DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/12/2021 has been entered. 

Allowable Subject Matter
Claims 7, 15, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-4, 6, 8-12, 14, and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Nucci et al. (U.S. Patent No. 7644150, hereinafter “Nucci”) in view of Pasupathy et al. (U.S. Patent Application Publication No. 2017/0288987, hereinafter “Pasupathy”). 

Claims 1, 9, and 17:
Nucci discloses a system for application-based packet classification, comprising:
a server comprising a network interface in communication with a plurality of devices and a processor (Column 5, Lines 46-48; A flow that cannot be classified is forwarded to a centralized server, such as logic server 108 for further analysis), the processor configured to:

determine that an application signature is valid based on a comparison of application signatures from a plurality of devices associated with different network identifiers (Column 7, Lines 3-5; The main functionality of logic server 108 is to accomplish multi-stage traffic classification based on the complete view of the network provided by the distributed high speed monitors) (Column 8, Lines 12-16; There may be other layer-3/layer-4 header information from other traffic flows extracted by other high speed monitors that are aggregated by the Aggregator.  Then a classification from the plurality of traffic flows is determined), and
provide, to the plurality of devices responsive to the determination, the valid application signature, the plurality of devices routing network traffic using the valid application signature (Column 5, Lines 55-58; Logic server 108 extracts signatures of application that constitute different high level classes and populates a signature 

Nucci does not appear to disclose wherein the processor is further configured to:
increment a value associated with a first application signature received from a first device associated with a first network identifier and stored in a signature candidate database, responsive to receipt of the first application signature from a second device associated with a different, second network identifier; and
determine that the application signature is valid responsive to a value associated with the application signature in a signature candidate database exceeding a threshold.

Pasupathy discloses:
increment a value associated with a first application signature received from a first device (“existing entry”) associated with a first network identifier and stored in a signature candidate database, responsive to receipt of the first application signature from a second device (“Traffic B”) associated with a different, second network identifier (§ 0015, Lines 12-15; The network device may update the hit counter if there is an existing entry (e.g., for Traffic B, the hit count has been incremented from 5 to 6)) (§ 0069, Lines 9-10; A threshold may be a number of different source-destination pairs associated with the hits); and
determine that the application signature is valid (“should be generated”) responsive to a value (“hit counter”) associated with the application signature in a 

At the time the invention was made, it would have been obvious to one of ordinary skill in the art to modify Nucci’s system by integrating Pasupathy’s context database in order to reduce delays in the generation and distribution of application signatures and accelerate elimination of rogue traffic and/or identification of legitimate traffic which may improve network security, conserve computing resources, and increase network performance (Pasupathy, § 0011). 

The method of claim 1 is implemented by the system of claim 9 and is therefore rejected with the same rationale.

Regarding the “non-transitory computer-readable medium” of claim 17, Nucci discloses a computer readable medium embodying instructions to perform the steps as detailed in the rejection of claim 9 (Column 14, Lines 55-57; See claim 11).

Claims 2, 10, and 18:


Claims 3 and 11:
Nucci in view of Pasupathy further discloses wherein the plurality of devices are configured to apply the processing policy associated with the application to the packet flows to the destination address associated with the application based on information of packets of the packet flows at a layer of a network stack at or lower than a transport layer (Nucci, Column 6, Lines 23-28; Any flow that is marked as unknown by the L7 Monitor is forwarded to the L4 Monitor whose main functionality is to extract only layer-3 (network layer) / layer-4 (transport layer) header information from layer-3/layer-4 packets of an unknown flow).

Claims 4 and 12:
Nucci in view of Pasupathy further discloses wherein each application signature is generated by a device from application layer information of a first packet of a corresponding packet flow (Nucci, Column 6, Lines 38-41; Typically, signatures for applications can be captured by looking at the first few packets in a flow and the first few bytes of application payload in each packet).

Claims 6 and 14:
Nucci in view of Pasupathy further discloses wherein the processor is further configured to add the first application signature to the signature candidate database, upon receipt of the first application signature from a first device of the plurality of devices (Pasupathy, § 0015, Lines 9-12; The network device may add an entry to the context database if there is no existing entry matching the obtained contextual information).

The motivation to combine the Nucci and Pasupathy references is the same as that recited in the rejection of claims 1 and 9. 

Claims 8 and 16:
Nucci in view of Pasupathy further discloses wherein each application signature comprises an identification of an application (Nucci, Column 6, Lines 14-20; With the help of signature repository 213 the L7 monitor tries to classify traffic (e.g., a plurality of traffic flows, which includes at least source and destination address information)) that generated a request to the associated destination address and an address tuple comprising the associated destination address and a port number (Nucci, Column 6, TABLE 3; The algorithm for extracting signatures is shown, which includes at least an address tuple comprising the IP address and port number).

Response to Arguments
Applicant's arguments filed 01/12/2021 have been fully considered but they are not persuasive.  Applicant argues on pages 7-8 that Nucci and Pasupathy, alone or in combination, fail to teach or suggest each and every element of the claimed invention.  . 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
U.S. Patent No. 7944822 (Nucci et al.) – System and Method for Identifying Network Applications – A framework for traffic classification where an IP address of which percentage occurrences in destination IP address fields exceeds a threshold is identified. 
U.S. Patent No. 8964548 (Keralapura et al.) – System and Method for Determining Network Application Signatures Using Flow Payloads – Method for profiling network traffic where a number of flows as exceeding a training set size threshold is determined. 
U.S. Patent Application Publication No. 2008/0232275 (Eswaran et al.) – Data-Type-Based Network Path Configuration - Counter that is incremented when a signature of a particular type of data is detected. 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NAM T TRAN whose telephone number is (408)918-7553.  The examiner can normally be reached on Monday-Friday 7AM-3PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NAM T TRAN/Primary Examiner, Art Unit 2452