Prosecution Insights
Last updated: July 17, 2026
Application No. 18/916,736

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM

Final Rejection §102§103§112
Filed
Oct 16, 2024
Priority
Mar 03, 2023 — JP 2023-033209 +2 more
Examiner
CARNES, THOMAS A
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
NTT Docomo Business Inc.
OA Round
2 (Final)
69%
Grant Probability
Favorable
3-4
OA Rounds
1y 6m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 69% — above average
69%
Career Allowance Rate
53 granted / 77 resolved
+10.8% vs TC avg
Strong +68% interview lift
Without
With
+68.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
25 currently pending
Career history
104
Total Applications
across all art units

Statute-Specific Performance

§101
0.4%
-39.6% vs TC avg
§103
94.2%
+54.2% vs TC avg
§102
3.5%
-36.5% vs TC avg
§112
1.2%
-38.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 77 resolved cases

Office Action

§102 §103 §112
DETAILED ACTION This Office Action is in response to the communication filed on 4/1/2026. Claims 1-2 and 4-21 are pending. Claims 6-21 are new. Claims 3 has been cancelled. Claims 1-2, 4-21 are rejected. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Objections The objections are withdrawn due to Applicant’s amendments. Claim Rejections - 35 USC § 112 The claim rejections under 112 are withdrawn due to Applicant’s amendments. Response to Arguments Applicant's arguments filed 4/1/2026 have been fully considered but they are not persuasive. On Page 10 of Remarks Applicant argues that Compton does not at least suggest overlay/underlay networks corresponding to upper and lower network devices working in cooperation. Examiner disagrees because Compton recites “[0059] the intrusion detection systems 204 are within the network of an ISP such as a broadband provider; the central controller 212 resides in a datacenter; the route reflector 216 resides in a data center or is connected to a backbone network; and the ISPs 220 are individual peering routers within the broadband provider's network and/or in the network(s) of other ISP(s).” which teaches the overlay/underlying networks further, Compton discloses “[0085] servers and routers can be virtualized instead of being physical devices” and explicitly recites cooperation between these devices. Additionally, claims 1 and 2 explicitly recite that the first and second circuitry is “configured to” perform the steps. Meaning that any deice which is capable of performing the function reads on the claim language. On Page 11 of Remarks Applicant argues that Compton’s does not teach a lower network device detecting unauthorized communications, specifically that Compton’s network devices do not perform the detecting, just enforcing. Examiner disagrees because Compton explicitly recites “[0066] intrusion detection system 204 determines that any network traffic for one or more particular network addresses received by the intrusion detection system 204 is a suspected attack” Additionally, Applicant is arguing limitations not claimed. At no point do the independent claims recite “determining”. On Page 11 of Remarks Applicant argues that the information flow in Compton is central-controller-to-device, not lower network device to upper network device. Compton's network devices do not notify other network devices of detection information, nor do they block based on detection information received from another network device. Examiner disagrees. Compton explicitly teaches data flowing as recited in the claims, Compton’s devices are network devices and including the upper device (control controller) communication with the lower device (IDS). ([0026] the IDS sending information to the central controller and the central controller sending information back to the IDS both of which are in communication with other network devices). On Page 12 of Remarks Applicant argues that the dependent claims are in condition for allowance by virtue of the independent claims, however Examiner does not find the independent claims allowable therefore does not find the dependent claims allowable. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-2, 4-5, 8-14 and 18-21 are rejected under 35 U.S.C. 102(a)(1) as being Anticipated by Compton (U.S. 20210112091). Regarding claims 1, 4, and 5, Compton discloses: An information processing system comprising: an upper network device constituting an overlay network, the upper network device including first processing circuitry; and (Compton [0026-0040, 0059, 0085] teaches network devices (upper device/overlay network)) a lower network device constituting an underlay network, (Compton [0026-0040, 0059, 0085] teaches underlaying hardware (lower network/underlay network)) the lower network device including second processing circuitry configured to: (Compton [0026-0040, 0048-0059] teaches the central controller/intrusion detection system) acquire terminal information related to communication of a terminal connected to the lower network device; (Compton [0026-0040, 0046-0059] teaches the central controller/intrusion detection system inspects incoming network traffic) detect an unauthorized communication based on the terminal information; and (Compton [0026-0040, 0046-0059] teaches the central controller/intrusion detection system determines whether the incoming network traffic is malicious (unauthorized); Each IDS inspects the incoming network traffic and sends the alerts to the central controller) notify the upper network device of detection information regarding the unauthorized communication, (Compton [0026-0040, 0046-0059] teaches the central controller/intrusion detection system obtains detection information; Each IDS inspects the incoming network traffic and sends the alerts to the central controller) wherein the first processing circuitry is configured to receive the detection information from the lower network device, and (Compton [0026-0040, 0046-0059] teaches receiving the central controller receives the alerts from each IDS) block the unauthorized communication based on the detection information. (Compton [0026-0040, 0046-0059] teaches the central controller performing a mitigation action which includes blocking the traffic based on information from the intrusion detection system) Claim 4 additionally discloses, an information processing method (Compton [0026] One or more embodiments provide a method) Claim 5 additionally discloses, A non-transitory computer-readable recording medium storing therein an information processing program causing a computer (Compton [0081] a tangible computer-readable recordable storage medium is defined to encompass a recordable medium, examples of which are set forth above, but is defined not to encompass transmission media per se or disembodied signals per se) Regarding claim 2, Compton discloses: The information processing system according to claim 1, wherein the second processing circuitry is configured to detect the unauthorized communication by performing matching between the terminal information and information related to unauthorized communication information which is stored in a memory. (Compton [0010, 0026-0040, 0046-0059] teaches comparison of unusual behavior to normal traffic to detect attacks (unauthorized communications)) Regarding claim 3,Cancelled. Regarding claims 9 and 18, Compton discloses: The information processing system according to claim 1, wherein the first processing circuitry is configured to block the unauthorized communication by adding an IP address of a destination of the unauthorized communication to a list of IP addresses not permitted to perform communication. (Compton [0026, 0034-0038, 0050-0051, 0059, 0076] teaches adding IP addresses to a whitelist/blacklist where blacklisted IP addresses are blocked) Regarding claims 10 and 19, Compton discloses: The information processing system according to claim 9, wherein the first processing circuitry is configured to perform filtering based on the list of IP addresses not permitted to perform communication. (Compton [0026, 0034-0038, 0050-0051, 0058-0059, 0074-0076] teaches the generated rules can include a filtering rule where the blacklisted addresses are filtered/blocked) Regarding claims 11 and 20, Compton discloses: The information processing system according to claim 1, wherein the first processing circuitry is configured to block communication directed from the terminal to a communication destination of the unauthorized communication. (Compton [0026, 0037-0038, 0050-0051, 0058-0059, 0074-0076] teaches the blocking communication from attackers) Regarding claims 12 and 21, Compton discloses: The information processing system according to claim 1, wherein the lower network device further comprises a memory configured to store a list of IP addresses associated with known unauthorized communication destinations, and (Compton [0026, 0034-0038, 0050-0051, 0059, 0076] teaches a blacklist where blacklisted where unauthorized IP addresses that are associated with unauthorized destinations are stored) the second processing circuitry is configured to detect the unauthorized communication by determining that a destination IP address in the terminal information matches an IP address in the list. (Compton [0010, 0026-0040, 0046-0059, 0076] teaches comparison of unusual behavior to normal traffic to detect attacks (unauthorized communications) including using the blacklist for comparisons) Regarding claim 13, Compton discloses: The information processing system according to claim 1, wherein the terminal information includes a connection destination IP address and a connection source IP address of the terminal connected to the lower network device. (Compton [0026-0033] The NetFlow records contain, for example, the source IP address/port number, the destination IP address/port number, and the number of bytes transferred for a given traffic flow) Regarding claim 14, Compton discloses: The information processing system according to claim 1, wherein the terminal connected to the lower network device comprises at least one of office automation (OA) equipment and Internet of Things (IoT) equipment. (Compton [0026-0040, 0046-0059] teaches that the central controller/intrusion detection system inspects incoming information regarding network traffic; information regarding network traffic is also obtained from various devices, such as network devices, servers, and the like ((IoT) equipment); Additionally [0053] teaches automation systems). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 6-8 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Compton (U.S. 20210112091), in view of Chalmandrier-Perna (U.S. 20180253551). Regarding claims 6 and 15, Compton discloses: The information processing system according to claim 1, wherein the detection information includes a communication destination IP address, a communication source IP address, a detection type. (Compton [0033] The NetFlow records contain, for example, the source IP address/port number, the destination IP address/port number, and the number of bytes transferred for a given traffic flow; [0059] the intrusion detection system determines the true victim IP address and type of attack and feeds this information to the central controller ) Compton does not explicitly disclose: detection information includes… a date and time of detection However, in the same field of endeavor Chalmandrier-Perna teaches: detection information includes… a date and time of detection (Chalmandrier-Perna [0063-0066] associate a timestamp with the file in the form of a tag, or associate a potential security threat-level that the file poses, wherein such tagged files can then be transmitted to a TDFQ) Chalmandrier-Perna and Compton are analogous art because they are from the same field of endeavor threat detection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Compton and Chalmandrier-Perna before him or her, to modify the method of Compton to include the timestamped data and UTM of Chalmandrier-Perna because it will allow for advanced and efficient filtering. The motivation for doing so would be [“ In an aspect, the file can be tagged using a pre-filter based on an application by which it would be executed. The file can also be tagged using a pre-filter based on a threat-level that is associated with the file by the pre-filter (or filtering engine). In another aspect, the file can be pre-filtered using a network security device (e.g., a firewall, a network security gateway, an Intrusion Prevention System (IPS), an Intrusion Detection System (IDS) or a Unified Threat Management (UTM) appliance) before being received at the computer system.”] (Paragraph 0029 by Chalmandrier-Perna) and NSD can associate a timestamp with the file in the form of a tag (Paragraph 0048, 0063-0066 by Chalmandrier-Perna)]. Therefore, it would have been obvious to combine Compton and Chalmandrier-Perna to obtain the invention as specified in the instant claim. Regarding claims 7 and 16, Compton discloses: The information processing system according to claim 1, wherein the lower network device comprises Deep Packet Inspection (DPI) equipment. (Compton [0028-0029, 0035-0037, 0071] teach the lower network device can include a device to perform deep packet inspection) While Compton teaches that the upper network device can be in a datacenter, it does not explicitly teach: the upper network device comprises at least one of a cloud proxy server and Unified Threat Management (UTM) equipment, and However, in the same field of endeavor Chalmandrier-Perna teaches: the upper network device comprises at least one of a cloud proxy server and Unified Threat Management (UTM) equipment, and (Chalmandrier-Perna [0029, 0038] In an aspect, the file can be tagged using a pre-filter based on an application by which it would be executed. The file can also be tagged using a pre-filter based on a threat-level that is associated with the file by the pre-filter (or filtering engine). In another aspect, the file can be pre-filtered using a network security device (e.g., a firewall, a network security gateway, an Intrusion Prevention System (IPS), an Intrusion Detection System (IDS) or a Unified Threat Management (UTM) appliance) before being received at the computer system) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Chalmandrier-Perna for similar reasons as cited in claim 6. Regarding claims 8 and 17, Compton discloses: The information processing system according to claim 1 While teaches second processing circuitry configured to detect unauthorized communication Compton does not explicitly teach: wherein the second processing circuitry is configured to detect the unauthorized communication using a Unified Threat Management (UTM) security function. However, in the same field of endeavor Chalmandrier-Perna teaches: the second processing circuitry is configured to detect the unauthorized communication using a Unified Threat Management (UTM) security function. (Chalmandrier-Perna [0029, 0038] In an aspect, the file can be tagged using a pre-filter based on an application by which it would be executed. The file can also be tagged using a pre-filter based on a threat-level that is associated with the file by the pre-filter (or filtering engine). In another aspect, the file can be pre-filtered using a network security device (e.g., a firewall, a network security gateway, an Intrusion Prevention System (IPS), an Intrusion Detection System (IDS) or a Unified Threat Management (UTM) appliance) before being received at the computer system) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Chalmandrier-Perna for similar reasons as cited in claim 6. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Achleitner 2020-08-21 (US 20220060491) teaches an anomaly detection model is trained to detect malicious traffic sessions with a low rate of false positives. A sample feature extractor extracts tokens corresponding to human-readable substrings of incoming unstructured payloads in a traffic session. The tokens are correlated with a list of malicious traffic features and frequent malicious traffic features across the traffic session are aggregated into a feature vector of malicious traffic feature frequencies. An anomaly detection model trained on feature vectors for unstructured malicious traffic samples predicts the traffic session as malicious or unclassified. The anomaly detection model is trained and updated based on its' ongoing false positive rate and malicious traffic features in the list of malicious traffic features that result in a high false positive rate are removed. Marshall 2013-11-01 (US 10171421) teaches an intrusion detection and prevention system and computer program which, when operated or executed by a security element (7) situated between a receiver (3) and a media access control (MAC) element (5) of a device (1) of a wireless network, performs the steps of receiving wireless traffic from the receiver of the device, and detecting that MAC element the traffic is allowed according to one or more rules and passing the traffic to the MAC element of the device, or detecting that the traffic is not allowed according to the one or more rules and preventing the traffic from passing to the MAC element of the device. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A CARNES whose telephone number is (571)272-4378. The examiner can normally be reached Monday-Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached at (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. THOMAS A. CARNES Examiner Art Unit 2436 /THOMAS A CARNES/Examiner, Art Unit 2436 /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436
Read full office action

Prosecution Timeline

Oct 16, 2024
Application Filed
Jan 07, 2026
Non-Final Rejection mailed — §102, §103, §112
Mar 03, 2026
Interview Requested
Mar 12, 2026
Examiner Interview Summary
Mar 12, 2026
Applicant Interview (Telephonic)
Apr 01, 2026
Response Filed
May 14, 2026
Final Rejection mailed — §102, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682116
Trust Monitoring for Input to Messaging Group
4y 9m to grant Granted Jul 14, 2026
Patent 12675589
TIME-DELAY-BASED ACCESS CONTROL FOR CONTINUOUS INTEGRATION PIPELINES
3y 5m to grant Granted Jul 07, 2026
Patent 12619693
User credential authentication using blockchain and machine learning
3y 6m to grant Granted May 05, 2026
Patent 12619753
DYNAMIC TIME-BASED DATA ACCESS POLICY DEFINITION AND ENFORCEMENT
2y 12m to grant Granted May 05, 2026
Patent 12615281
MACHINE LEARNED ALERT CLASSIFICATION SYSTEM
1y 8m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
69%
Grant Probability
99%
With Interview (+68.1%)
3y 3m (~1y 6m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 77 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month