Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 19-21 are allowed.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Aloni et al (US 7,620,057 B1). Hereinafter referred as Degioanni, Avner and Aloni.
Regarding claims 1 and 12, Degioanni teaches a data analytics device of a host, the device for application monitoring (page 2 paragraph (0017)), the device comprising: an application-monitor manager engine (page 2 paragraph (0021)) configured to receive configuration files from a cloud server (page 5 paragraph (0040)) and to generate monitoring rules for the plurality of monitors (page 2 paragraph (0022)); and a data-processing engine coupled (page 9 paragraph (0075)) to the application-monitor (page 1 paragraph (0003) and page 7 paragraph (0060)) and the plurality of monitors and configured to coordinate activities of the plurality of monitors (page 2 paragraph (0018) and page 3 paragraph (0024)), wherein: the plurality of monitors are embedded in a user space and a kernel of a host (the agent may be configured to receive the set of baseline operation rules and implement rule-based activity monitoring that monitors activity between the kernel and the one or more running applications and containers interacting with the kernel (page 8 paragraph (0065)).
However, Degioanni is silent in teaching monitoring rules for the plurality of monitors are generated based on the configuration files received from the cloud server. Avner teaches on (page 3 paragraph (0033)) a monitor component may be configured to process the probe runner results reported to the results database and may be configured to generate appropriate alerts based on the results. […] A rule definition database associated with the monitor component may contain the configuration information for the rules such as the entry point and targets within the cloud service. In an example scenario, a rule may be configured to generate an alert if there are two consecutive failures of a probe against a particular monitored database and/or system within the cloud service. Avner further teaches a plurality of monitors (page 2 paragraph (0021)). Avner teaches data analytics comprising a plurality of monitors (page 1 paragraph (0012)).
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s references to include the teachings of Avner for monitoring rules for the 
However, Degioanni and Avner are silent in teaching a host is configured to comprise the device and a host operating system. Aloni teaches on (column 5 lines13-19) the network interface device is configured so that each port appears to the host as though it was a separate device, with its own processing hardware, and so that each operating system on each host can interact with the device independently. Aloni also teaches a host operating system of the host (column 5 lines 13-19). 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s and Avner’s references to include the teachings of Aloni for a host which is configured to comprise the device and a host operating system before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Aloni (column 2 lines 54-61) a system and/or method is provided for a method and system for cache line replacement with zero latency, substantially as shown in and/or described in connection with at least one of the figures, as set forth more completely in the claims. 

(page 3 paragraph (0033)). 
Regarding claim 5, Degioanni, Avner and Aloni teach the device of claim 1. Degioanni teaches data-processing engine is further configured to collect data from the plurality of monitors, to preprocess the collected data and to detect relevant events (page 4 paragraph (0030)-(0031)). 

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Aloni et al (US 7,620,057 B1) in view of Paliga et al (US 2014/0232863 A1) in view of Klein et al (US 2004/0080615 A1). Hereinafter referred as Degioanni, Avner, Aloni, Paliga and Klein.
Regarding claims 3 and 13, Degioanni, Avner and Aloni teach the device of claim 1. However, Degioanni, Avner and Aloni are silent in teaching a video engine wherein video engine monitors are configured to monitor video content analytics data. Paliga teaches on (page 3 paragraph (0043)) a video can be in the form of metadata obtained from embedded analytics created by a camera and stored on a site in a DVR. […] If a company is already streaming video to a location then a filter could be put on this stream which can extract analytics or images on the fly and send them to the centralized location. Paliga also teaches the plurality of monitors are further embedded (page 2 paragraph (0021)) and security engine monitors are configured to monitor security analytics data (page 2 paragraph (0028)).
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s and Aloni’s references to include the teachings of Paliga for a video engine wherein video engine monitors are configured to monitor video content analytics data before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Paliga (page 1 paragraph (0001)) this invention relates to the field of analytics, and more particularly to a video analytics system, useful, for example, fraud detection, and more particularly ATM fraud detection.
However, Degioanni, Avner, Aloni and Paliga are silent in teaching a host is configured to comprise a video engine and a security engine. Klein teaches on (page 2 paragraph (0018)) the host computer includes software to control recording, interpretation and reaction of the security system to the video input. The control software comprises three main components, and a remote communication module. While the components may be separate software objects, they interact with one another to permit full control over the surveillance system.
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s, Aloni’s and Paliga’s references to include the teachings of Klein for a host is configured to comprise a video engine and a security engine before the effective filing date of the claimed invention. A useful combination which yields predictable results in found on Klein (page 1 paragraph (0001)) the present invention .

Claims 4, 11, 14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Aloni et al (US 7,620,057 B1) in view of Paliga et al (US 2014/0232863 A1) in view of Klein et al (US 2004/0080615 A1) in view of Park (US 2017/0316185 A1). Hereinafter referred as Degioanni, Avner, Aloni, Paliga, Klein and Park.
Regarding claim 4, Degioanni, Avner, Aloni and Paliga teach the device of claim 3. However, Degioanni, Avner, Aloni and Paliga are silent in teaching the video content analytics data comprises a manifest file, a video content source, a video segment identification and video segment statistics. Park teaches on (page 6 paragraph (0061)) if the requested content is an MPEG video, the content server may include the DRM license and/or the key to decrypt or descramble the video directly in the manifest of the video. Park further teaches the security analytics data comprise traffic pattern information, digital rights management (DRM) attributes and encryption- and/or authentication-key information (page 2 paragraph (0011) and page 2 paragraph (0021)-(0022)). 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s, Aloni’s and Paliga’s references to include the teachings of Park for a video content analytics data comprises a manifest file, a video content source, a 

Regarding claim 11, Degioanni, Avner, Aloni, Paliga and Park teach the device of claim 1. Park teaches the plurality of monitors are configured to perform IP stack monitoring by extracting information from a DNS server, a manifest file and video segments requests (page 6 paragraph (0061)). Avner further teaches monitoring rules for the plurality of monitors include rules that identify at least one monitor to take action on one or more applications (page 3 paragraph (0033))
Regarding claim 14, Degioanni, Avner, Aloni, Paliga and Park teach the data analytics device of claim 12. Avner teaches at least one processor circuit is further configured to collect data from the plurality of monitors (page 2 paragraph (0021)). Park teaches preprocess the collected data and to detect relevant events including a start and a completion of an active application or a background application, a DNS query or a video streaming session (page 6 paragraph (0061)). 
Regarding claim 17, Degioanni, Avner, Aloni, Paliga and Park teach the data analytics device of claim 12. Park teaches the plurality of monitors are configured to perform IP stack monitoring by extracting information from a DNS server, a manifest file (page 6 paragraph (0061)). Ma teaches the monitoring rules for the plurality of monitors include rules that identify at least one monitor to take action on one or more applications (page 4 paragraph (0041)).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Aloni et al (US 7,620,057 B1) in view of Milford (US 7,155,514 B1). Hereinafter referred as Degioanni, Avner, Aloni and Milford.
Regarding claim 6, Degioanni, Avner and Aloni teach the device of claim 5, However, Degioanni, Avner and Aloni are silent in teaching the relevant events comprise a start and a completion of an active application or a background application, a domain-name system (DNS) query or a video streaming session. Milford teaches on (column 8 lines 23-43) the event scanning and monitoring configuration defines the different sets of alarms i.e. event criteria and notification recipients for each event log on each computer in the network. Examples of event logs are application security, system logs, active directory, DNS system and file synchronization on the computer network. 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s and Aloni’s references to include the teachings of Milford for the relevant events comprise a start and a completion of an active application or a background application, a domain-name system (DNS) query or a video streaming session before the effective filing date of the claimed invention. A useful combination . 

Claims 7-9, 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Aloni et al (US 7,620,057 B1) in view of Wing et al (US 10,375,020). Hereinafter referred as Degioanni, Avner, Aloni and Wing.
Regarding claim 7, Degioanni, Avner and Aloni teach the device of claim 5. However, Degioanni, Avner and Aloni are silent in teaching plugins configured to provide a secure data package by securely packaging the collected data and the preprocessed collected data received from the data-processing engine. Wing teaches on (column 12 lines 4-14) encryption module may include instructions enabling DNS server to establish a secure communication channel with host device including generating encryption keys to establish an HTTPS session with host device. Encryption module may further include a key store that may store one or more private encryption keys uniquely associated with DNS server. 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s and Aloni’s references to include the teachings of Wing for plugins configured to provide a secure data package by securely packaging the collected data 

Regarding claim 8, Degioanni, Avner, Aloni and Wing teach the device of claim 7. Wing teaches the secure data package is provided to a cloud-based processor (column 2 lines 24-45) to perform a data analysis including analyzing internet protocol (IP) sessions, video and security events and dynamic analytic data and to perform deep packet inspection (DPI) and correlation in timeline and traffic patterns (column 12 lines 4-14) . 
Regarding claim 9, Degioanni, Avner, Aloni and Wing teach the device of claim 1. Wing teaches the data-processing engine is configured to coordinate activities of the plurality of monitors by triggering a monitoring of hypertext-transfer protocol (HTTP) messages with a resolved IP address upon completion of a DNS query (column 2 lines 9-24). 
Regarding claim 16, Degioanni, Avner, Aloni and Wing teach the data analytics device of claim 12. Wing teaches at least one processor circuit is further configured to coordinates activities of the plurality of monitors by triggering a monitoring of HTTP (column 2 lines 9-24). 
Regarding claim 18, Degioanni, Avner, Aloni and Wing teach the data analytics device of claim 12, Wing teaches at least one processor circuit is further configured to correlate video-session information (column 3 lines 14-44) and video-traffic pattern information from video-engine data and security-engine data with corresponding information of a video-program library generated through a machine-leaming-based model to identify a specific video program associated with a video segment (column 2 lines 26-45). 

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Aloni et al (US 7,620,057 B1) in view of Paliga et al (US 2014/0232863 A1) in view of Klein et al (US 2004/0080615 A1) in view of Park (US 2017/0316185 A1) in view of Wing et al (US 10,375,020). Hereinafter referred as Degioanni, Avner, Aloni, Paliga, Klein, Park and Wing.
Regarding claim 15, Degioanni, Avner, Aloni, Paliga and Park teach the data analytics device of claim 14. However, Degioanni, Avner, Aloni, Paliga and Park are silent in teaching at least one processor circuit is further configured to provide a secure data package to a cloud server to perform a data analysis including analyzing IP sessions, video and security events and dynamic analytic data and to perform DPI and (column 12 lines 4-14) encryption module may include instructions enabling DNS server to establish a secure communication channel with host device including generating encryption keys to establish an HTTPS session with host device. Encryption module may further include a key store that may store one or more private encryption keys uniquely associated with DNS server. 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s, Aloni’s, Paliga’s and Park’s references to include the teachings of Wing for at least one processor circuit is further configured to provide a secure data package to a cloud server to perform a data analysis including analyzing IP sessions, video and security events and dynamic analytic data and to perform DPI and correlation in timeline and traffic patterns before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Wing (column 2 lines 9-24) in accordance with one embodiment, a browser operating on a host device receives, from a user, a request to access a web server that includes a URL associated with the web server.  

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANKLIN S ANDRAMUNO whose telephone number is (571)270-3004.  The examiner can normally be reached on Mon - Fri, 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pankaj Kumar can be reached on (571) 270-3004.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  






/FRANKLIN S ANDRAMUNO/Examiner, Art Unit 2424                                                                                                                                                                                                        /JEFFEREY F HAROLD/Supervisory Patent Examiner, Art Unit 2424