Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 


Response to Arguments
Applicant's arguments have been fully considered but they are not persuasive. 

Examiner has included Burns US 8,291,495 to meet the claims as amended.


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 21-26, 28-32, 34-37, 39, 41-44  is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Nice US 2009/0300739 in view of Chen US 2004/0093372 in view of Burns US 8,291,495

As per claims 21, Nice teaches an apparatus, comprising: a memory; and a hardware processor communicatively coupled to the memory, the hardware processor configured to receive a communication from an application executing at a compute device, the communication addressed to a server different from the compute device, the hardware processor configured to 

 Chen teaches the hardware processor configured to receive from the compute device an automatic non-user-interactive response to the authentication challenge, the hardware processor configured to identify an identity characteristic of the application and whether the application is malware based at least in part on the automatic non-user-interactive response  [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response) 
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.


It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the identification of Burns with the previous combination because it further detects malicious activity and increases security.

As per claim 34 Nice teaches A method, comprising: receiving data from an application of a compute device initiating a communication with a server; determining values of fields associated with the communication characteristics, the fields used to denote a source or a destination related to the communication; defining, based on the communication protocol type, the network behavior and the communication characteristics, a request for the compute device; sending the request to the compute device;  [0025] [0026] [0033][0036] [0038][0041]-[0044][0046] [0052] (Teaches a proxy that intercepts communication from client to Enterprise and proceeds to follow security procedures including authentication/challenge response based on a protocol and determining whether to allow access, deny access, determine maliciousness, teaches that security procedures may be based and or requests based on determined communication protocol for example on Secure Socket Layer in HTTP, teaches IP including identifying variations of fields including IP source and destination address which Examiner asserts is well known in the art to provide the foundation of IP protocol)

 Chen teaches the hardware processor configured to receive from the compute device an automatic non-user-interactive response to the authentication challenge, the hardware processor 
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.
Burns teaches identifying a classification of an application based on values of fields from a predefined list of classifications of client applications (Column 9 lines 45-59; Column 10 lines 43-60)  (Burns teaches using application identification based on communication properties)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the identification of Burns with the previous combination because it further detects malicious activity and increases security.
As per claims 22,  Nice teaches the hardware processor is configured to identify the application as malware based on an identity characteristic [0036]

As per claim 35, Chen teaches detective the identity characteristic of the application is based on the automatic non-user-interactive response not being valid. [0006] [0007] [0065] [0066]As per claims 23, 36 Nice teaches the hardware processor is configured to block the communication from being sent to the server in response to identifying the application as 
Nice teaches the hardware processor is configured to block the communication from being sent to the server in response to identifying the application as malware. [0033] (deny)


As per claim 28.  Nice teaches A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to: 3 228372082 v1Application No.: 16/295,498Docket No.: INVI-006/04US 314067-2064 intercept a communication between an application running at a compute device and a server different from the compute device; determine a communication protocol type of the communication ; analyze network behavior and communication characteristics associated with the communication, the communication characteristics including an order of elements; define a request based on the protocol type and based on the network behavior and communication 

Chen teaches the hardware processor configured to receive from the compute device an automatic non-user-interactive response to the authentication challenge, the hardware processor configured to identify an identity characteristic of the application and whether the application is malware based at least in part on the automatic non-user-interactive response   [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response) 
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.

Burns teaches determining an order of features and communication including parameters associated with header fields, and determining a classification of the application.  (Column 9 lines 45-59; Column 10 lines 43-60)  (Burns teaches using application identification based on communication properties, including header properties)



As per claim 29. Nice teaches The non-transitory processor-readable medium of claim 28, wherein the code to cause the processor to identify the application as malware includes code to cause the processor to identify the application as malware based on at least one of the communication or the automatic non-user-interactive response not being valid [0036]


As per claim 30. Nice teaches The non-transitory processor-readable medium of claim 28, the code further comprising code to cause the processor to: block the communication from being sent to the server in response to identifying the application as malware.  [0033] (deny)


As per claim 31. Nice teaches the non-transitory processor-readable medium of claim 28, to analyze network behavior and communication characteristics to identify expected variations in an implementation of fields associated with the communication characteristics, the fields denoting a source or a destination associated with the communication.  [0025][0052] (Examiner asserts that Nice teaches using HTTP and IP protocols which require source and destination IP addresses to function)

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the identification of Burns with the previous combination because it further detects malicious activity and increases security.



As per claim 32. Chen teaches The non-transitory processor-readable medium of claim 28, wherein the request is an active content challenge for the application. [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response)

As per claim 41,  Nice teaches the method of claim 34, wherein the communication protocol type is at least one of: HTTP, HTTPS, Voice Over IP (VoIP), Session Description Protocol, Session Initiation Protocol, Real Time Transport Protocol, or Real Time Transport Control Protocol.  [0043][0052]

As per claim 42, Nice teaches the method of claim 34, wherein the defining the request is further based on a set of protocol capabilities of the communication protocol type.  [0033][0036][0038][0043]

As per claim 43,  Burns teaches determining an order of features and communication including determining values of fields includes a sequential order of elements indicating a source or a destination associated with the communication, parameters associated with header fields, and determining a classification of the application.  (Column 9 lines 45-59; Column 10 lines 43-60 Column 11 lines 1-20)  (Burns teaches using application identification based on communication properties, including header properties and behavior)


As per claim 44,  Nice teaches the method of claim 34, wherein the determining the communication protocol type is via protocol fingerprinting.  [0033][0036][0038][0043]
Burns teaches protocol type and fingerprinting.  (Column 9 lines 45-59; Column 10 lines 43-60 Column 11 lines 1-20)  (Burns teaches using application identification based on communication properties, including header properties and behavior)


Claims 27, and 40 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Nice US 2009/0300739 in view of Chen US 2004/0093372 in view of Devarajan US 2010/0125903
As per claims 27, 40 Devarajan teaches the authentication challenge is a redirect request and the application is identified as a browser application. [0087] [0088] [0089] 
.
Claims 33, 38 45-48  is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Nice US 2009/0300739 in view of Chen US 2004/0093372 in view of Burns US8,291,495 in view of Mahle Jr. US 2007/0248077.

As per claim 33, Mahle Jr teaches elements associated with the VoIP protocol type include at least one network protocol header associated with the VoIP protocol type.  [0039] (VoIP calls, SIP, header packets are inherently part of the VoIP protocol)

It would have been obvious to one of ordinary skill in the art to use the Voip protocol of Mahle Jr with the previous art because it is increases the security of media communications.

As per claim, 38   Mahle Jr teaches a communication protocol type is a VoIP protocol type and the request is an active content challenge [0039]

Chen teaches the authentication challenge is an active content challenge for the application.  [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response)


As per claim 45, Mahle Jr teaches the method of claim 34, wherein the communication protocol type is VoIP, the method further comprising: identifying an implementation of the communication protocol type to be at least one of Asterix, sipX, PBX, or Skype, the defining the request being further based on the implementation of the communication protocol type.  [0039] (VoIP calls, SIP)
It would have been obvious to one of ordinary skill in the art to use the Voip protocol of Mahle Jr with the previous art because it is a well known protocol useful for media communications.
Chen teaches the authentication challenge is an active content challenge for the application.  [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response)

As per claim 46, Mahle Jr teaches the method of claim 34, where the request is an active content challenge for the application and is VoIP.  [0041]  (VoiP protocol, SIP registration)
Chen teaches the authentication challenge is an active content challenge for the application.  [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response)

Nice teaches the hardware processor is configured to forward the communication to the server in response to identifying the application as not being malware. [0033](claim 18)



As per claim 48. Nice teaches An apparatus, comprising: a memory; and 7 228372082 v1Application No.: 16/295,498Docket No.: INVI-006/04US 314067-2064 a hardware processor communicatively coupled to the memory, the hardware processor configured to intercept a communication from an application executing at a compute device, the communication addressed to a server different from the compute device, the hardware processor configured to determine a communication protocol type the hardware processor configured to select a request such that if the communication protocol type is determined to be a VoIP protocol type the hardware processor configured to send the request to the compute device via a network;, [0025] [0026] [0033][0036] [0038][0041]-[0044][0046] [0052] (Teaches a proxy that intercepts communication from client to Enterprise and proceeds to follow security procedures including authentication/challenge response based on a protocol and determining whether to allow access, deny access, determine maliciousness, teaches that security procedures may be based and or requests based on determined communication protocol for example on Secure Socket Layer in HTTP)  Nice teaches the hardware processor is configured to block the communication from being sent to the server in response to identifying the application as malware. [0033] (deny)
Chen teaches the hardware processor configured to receive from the compute device an automatic non-user-interactive response to the request, the hardware processor configured to identify whether the application is malware based at least in part on the automatic non-user-
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.
Mahle Jr teaches determining the communication protocol type is VoIP, [0039] (VoIP calls, SIP)
It would have been obvious to one of ordinary skill in the art to use the Voip protocol of Mahle Jr with the previous art because it is a well known protocol useful for media communications.

It would have been obvious to one of ordinary skill in the art to use the Voip protocol of Mahle Jr with the previous art because it is increases the security of media communications.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.