess first asset characteristics including one or more of a first operating system, being connected to a first endpoint, or storing a first type of data than when the endpoint of the given communication session possess second asset characteristics including one or more of a second, different operating system, being connected to a second, different endpoint, or storing a second, different type of data or (2) a greater predefined number of packets to be inspected when a first traffic protocol type is used in the given communication session than when a second, different traffic protocol type is used in the given communication session, and sends the packet selection rules to the packet selector (claim 1); a packet selector stored in a non-transitory memory, that when executed by a processor: receives the packet selection rules, and selects and sends the predefined number of packets of each of a plurality of communication sessions associated with one or more communication devices to a detection engine for inspection based on the packet selection rules (claim 1); and the detection engine stored in a non-transitory memory, that when executed by a processor: receives the predefined number of packets of each of the plurality of communication sessions (claim 1), and inspects the predefined number of packets of each of the plurality of communication sessions, wherein particular communication traffic is blocked based on inspection of the predefined numbers of packets of one or more of the plurality of communication sessions. (claim 1)
15. The system of claim 14, wherein the packet selector and the detection engine are stored and executed by a customer premise equipment. (claim 14)
16. The system of claim 14, wherein the dynamic optimizer, the packet selector, and the detection engine are stored and executed by a same computer system. (claim 8, 14)
17. The system of claim 14, wherein the one or more of the communication devices comprise at least one of customer premises equipment (CPE) or a mobile communication device. (claim 1)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM A CORUM JR whose telephone number is (303)297-4234. The examiner can normally be reached Mon. - Fri. 8 AM - 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WILLIAM A CORUM JR/Primary Examiner, Art Unit 2433