DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
2. The information disclosure statement (IDS) submitted on 09/19/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
3. Claims 1 and 3-6 are objected to because of the following informalities:
Claim 1 recites in a limitation “publicize predetermined data in the VLAN in which the unauthorized communication was detected” (emphasis added) should read as “publicize predetermined data in a VLAN in which the unauthorized communication was detected” (emphasis added).
Claims 5-6 suffer similar deficiency and appropriate correction is required.
Claim 3 uses abbreviations (i.e. RS message, RA message) in the claim language without disclosing the meaning of the abbreviations within the scope of the claim and the abbreviations should be spelled out the first instance they are used in the claims.
Claim 4 recites in a limitation “instruct communication control to block communication regarding the IP address” (emphasis added) should read as “instruct the communication control part to block communication regarding the IP address” (emphasis added).
Appropriate correction is required.
Claim Rejections - 35 USC § 101
4. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
5. Claim 6 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter. The “communication control program” recited in Claim 6 is construed as software per se under the broadest reasonable interpretation (BRI). Software per se does not fit within recognized categories of statutory subject matter.
Therefore, Claim 6 is not patent eligible.
Claim Rejections - 35 USC § 112
6. The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
7. Claims 1-4 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
8. Claim 1 recites in a limitation “configured to instruct the edge device identified using the identification unit to control communication with respect to the unauthorized communication.” (emphasis added). However, there is no prior recitation of an identification unit in the claim. There is insufficient antecedent basis for this limitation in the claim.
Dependent Claims 2-4 are rejected based upon their respective dependence from independent Claim 1.
Note: Applicant may overcome this rejection by changing “the identification unit” to “the identification part”. For the examination purposes, the examiner is interpreting “the identification unit” as “the identification part”.
Claim 2 recites in a limitation “identify the IP address of the edge device in the VLAN from information included in the received response” (Emphasis added). However, there is no prior recitation of “an IP address” in the claim or the claim which it depends on. There is insufficient antecedent basis for this limitation in the claim.
Claim 3 suffers similar deficiencies and rejected using the same rationale.
Claim 3 further recites in limitations “multicast, in the VLAN in which the unauthorized communication is detected, the RS message in the VLAN in which the unauthorized communication is detected” (Emphasis added), and “receive a response to the RA message as a response to the message” (Emphasis added). However, there are no prior recitations of “a RS message” and “a RA message” in the claim or the claim which it depends on. There is insufficient antecedent basis for this limitation in the claim.
In addition, it is unclear the phrase “the message” recited later in the limitation is referring to the RS or RA message, therefore, the claim fails to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim Rejections - 35 USC § 102
9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
10. Claims 1 and 4-6 are rejected under 35 U.S.C. 102 (a) (1) as being Anticipated by MAYUZUMI (US 2019/0288986 Al, hereinafter Mayuzumi).
Regarding Claim 1,
Mayuzumi discloses a communication control device (Mayuzumi:[Abstract] a communication control apparatus, and one or more communication processing apparatuses, which reside on a network., ¶[0035] communication control apparatus 10 establishes communication connection with each of the communication processing apparatuses 20a, 20b, 20c, and 20d), comprising:
a detection part, including one or more processors (Mayuzumi: ¶ [0059] connection unit 110, the control unit 111, the storage unit 112, and the counter 113 are configured by
running the programs on the CPU 1000, ¶[0057] the communication control apparatus 10 includes a central processing unit (CPU) 1000, ¶ [Abstract]), configured to detect unauthorized communication in each of VLANs in a network in which each edge device is logically divided into different VLANs (Mayuzumi: ¶ [0080] Specifically, as the unauthorized terminal information, the communication control apparatus 10 is at least notified of an IP address "a", which is predicted as the IP address of the source terminal of the unauthorized communication, and the IP address of the external server 6 as the destination (attack destination) address, ¶[0025] block the communication of a terminal using an edge device (a software-defined network (SDN) switch), ¶[0036] controlling the communications on a virtualized network. OpenFlow can grasp each of the communications as an end-to-end flow, and can execute path control, load distribution, optimization, and the like foreach of the flows, ¶[0038], the communication processing apparatuses 20a, 20b, 20c, and 20d identifies the packet on the basis of header information of the packet. The header includes 12 types of header fields that are a "reception port", a "transmission source media access control (MAC) address", a "destination MAC address", a "protocol type", a "virtual local area network (VLAN) ID", a "VLAN Priority Code Point (PCP) value"(i.e. VLAN based identification), ¶¶[0035, 0059]);
an identification part, including one or more processors (Mayuzumi: ¶ [0059] connection unit 110, the control unit 111, the storage unit 112, and the counter 113 are configured by
running the programs on the CPU 1000, ¶[0057] the communication control apparatus 10 includes a central processing unit (CPU) 1000, [Abstract]), configured to, in response to the detection part detect the unauthorized communication, publicize predetermined data in the VLAN in which the unauthorized communication was detected and identify an edge device in the VLAN on the basis of a response to the publicity (Mayuzumi: ¶ [0081] the communication
control apparatus 10 executes processing to identify the IP address "a", which is predicted as the IP address of the source terminal of the unauthorized communication, ¶[0087] the control unit 111 of the communication control apparatus 10 identifies a communication processing apparatus x that is to block the communication with the IP address "a", ¶[0089] the control unit 111 of the communication control apparatus 10 instructs all the communication processing apparatuses 20 (the communication processing apparatuses 20a, 20b, 20c, and 20d in this case) via the connection unit 110 to monitor communication of which source is IP address "a" of the source terminal of the unauthorized communication (i.e. publicizing the predetermined data), ¶ [0090] Any one (the communication processing apparatus x in this case) of all the communication processing apparatuses 20 detects the communication of which source is the IP address "a" of the source terminal of the unauthorized communication, and notifies the communication control apparatus 10 of the detected communication (i.e. receives a response) , ¶¶ [0025, 0038, 0088]); and
a communication control part, including one or more processors (Mayuzumi: ¶ [0059] connection unit 110, the control unit 111, the storage unit 112, and the counter 113 are configured by running the programs on the CPU 1000, ¶[0057] the communication control apparatus 10 includes a central processing unit (CPU) 1000, [Abstract]), configured to instruct the edge device identified using the identification unit to control communication with respect to the unauthorized communication (Mayuzumi: ¶[0087] the control unit 111 of the communication control apparatus 10 identifies a communication processing apparatus x that is to block the communication with the IP address "a" identified as an IP address of the source terminal of the unauthorized communication (step S14), ¶[0091] the communication control apparatus 10 transmits, to the communication processing apparatus x (the communication processing apparatus 20c in the example illustrated in FIG. 8), which detects the communication of which source is the IP address "a" of the source terminal of the unauthorized communication, a blocking instruction for blocking the communication with the IP address "a" of the source terminal of the unauthorized communication via the connection
unit 110, ¶¶[0025, 0040, 0089-0090]).
Regarding Claim 4,
Claim 4 is dependent on Claim 1, and Mayuzumi discloses all the limitations of Claim 1. Mayuzumi further discloses wherein the communication control device is configured to:
notify the edge device identified using the identification part of an IP address at which communication is to be blocked (Mayuzumi: ¶[0038] the communication processing apparatuses 20a, 20b, 20c, and 20d identifies the packet on the basis of header information of the packet. The header includes 12 types of header fields that are…, "transmission source IP address", a "destination IP address", ¶ [0080] Specifically, as the unauthorized terminal information, the communication control apparatus 10 is at least notified of an IP address "a", which is predicted as the IP address of the source terminal of the unauthorized communication, and the IP address of the external server 6 as the destination (attack destination) address, ¶[0091] the communication control apparatus 10 transmits, to the communication processing apparatus x…, a blocking instruction, ¶¶[0039, 0042, 0043]); and
instruct communication control to block communication regarding the IP address (Mayuzumi: ¶[0048] the communication control apparatus 10 can set the flow entry provided in the flow table 210 of the communication processing apparatus 20, ¶[0091] the communication control apparatus 10 transmits, to the communication processing apparatus x (the communication processing apparatus 20c in the example illustrated in FIG. 8), which detects the communication of which source is the IP address "a" of the source terminal of the unauthorized communication, a blocking instruction for blocking the communication with the IP address "a" of the source terminal of the unauthorized communication via the connection unit 110).
Regarding Claim 5,
Mayuzumi discloses a communication control method performed using a communication control device (Mayuzumi: ¶ [0028] a communication control apparatus, a communication control method, and a communication control program, [Abstract] a communication control apparatus, and one or more communication processing apparatuses, which reside on a network., ¶[0035] communication control apparatus 10 establishes communication connection with each of the communication processing apparatuses 20a, 20b, 20c, and 20d, ¶ [0078]) comprising, and discloses all the limitations of Claim 5 as discussed in Claim 1. Therefore, Claim 5 is rejected using the same rationales as discussed in Claim 1.
Regarding Claim 6,
Mayuzumi discloses a communication control program causing a computer to execute (Mayuzumi: ¶ [0028] a communication control apparatus, a communication control method, and a communication control program, [Abstract] a communication control apparatus, and one or more communication processing apparatuses, which reside on a network, ¶¶ [0035, 0062-0064]), and discloses all the limitations of Claim 6 as discussed in Claim 1. Therefore, Claim 6 is rejected using the same rationales as discussed in Claim 1.
Claim Rejections - 35 USC § 103
11. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
12. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
13. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
14. Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over MAYUZUMI (US 2019/0288986 Al, hereinafter Mayuzumi) in view of PalChaudhuri et al. (US 2015/0319042 Al, hereinafter PalChaudhuri).
Regarding Claim 2,
Claim 2 is dependent on Claim 1, and Mayuzumi discloses all the limitations of Claim 1. Mayuzumi further discloses wherein the identification part is configured to: broadcast a DHCP IP address request message in the VLAN in which the unauthorized communication is detected (Mayuzumi: ¶[0089] the control unit 111 of the communication control apparatus 10 instructs all the communication processing apparatuses 20 (the communication processing apparatuses 20a, 20b, 20c, and 20d in this case) via the connection unit 110 to monitor communication of which source is IP address "a" of the source terminal of the unauthorized communication, ¶ [0036] controlling the communications on a virtualized network, ¶¶ [0087-0088, 0038]);
receive a response to the message (Mayuzumi: ¶ [0090] Any one (the communication processing apparatus x in this case) of all the communication processing apparatuses 20 detects the communication of which source is the IP address "a" of the source terminal of the unauthorized communication, and notifies the communication control apparatus 10 of the detected communication (i.e. receives a response). ¶ [0089]); and
identify the IP address of the edge device in the VLAN from information included in the received response (Mayuzumi: ¶ [0042] communication control apparatus 10 saves the communication processing apparatuses connection list illustrated in FIG. 2. In FIG. 2,
as the communication processing apparatuses connection list, switch labels, the IP addresses, and Datapath IDs of the communication processing apparatuses 20a, 20b, 20c, and 20d are associated with each other, and each of the Datapath IDs is a switch-specific ID, ¶[0087] the control unit 111 of the communication control apparatus 10 identifies a communication processing apparatus x that is to block the communication with the IP address "a", ¶ [0088] an operation of identifying the communication processing apparatus that is to block the communication with the IP address "a", ¶[0089] the control unit 111 of the communication control apparatus 10 instructs all the communication processing apparatuses 20 (the communication processing apparatuses 20a, 20b, 20c, and 20d in this case) via the connection unit 110 to monitor communication of which source is IP address "a" of the source terminal of the unauthorized communication, ¶ [0090] Any one (the communication processing apparatus x in this case) of all the communication processing apparatuses 20 detects the communication…, and notifies the communication control apparatus 10 of the detected communication (i.e. receives a response, the control apparatus gets the IP of the edge device based on the Datapath ID of OpenFlow channel – See also Fig. 2), ¶ [0025] using an edge device (a software-defined network (SDN) switch), ¶ [0043]).
It is noted that Mayuzumi does not explicitly disclose:
wherein the identification part is configured to: broadcast a DHCP IP address request message in the VLAN in which the unauthorized communication is detected.
However, PalChaudhuri from the same field of endeavor as the claimed invention discloses that the disclosure relate to virtual local area network (VLAN) management in networks (PalChaudhuri: ¶ [0014]), when a particular VLAN is an allowed VLAN at the upstream switch port, an AP connected to the upstream switch port will likely receive many multicast and/or broadcast packets on the particular VLAN (PalChaudhuri: ¶ [0047]), and AP 200 can transmit a DHCP DISCOVER request tagged with each of the unverified VLANs (e.g., DHCP DISCOVER request tagged with unverified VLAN.sub.1 240 to switch 205 (PalChaudhuri: ¶ [0048], ¶ [0054]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of PalChaudhuri in the teachings of Mayuzumi. A person having ordinary skill in the art would have been motivated to do so as a single broadcast can reach all the processing apparatus simultaneously, thereby improving the latency.
Regarding Claim 3,
Claim 3 is dependent on Claim 1, and Mayuzumi discloses all the limitations of Claim 1. Mayuzumi further discloses wherein the identification part is configured to: multicast, in the VLAN in which the unauthorized communication is detected, the RS message in the VLAN in which the unauthorized communication is detected (Mayuzumi: ¶[0089] the control unit 111 of the communication control apparatus 10 instructs all the communication processing apparatuses 20 (the communication processing apparatuses 20a, 20b, 20c, and 20d in this case) via the connection unit 110 to monitor communication of which source is IP address "a" of the source terminal of the unauthorized communication (i.e. transmitting messages), ¶ [0036] controlling the communications on a virtualized network, ¶¶ [0087-0088, 0038]);
receive a response to the RA message as a response to the message (Mayuzumi: ¶ [0090] Any one (the communication processing apparatus x in this case) of all the communication processing apparatuses 20 detects the communication of which source is the IP address "a" of the source terminal of the unauthorized communication, and notifies the communication control apparatus 10 of the detected communication (i.e. receives a response). ¶ [0089]); and
identify the IP address of the edge device in the VLAN from information included in the received response (Mayuzumi: ¶ [0042] communication control apparatus 10 saves the communication processing apparatuses connection list illustrated in FIG. 2. In FIG. 2,
as the communication processing apparatuses connection list, switch labels, the IP addresses, and Datapath IDs of the communication processing apparatuses 20a, 20b, 20c, and 20d are associated with each other, and each of the Datapath IDs is a switch-specific ID, ¶[0087] the control unit 111 of the communication control apparatus 10 identifies a communication processing apparatus x that is to block the communication with the IP address "a", ¶ [0088] an operation of identifying the communication processing apparatus that is to block the communication with the IP address "a", ¶[0089] the control unit 111 of the communication control apparatus 10 instructs all the communication processing apparatuses 20 (the communication processing apparatuses 20a, 20b, 20c, and 20d in this case) via the connection unit 110 to monitor communication of which source is IP address "a" of the source terminal of the unauthorized communication, ¶ [0090] Any one (the communication processing apparatus x in this case) of all the communication processing apparatuses 20 detects the communication…, and notifies the communication control apparatus 10 of the detected communication (i.e. receives a response, the control apparatus gets the IP of the edge device based on the Datapath ID of OpenFlow channel – See Fig. 2), ¶ [0025] using an edge device (a software-defined network (SDN) switch), ¶ [0043]).
It is noted that Mayuzumi does not explicitly disclose:
multicast, in the VLAN in which the unauthorized communication is detected, the RS message in the VLAN in which the unauthorized communication is detected.
PalChaudhuri further discloses that the disclosure relate to virtual local area network (VLAN) management in networks (PalChaudhuri: ¶ [0014]), and when a particular VLAN is an allowed VLAN at the upstream switch port, an AP connected to the upstream switch port will likely receive many multicast and/or broadcast packets on the particular VLAN (PalChaudhuri: ¶ [0047]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of PalChaudhuri in the teachings of Mayuzumi. A person having ordinary skill in the art would have been motivated to do so as multicast only reaches devices in a specific group therefore providing granular control over the communication and lower the network congestion.
Conclusion
15. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US-20200228491-A1
US-20190273718-A1
US-11252192-B1
US-20170331842-A1
US-20130188521-A1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507. The examiner can normally be reached on MON-FRI 8AM-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W. KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494