bayesNotice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  7/16/2019. The instant application has claims 1-20 pending. The system, method and medium for  assigning models to encrypted traffic based on TLS features. There a total of 20 claims.

Duty to Disclose, Candor, Good Faith

The applicant has failed to provide several references that inventor has published that are pertinent to the patentability of the instant application see Notice of Reference Cited-PTO 892 form accompanying this action. The applicant has provided several non-patent literature, but not a single reference from the inventor which can be easily found in any google or non-patent literature search. The applicant has intentionally hidden these references from the examiner to avoid unpatentability rejection. See MPEP 2001.04 Information Under 37 CFR 1.56(a) & MPEP 2001.06    Sources of Information under 37 CFR 1.56.

2001.04    Information Under 37 CFR 1.56(a) [R-08.2017]
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

37 C.F.R. 1.56   Duty to disclose information material to patentability.
(a) A patent by its very nature is affected with a public interest. The public interest is best served, and the most effective patent examination occurs when, at the time an application is being examined, the Office is aware of and evaluates the teachings of all information material to patentability. Each individual associated with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the Office, which includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined in this section. The duty to disclose information exists with respect to each pending claim until the claim is cancelled or withdrawn from consideration, or the application becomes abandoned. Information material to the patentability of a claim that is cancelled or withdrawn from consideration need not be submitted if the information is not material to the patentability of any claim remaining under consideration in the application. There is no duty to submit information which is not material to the patentability of any existing claim. The duty to disclose all information known to be material to patentability is deemed to be satisfied if all information known to be material to patentability of any claim issued in a patent was cited by the Office or submitted to the Office in the manner prescribed by §§ 1.97(b) -(d)  and 1.98. However, no patent will be granted on an application in connection with which fraud on the Office was practiced or attempted or the duty of disclosure was violated through bad faith or intentional misconduct. The Office encourages applicants to carefully examine: 
(1) Prior art cited in search reports of a foreign patent office in a counterpart application, and 
(2) The closest information over which individuals associated with the filing or prosecution of a patent application believe any pending claim patentably defines, to make sure that any material information contained therein is disclosed to the Office. 


2001.06    Sources of Information under 37 CFR 1.56 [R-08.2017]
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

All individuals covered by 37 CFR 1.56  (reproduced in MPEP § 2001.01) have a duty to disclose to the U.S. Patent and Trademark Office all material information they are aware of regardless of the source of or how they become aware of the information. See Brasseler, U.S.A. I, L.P. v. Stryker Sales Corp., 267 F.3d 1370, 1383, 60 USPQ2d 1482, 1490 (Fed. Cir. 2001) ("Once an attorney, or an applicant has notice that information exists that appears material and questionable, that person cannot ignore that notice in an effort to avoid his or her duty to disclose."). Materiality controls whether information must be disclosed to the Office, not the circumstances under which or the source from which the information is obtained. If material, the information must be disclosed to the Office. The duty to disclose material information extends to information such individuals are aware of prior to or at the time of filing the application or become aware of during the prosecution thereof.
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

Individuals covered by 37 CFR 1.56  may be or become aware of material information from various sources such as, for example, co-workers, trade shows, communications from or with competitors, potential infringers, or other third parties, related foreign applications (see MPEP § 2001.06(a)), prior or copending United States patent applications (see MPEP § 2001.06(b)), related litigation and/or post-grant proceedings (see MPEP § 2001.06(c)) and preliminary examination searches.

Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claim 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites assigning probabilities to candidate processes for the encrypted session telemetry data  and identify the candidate processes. The processes can be performed 

----The limitation of  assigning probabilities to encrypted session for an model, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by a processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by a processor” language, “identifying the candidate processes” in the context of this claim encompasses the user manually picking a model based on assigned probabilities the appropriate candidate processes. Similarly, the limitation of retrieving the model from TLS fingerprint database , as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation done by human 

This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a processor to perform both the identifying the model based on assigned probabilities to the encrypted session steps. The processor in both steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of  assigning probabilities to candidate process based on telemetry data) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 




----The claimed invention is directed to non-statutory subject matter.  In the instant invention, claim is directed toward is merely an mathematical representation of probabilities based on telemetry data for picking the closest match of candidate processes, which represents an mathematical algorithm or general concept  see MPEP 2106.04(a)(2) citations below.

2106.04(a)(2)    Examples of Concepts The Courts Have Identified As Abstract Ideas [R-08.2017]

IV.    "MATHEMATICAL RELATIONSHIPS/FORMULAS"
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

The phrase "mathematical relationships/formulas" is used to describe mathematical concepts such as mathematical algorithms, mathematical relationships, mathematical formulas, and calculations. The courts have used the term "algorithm" to refer to both mathematical procedures and mathematical formulas, including: a procedure for converting binary-coded decimal numerals into pure binary form, Gottschalk v. Benson, 409 U.S. 63, 65, 175 USPQ2d 673, 674 (1972); a mathematical formula for calculating an alarm limit, Parker v. Flook, 437 U.S. 584, 588-89, 198 USPQ2d 193, 195 (1978); and a series of steps for analyzing clinical data to ascertain the existence and identity of an medical In re Grams, 888 F.2d 835, 837 and n.1, 12 USPQ2d 1824, 1826 and n.1 (Fed. Cir. 1989) ("It is of no moment that the algorithm is not expressed in terms of a mathematical formula. Words used in a claim operating on data to solve a problem can serve the same purpose as a formula."). 
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

In the past, the Supreme Court sometimes described mathematical concepts as laws of nature, and at other times described these concepts as judicial exceptions without specifying a particular type of exception. See, e.g., Benson, 409 U.S. at 65, 175 USPQ2d at 674; Flook, 437 U.S. at 589, 198 USPQ2d at 197. More recent opinions of the Supreme Court, however, have affirmatively characterized mathematical relationships and formulas as abstract ideas. See, e.g., Alice Corp. Pty. Ltd. V. CLS Bank Int’l, 134 S. Ct. 2347, 2355, 110 USPQ2d 1976, 1981 (describing Flook as holding "that a mathematical formula for computing ‘alarm limits’ in a catalytic conversion process was also a patent-ineligible abstract idea."); Bilski v. Kappos, 561 U.S. 593, 611-12, 95 USPQ2d 1001, 1010 (noting that the claimed "concept of hedging, described in claim 1 and reduced to a mathematical formula in claim 4, is an unpatentable abstract idea, just like the algorithms at issue in Benson and Flook."). 

	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20  is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Pub 2018/0054440 to Bercovich in view of WENC: HTTPS Encrypted Traffic Classification Using Weighted Ensemble Learning and Markov Chain to Pan.

	



But Bercovich does not disclose the encrypted traffic. However, Pan discloses the encrypted traffic being extracted see Fig. 2 & III. WENC Traffic Classification Method.

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify  Bercovich invention of having an probabilistic model for TLS traffic to include analyzing encrypted traffic in order to provide for an Markov chain analysis of threats based on machine learning as taught in Pan see Solution Overview.
Regarding Claim  2, 9,  16, Bercovich discloses the method as in claim 1, wherein the TLS features of the traffic session comprise at least one of: a ciphersuite or TLS version(Par. 0055, the TLS features based model).  

Regarding Claim  3, 10, 17,  Bercovich discloses the method as in claim 1, wherein the probabilistic model comprises a Bayesian classifier(Par. 0030, the .  Naïve-Bayes algortihm)

Regarding Claim 4, 11, 18,  Bercovich discloses the method as in claim 1, further comprising:   assigning the destination address of the traffic session, the destination port of the traffic session, or the server name associated with the traffic session with an equivalence class, based on its relationship to other addresses, ports, or server names in the TLS fingerprint database(Par. 0028-0029, the IP information  used to categorize).  

Regarding Claim  5, 12, 19 Bercovich discloses the method as in claim 4, wherein the equivalence class comprises addresses, ports, or server names associated with the same owner or autonomous system(Par. 0055, TLS fingerprint for the agent).  



Regarding Claim  7, 14,  Bercovich discloses the method as in claim 1, further comprising:  determining that the identified process comprises malware or represents a security threat(Par. 004-0045, the bad transaction and bad agent).

	Conclusion	

The Examiner notes that communication through email is permitted only after authorization with submission of PTO/SB/439 form. Please file this form in EFS or thorough central fax before proceeding to communicate via email with the examiner. The submission of the PTO/SB/439 form via email will NOT be accepted.


The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

MaMPF: Encrypted Traffic Classification Based on Multi-Attribute Markov Probability Fingerprints to Liu, which discloses TLS traffic being analyzed and classified.



US Patent Pub 2020/0234582 to Mintz, which discloses the model for traffic being generating for predicting the path.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov