DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a non-final office action in response to applicant’s preliminary amendment filed on 7/25/2024.
Claims 1-15 are cancelled claims. Claims 16-30 are pending and being considered.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. DE10 2022 103 927.7, filed on 2/18/2022. The instant application is a 371 of PCT/EP2023/054098 filed on 2/17/2023.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/25/2024, has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copy of Applicant’s IDS form 1449 filed as stated above is attached to the instant Office Action.
Specification
The disclosure is objected to because of the following informalities:
Applicant is reminded that Drawings (Figures. 1-4 according to paragraph [0022] of applicant’s Specification) have not been filed.
Appropriate correction is required.
Claim Objections
Claims 16, 20, 22, 24, 26-27 are objected to because of the following informalities:
Claim 16 line 2, “which contains filter rules” may read “the firewall contains filter rules”.
Claim 20 line 2, “… according to a termination criterion” may read “… according to the termination criterion”.
Claim 22 line 1, “in the event that …” may read “in an event that …”.
Similarly, claim 24 line 1.
Claim 26 line 2, the use of “in order to” suggests what follows is intended use.
Claim 27 line 2, “a firewall action” may read “the firewall action” or another firewall action.
Appropriate correction is suggested.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 16-30 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Applicant is suggested to carefully review the claim language for antecedent basis concerns. Some examples are listed below.
Claim 16 line a recites “the recipient”. There is insufficient antecedent basis for this limitation in the claim.
Claim 16 line 4 recites “the respective data packet”. There is insufficient antecedent basis for this limitation in the claim.
Claim 16 line 6 recites “the processing of the filter rules …”. There is insufficient antecedent basis for this limitation in the claim.
Claims 17-30 depend on claim 16, therefore also rejected for the same reason set forth above. In addition,
Claim 18 line 3 recites “the time of processing by the firewall”. There is insufficient antecedent basis for this limitation in the claim. Claim 18 depends on claim 16, but the time of processing by the firewall has not been defined.
Claim 23 lines 1-2 recites “the identification”, “the outstanding filter rules”. There is insufficient antecedent basis for these limitations in the claim. Examiner further notes, the scope of the claim is not clear due to lack of definition of the identification contains outstanding filter rules. Applicant is requested to clarify the claim language.
Claim 28 line 2 recites “the time of the data packets is recorded”. There is insufficient antecedent basis for this limitation in the claim.
Claim 29 lines 1-2 recites “the processing time”, “the filtering by the firewall”. There is insufficient antecedent basis for these limitations in the claim. Claim 29 depend on claim 16, but claim 16 does not recites “filtering” or “filter”, except “filter rules”.
Claim 30 lines 1-2 recites “the subsequent processing of …”, “the buffer”. There is insufficient antecedent basis for these limitations in the claim.
Examiner Notes
Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 16-22, 24, 26-30 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al (US20190386960A1, hereinafter, Huang”), in view of McGrath et al (US20120140630A1-IDS, hereinafter, “McGrath”).
Regarding claim 16, Huang teaches:
A method (Huang, discloses systems and methods for firewall configuration using dynamically generated block lists, see [Abstract]) for allowing data packets in a network to arrive at the recipient [at specified times], with a firewall in a computer network, which contains filter rules (It is well known in the arts that firewall is used in a network to process traffic data according to firewall rules, e.g., [0005] Internet-connected enterprise computer networks such as those described above are frequently subjected to malicious traffic. As such, these networks are often protected by at least one firewall, which acts as a gatekeeper that regulates traffic into and out of a network based on a predefined set of rules), [wherein each data packet is assigned a time budget for processing in the firewall], a definable firewall action is carried out for the respective data packet after expiration of the time budget, wherein the firewall action is also carried out if the processing of the filter rules in the firewall has not yet been completed upon the expiration of the time budget (e.g., [0007] The disclosed system enables a user (e.g., a security operator or technician) to request that a particular observable be blocked or allowed (i.e., definable firewall action) on a client network, which generates a new block list entry in a database associated with the client instance. And [0020] One manner in which certain firewalls can be configured to block or allow specific observables is via block lists (BLs). And [0044] The “Entry value” field stores the actual text of the block list entry that is included in the block lists generated by the block list engine and provided to the firewall 118. The “Expiration period(days)” field stores an integer value indicating a number of days that the block list entry will remain enforce after initial activation. Accordingly, the “Expired date” field stores an expiration date at which the block list entry expires, which is calculated based a “Added date” field value and the “Expiration period(days)” field value. Examiner further notes, expiration period suggests firewall performs one of filtering action, i.e., either allow or block at the expiration of block list entry).
While Huang teaches dynamic firewall configuration but does not specifically teach time budget for processing in the firewall, in the same field of endeavor McGrath teaches:
for allowing data packets in a network to arrive at the recipient at specified times, wherein each data packet is assigned a time budget for processing in the firewall (McGrath, discloses method for controlling network traffic reaching a local node with firewall, see [Abstract]. And [0021] Based on certain parameters, only selected traffic is allowed to propagate through the network stack of the electronic device, with zero or constant near zero latency (i.e., time budget) being added by this filtering process. By inspecting traffic during reception and rejecting a transmission detected to be unwanted, the unwanted traffic is stopped before it reaches the CPU. This way, legitimate traffic can pass with zero or constant near zero latency. The term "during reception" refers to a packet which is in the process of being received by the electronic device (i.e., recipient). And [0027] As noted above, an advantage of the described method is the zero or constant near zero latency introduced when filtering).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of McGrath in the dynamic firewall configuration of Huang by implementing firewall with advantage of zero or constant near zero latency. This would have been obvious because the person having ordinary skill in the art would have been motivated to allow to propagate network traffic through network stack, with zero or constant near zero latency being added by the filtering process (McGrath, [Abstract], [0021]).
Regarding claim 17, Huang-McGrath combination teaches the method according to claim 16,
McGrath further teaches: wherein a processing time of the firewall comprises the time from the input of a data packet at the firewall, over the processing, to the output of the data packet at the firewall (McGrath, e.g., [0012] in which method said network traffic is filtered and an unwanted data reception addressed to said electronic device filtered out, said method comprising in which said filtering comprises inspecting said network traffic during reception and propagation from the at least one said physical layer to at least one said link layer). Same motivation as presented in claim 16 would apply.
Regarding claim 18, Huang-McGrath combination teaches the method according to claim 16,
Huang further teaches: wherein the time budget for processing the data packet in the firewall corresponds to a definable maximum time, which can be shorter than the time of processing by the firewall (Huang’s expiration period suggests time of processing by the firewall may be larger than the maximum time needed for firewall, i.e., a reason to have expiration period).
Regarding claim 19, Huang-McGrath combination teaches the method according to claim 18,
Huang further teaches: wherein the data packet is sent to the output of the firewall as a firewall action according to a termination criterion (Huang, Fig. 6 at 210, BL Entry past expired data? (i.e., termination criterion). Examiner notes the claim does not define what the termination criterion is).
Regarding claim 20, Huang-McGrath combination teaches the method according to claim 19,
Huang further teaches: wherein the data packet is discarded as a firewall action according to a termination criterion (Huang, Fig. 6 at 210, BL Entry past expired data? (i.e., termination criterion). Since Huang’s block list is to block list entry to block or allow a particular observable on the client network, therefore data packet may be discarded).
Regarding claim 21, Huang-McGrath combination teaches the method according to claim 19,
Huang further teaches: wherein the expiration of the defined maximum time is defined as the termination criterion (Huang, Fig. 6 at 210, BL Entry past expired data? (i.e., termination criterion)).
Regarding claim 22, Huang-McGrath combination teaches the method according to claim 16,
Huang further teaches: wherein, in the event that the processing of the filter rules in the firewall has not yet been completed after expiration of the time budget, the corresponding data packet is marked and provided with additional information (Huang, [0052] Additionally, the “Expired Date” field 202 has been calculated based on the values of the “Added Date” field 200 and the “Expiration Period(days)” field 204. …, after the block list entry is activated and the “Expired Date” is calculated, the client instance 42 may regularly review the block list entry to determine whether or not the “Expired Date” has been reached, as indicated by the decision block 210. When the “Expired Date” is reached, the client instance 42 deactivates (block 212) the block list entry).
Regarding claim 24, Huang-McGrath combination teaches the method according to claim 16,
McGrath further teaches: wherein, in the event that the processing of the filter rules in the firewall has not yet been completed after expiration of the time budget, the corresponding data packet is saved in a buffer (McGrath, [0071] The number of discard events when unwanted data packets are discarded may be detected and preferably recorded. Data concerning discarded unwanted data packets may be logged (i.e., saved in a buffer) and/or information recorded about characteristics such as the amount of network traffic, time of data packet discard. Discarded traffic may be logged by the filtering circuit and stored for processing at a later time). Same motivation as presented in claim 16 would apply.
Regarding claim 26, Huang-McGrath combination teaches the method according to claim 24,
McGrath further teaches: wherein a data packet from the buffer is post-processed, after the firewall action, in order to complete the processing of the filter rules of the firewall (McGrath, [0071] The number of discard events when unwanted data packets are discarded may be detected and preferably recorded. Data concerning discarded unwanted data packets may be logged and/or information recorded about characteristics such as the amount of network traffic, time of data packet discard. Discarded traffic may be logged by the filtering circuit and stored for processing at a later time). Same motivation as presented in claim 16 would apply.
Regarding claim 27, Huang-McGrath combination teaches the method according to claim 26,
Huang further teaches: wherein, after completion of the processing of the filter rules, a firewall action is also carried out (Huang, it is obvious to one ordinary skilled in the arts that the function of firewall is to process traffic data packet according to filter rules where an action is to follow, the action being either forward, drop or block the data packet. Examiner notes, the claim recites a firewall action without defining what the firewall action is).
Regarding claim 28, Huang-McGrath combination teaches the method according to claim 16,
McGrath further teaches: wherein upon arrival at the input of the firewall, the time of the data packets is recorded (McGrath, [0028] In contrast, the described method filters network traffic with a zero or constant near zero latency. The filtering happens after reception has started in the physical layer, while the received frame is propagated to the Ethernet MAC. The detection part of the filtering may be started (i.e., the time of the data packets is recorded) on data forming a partially received data packet). Same motivation as presented in claim 16 would apply.
Regarding claim 29, Huang-McGrath combination teaches the method according to claim 16,
wherein the processing time corresponds to the time that the filtering by the firewall requires for a data packet (Since the processing of firewall can be interpreted as filtering of data packet, therefore the corresponding time for the processing of data packet by the firewall is the time that the filtering by the firewall).
Regarding claim 30, Huang-McGrath combination teaches the method according to claim 16,
McGrath further teaches: wherein the subsequent processing of the filter rules for a data packet in the buffer is carried out by a network participant outside the firewall (McGrath, [0005] Network traffic filtering is generally done with software filtering, or an external firewall). Same motivation as presented in claim 16 would apply.
Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Huang-McGrath as applied above to claim 22, further in view of Cook et al (US20200195611A1, hereinafter, “Cook”).
Regarding claim 23, Huang-McGrath combination teaches the method according to claim 22,
The combination of Huang-McGrath does not specifically teach the following, in the same field of endeavor Cook teaches:
wherein the identification contains the outstanding filter rules which have not yet been processed by the firewall (Cook, discloses enforcing segmentation policy with a system firewall, see [Abstract]. And [0028] The segmentation firewall is configured to either drop packets that do not match any permissive rule or pass packets that match a permissive rule to the system firewall to enable the system firewall to determine whether to drop or accept the passed packets. To enable efficient operation of the segmentation firewall when operating in co-existence with the system firewall, the segmentation firewall may include a plurality of rule chains and may be configured to exit a chain and bypass remaining rule chains upon an input packet matching a permissive rule of the segmentation policy. Also see claim rejection under 35 USC 112(b) regarding “the identification”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Cook in the dynamic firewall configuration of Huang-McGrath by implementing segmentation policy for system firewall. This would have been obvious because the person having ordinary skill in the art would have been motivated to enable efficient operation of the segmentation firewall to include rule chains and exit a chain and bypass remaining rule chains upon an input packet matching a permissive rule of the segmentation policy (Cook, [Abstract]).
Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Huang-McGrath as applied above to claim 24, further in view of Potok (US20060265748A1, hereinafter, “Potok”).
Regarding claim 25, Huang-McGrath combination teaches the method according to claim 24,
The combination of Huang-McGrath does not specifically teach the following, in the same field of endeavor Potok teaches:
wherein the buffer is arranged in a network participant outside the firewall (Potok, discloses method for detecting sophisticated cyber attacks, see [Title]/[Abstract]. And [0032] Network audit log software resides outside the network firewall so that any incoming packet that is suspect, i.e., triggers a flag, gets set aside without reaching the net of computers).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Potok in the dynamic firewall configuration of Huang-McGrath by having network audit log software being outside of network firewall. This would have been obvious because the person having ordinary skill in the art would have been motivated to have incoming suspect packets without reaching the net of computers (Potok, [Abstract], [0032]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Smith et al (US20110035469A1) discloses method and system for filtering of network traffic.
Coss et al (US7143438B1) discloses methods for improved computer network firewalls which include one or more features for increased processing efficiency.
Wüsteney et al (“Impact of Packet Filtering on Time-Sensitive Networking Traffic”, 2021 17th IEEE International Conference on Factory Communication Systems (WFCS) pages 59-66) discloses approaches to overcome the challenges caused by packet filtering on time-sensitive networking traffic.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975. The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Primary Examiner, Art Unit 2436