Prosecution Insights
Last updated: July 17, 2026
Application No. 19/215,505

DATA PROCESSING METHOD AND RELATED APPARATUS

Non-Final OA §102§103§112
Filed
May 22, 2025
Priority
Jun 02, 2023 — CN 202310649532.7 +1 more
Examiner
ALRIYASHI, ABDULKADER MOHAMED
Art Unit
Tech Center
Assignee
Tencent Technology (Shenzhen) Company Limited
OA Round
1 (Non-Final)
67%
Grant Probability
Favorable
1-2
OA Rounds
1y 10m
Est. Remaining
71%
With Interview

Examiner Intelligence

Grants 67% — above average
67%
Career Allowance Rate
260 granted / 386 resolved
+7.4% vs TC avg
Minimal +3% lift
Without
With
+3.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
28 currently pending
Career history
419
Total Applications
across all art units

Statute-Specific Performance

§101
1.7%
-38.3% vs TC avg
§103
83.0%
+43.0% vs TC avg
§102
6.7%
-33.3% vs TC avg
§112
6.9%
-33.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 386 resolved cases

Office Action

§102 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority The instant application is a continuation application of International Application No. PCT/CN2024/086289 filed on Apr. 7, 2024, which claims priority to Chinese Patent Application No. 202310649532.7 filed with the China National Intellectual Property Administration on Jun. 2, 2023. Specification The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed. The following title is suggested: DATA PROCESSING METHOD AND RELATED APPARATUS FOR ABNORMAL NETWORK TRAFFIC DETECTION. Allowable Subject Matter Claims 4-6 and 15-17 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim(s) 7 and 18 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. As to claim 7, there are insufficient antecedent basis for the limitations “the first cache address” and “the second cache address. It seems that claim 7 should be dependent on claim 4 not 3. Appropriate correction is required. As to claim 18, there are insufficient antecedent basis for the limitations “the first cache address” and “the second cache address. It seems that claim 18 should be dependent on claim 15 not 3. Appropriate correction is required. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1-2, 12-13 and 20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Crisler et al. (Pub. No.: US 20160359900 A1). As to claim 1, Crisler teaches a data processing method, performed by a computer device, comprising: acquiring network traffic data (paragraph [0081], “…intercepting or receiving log files related to traffic that passes over the telecommunications network…”); performing information extraction on the network traffic data (paragraph [0081], “…The method may also include collecting metadata including values of data attributes associated with the traffic…”); obtaining target information corresponding to the network traffic data, a volume of the target information being less than a volume of the network traffic data (paragraph [0081], “…collecting metadata including values of data attributes associated with the traffic…”, metadata is less than a volume of the traffic data); transmitting the target information to a traffic detection device (paragraph [0081], “…generating and transmitting a request for an associated threat score for the value of a data attribute of the data attributes…”); and obtaining a detection result, from the traffic detection device, corresponding to the network traffic data (paragraph [0081], “…receiving the associated threat score and based thereon initiating a block or redirection of the traffic…”). As to claim 2, Crisler teaches wherein the network traffic data comprises n pieces of network traffic data, n being an integer greater than 1, and wherein the transmitting the target information to a traffic detection device comprises: aggregating the target information corresponding to the n pieces of network traffic data (paragraph [0073], “…The aggregation performed by the aggregation and normalization logic 914 may involve the collection of common metadata across the entirety of the sources identified such as the first time detect, last time seen, number of times seen, associated data (e.g., domain is related to IP x.x.x.x at the time of detection)…”); obtaining and transmitting aggregation information to the traffic detection device (paragraph [0081], “…generating and transmitting a request for an associated threat score for the value of a data attribute of the data attributes…”); and obtaining a detection result from the traffic detection device (paragraph [0081], “…receiving the associated threat score and based thereon initiating a block or redirection of the traffic…”). As to claim 12, Crisler teaches a data processing apparatus, comprising: at least one memory configured to store program code (fig. 12); and at least one processor configured to read the program code and operate as instructed by the program code (fig. 12), the program code comprising: acquisition code configured to cause at least one of the at least one processor to acquire network traffic data (paragraph [0081], “…intercepting or receiving log files related to traffic that passes over the telecommunications network…”); extraction code configured to cause at least one of the at least one processor to perform information extraction on the network traffic data (paragraph [0081], “…The method may also include collecting metadata including values of data attributes associated with the traffic…”); obtaining code configured to cause at least one of the at least one processor to obtain target information corresponding to the network traffic data, a volume of the target information being less than a volume of the network traffic data (paragraph [0081], “…collecting metadata including values of data attributes associated with the traffic…”, metadata is less than a volume of the traffic data); and transmission code configured to cause at least one of the at least one processor to transmit the target information to a traffic detection device, and obtain a detection result, from the traffic detection device, corresponding to the network traffic data (paragraph [0081], “…generating and transmitting a request for an associated threat score for the value of a data attribute of the data attributes…”, “…receiving the associated threat score and based thereon initiating a block or redirection of the traffic…”). As to claim 13, the limitations of the claim are substantially similar to claim 2. Please refer to claim 2 above. As to claim 20, Crisler further teaches a non-transitory computer-readable storage medium, storing computer code which, when executed by at least one processor (fig. 12). Therefore, the limitations of the claim are substantially similar to claim 1. Please refer to claim 1 above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 3, 7, 14 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Crisler et al. (Pub. No.: US 20160359900 A1) in view of Mandrychenko (Pub. No.: US 20200287920 A1) (Mandrychenko was cited in the 5/22/2025 IDS). As to claim 3, Crisler teaches wherein before the aggregating target information corresponding to the n pieces of network traffic data, the method further comprises: aggregating the target information (paragraph [0081], “…collecting metadata including values of data attributes associated with the traffic…”); and transmitting the aggregation information to the traffic detection device (paragraph [0081], “…generating and transmitting a request for an associated threat score for the value of a data attribute of the data attributes…”). Crisler does not explicitly teach utilizing a cache. However, in the same field of endeavor (compute networks) Mandrychenko teaches writing the target information into cache addresses (paragraph [0045], “…locally store the aggregated network communication metadata…”); and wherein the aggregating target information corresponding to the n pieces of network traffic data comprises: aggregating the target information into the cache addresses (paragraph [0045], “…locally store the aggregated network communication metadata…”); and wherein the obtaining and transmitting aggregation information to the traffic detection device comprises: reading the aggregation information from the cache addresses, and transmitting the aggregation information to the traffic detection device (paragraph [0045], “…locally store the aggregated network communication metadata for subsequent transmission to anomaly detection service 106…”). Based on Crisler in view of Mandrychenko, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate utilizing a cache to store aggregated traffic data (taught by Mandrychenko) with aggregating and transmitting traffic data (taught by Crisler) in order to enhance data transmission and reduce data loss. As to claim 7, Mandrychenko further teaches wherein the aggregating the target information into the cache addresses comprises: determining a cache address that stores m pieces of target information among the first cache address device (paragraph [0045], “…locally store the aggregated network communication metadata for subsequent transmission to anomaly detection service 106…”); determining the second cache address as a target cache address device (paragraph [0045], “…locally store the aggregated network communication metadata for subsequent transmission to anomaly detection service 106…”); aggregating, based on the m pieces of target information, the target information corresponding to the n pieces of network traffic data device (paragraph [0045], “…locally store the aggregated network communication metadata for subsequent transmission to anomaly detection service 106…”). The limitations of claim 7 are rejected in view of the analysis of claim 3 above, and the rationale to combine, as discussed in claim 3, applies here as well. As to claims 14 and 18, the limitations of the claims are substantially similar to claims 3 and 7, respectively. Please refer to each respective claim above. Claim(s) 8-10 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Crisler et al. (Pub. No.: US 20160359900 A1) in view of Williams et al. (Pub. No.: US 20230412617 A1). As to claim 8, Crisler teaches wherein the acquiring network traffic data comprises: acquiring transmission network traffic (paragraph [0081], “…collecting metadata including values of data attributes associated with the traffic…”); parsing the transmission network traffic (paragraph [0081], “…collecting metadata including values of data attributes associated with the traffic…”); determining the transmission network traffic as the network traffic data (paragraph [0081], “…generating and transmitting a request for an associated threat score for the value of a data attribute of the data attributes…”). Crisler does not explicitly teach obtaining a type identifier associated with the traffic. However, in the same field of endeavor (compute networks) Williams teaches acquiring transmission network traffic (paraph [0022], “communication session may be sent by the packet selector to the CPE detection engine for inspection”); parsing the transmission network traffic (paraph [0022], “communication session may be sent by the packet selector to the CPE detection engine for inspection”); obtaining a type identifier of the transmission network traffic (paragraph [0024], “The predefined number of packets that match certain criteria specified in the packet selection rules may be sent to the CPE detection engine…”); and determining, based on the type identifier being a replication identifier, the transmission network traffic as the network traffic data (paragraph [0024], “The predefined number of packets that match certain criteria specified in the packet selection rules may be sent to the CPE detection engine…” and paragraph [0021]). Based on Crisler in view of Williams, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate obtaining a type identifier associated with the traffic (taught by Williams) with aggregating and transmitting traffic data (taught by Crisler) in order to avoid disruption of the traffic, the packet selector may apply the packet selection rules to duplicate packets instead of the original packets from the communication session as motivated by Williams (paragraph 0021). As to claim 9, Williams further teaches wherein the acquiring transmission network traffic comprises: acquiring initial network traffic, a type identifier of the initial network traffic being a business identifier (paragraph [0024], “The predefined number of packets that match certain criteria specified in the packet selection rules may be sent to the CPE detection engine…”); performing multicast replication on the initial network traffic (paragraph [0021], “avoid disruption of the traffic, the packet selector may apply the packet selection rules to duplicate packets instead of the original packets from the communication session”); obtaining replicated network traffic, a type identifier of the replicated network traffic being the replication identifier (paragraph [0021], “avoid disruption of the traffic, the packet selector may apply the packet selection rules to duplicate packets instead of the original packets from the communication session”); and determining the initial network traffic and the replicated network traffic as the transmission network traffic (paragraph [0024], “The predefined number of packets that match certain criteria specified in the packet selection rules may be sent to the CPE detection engine…” and paragraph [0021]). The limitations of claim 9 are rejected in view of the analysis of claim 8 above, and the rationale to combine, as discussed in claim 8, applies here as well. As to claim 10, Williams further teaches wherein the acquiring transmission network traffic comprises: acquiring initial network traffic (paragraph [0024], “The predefined number of packets that match certain criteria specified in the packet selection rules may be sent to the CPE detection engine…”); determining the initial network traffic as the transmission network traffic, a type identifier of the initial network traffic being a business identifier (paragraph [0024], “The predefined number of packets that match certain criteria specified in the packet selection rules may be sent to the CPE detection engine…”); replicating, based on determining that the type identifier of the transmission network traffic being the business identifier, the transmission network traffic (paragraph [0021], “avoid disruption of the traffic, the packet selector may apply the packet selection rules to duplicate packets instead of the original packets from the communication session”); and determining replicated network traffic as the transmission network traffic, a type identifier of the replicated network traffic being the replication identifier (paragraph [0024], “The predefined number of packets that match certain criteria specified in the packet selection rules may be sent to the CPE detection engine…” and paragraph [0021]). The limitations of claim 10 are rejected in view of the analysis of claim 8 above, and the rationale to combine, as discussed in claim 8, applies here as well. As to claim 19, the limitations of the claim are substantially similar to claim 8. Please refer to claim 8 above. Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Crisler et al. (Pub. No.: US 20160359900 A1) in view of Williams et al. (Pub. No.: US 20230412617 A1) and further in view of Dong et al. (Pub. No.: US 20130272144 A1). As to claim 11, Crisler in view of Williams does not explicitly teach sampling ratio of network traffic. However, in the same field of endeavor (computer networks) Dong teaches acquiring initial network traffic comprises: sampling, in a process of transmitting network traffic by a first device to a second device, transmitted network traffic according to a sampling ratio (paragraph [0008], “…the first monitoring rule configured to associate a first portion of monitored network traffic with a first monitoring sampling ratio…”); and obtaining the initial network traffic (paragraph [0008], “…the first monitoring rule configured to associate a first portion of monitored network traffic with a first monitoring sampling ratio…”). Based on Crisler in view of Williams and further in view of Dong, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate sampling ratio of network traffic (taught by Dong) with obtaining a type identifier associated with the traffic (taught by Williams) with aggregating and transmitting traffic data (taught by Crisler) in order to avoid disruption of the traffic, the packet selector may apply the packet selection rules to duplicate packets instead of the original packets from the communication session as motivated by Williams (paragraph 0021) and in order to conserve computing resources. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Navon et al. (Pub. No.: US 20220321588 A1), teaches anomaly detection for networking. Please see at least fig. 5. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULKADER M ALRIYASHI whose telephone number is (313)446-6551. The examiner can normally be reached Monday - Friday, 8AM - 5PM Alt, Friday, EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JOON HWANG can be reached at (571)272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Abdulkader M Alriyashi/Primary Examiner, Art Unit 2447 6/21/2026
Read full office action

Prosecution Timeline

May 22, 2025
Application Filed
Jun 24, 2026
Non-Final Rejection mailed — §102, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675590
DATA SECURITY AT CLOUD SCALE
3y 0m to grant Granted Jul 07, 2026
Patent 12665770
SYSTEM AND METHOD FOR CRYPTOGRAPHIC FORENSIC AUDITS ON LIGHTWEIGHT IOT AND DIGITAL ARCHIVES
2y 12m to grant Granted Jun 23, 2026
Patent 12652303
Modular System for Affirming Digital User Identity and Fraud Risk
2y 6m to grant Granted Jun 09, 2026
Patent 12647291
Data Backups Using Multiple Blockchains
2y 3m to grant Granted Jun 02, 2026
Patent 12634194
Systems and methods for automated assignment and alerting of non-compliant resources
2y 6m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
67%
Grant Probability
71%
With Interview (+3.4%)
3y 0m (~1y 10m remaining)
Median Time to Grant
Low
PTA Risk
Based on 386 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month