Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the communication filed on 8/21/2019.
Claims 1-20 have been examined.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Williams et al. (US Patent Application Publication Number 2005/0008001) hereinafter referred to as Williams.

Regarding claims 1, 9, and 17, Williams disclosed a method for managing firewall rules (Williams Fig. 4, Fig. 8, and Fig. 9 for example), comprising: identifying a plurality of firewall rules for request handling (Williams Paragraphs 0090, 0094, 0099, and 0100 for example); determining a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule (Williams Paragraphs 0090, 
However, Williams teaching of providing the ranked list of recommended rules is in the context of the user evaluating, adding, and removing rules to a policy.  This at least implies that the user would be provided the opportunity to add recommended rules to the policy.  As such, it would have been obvious to the person having ordinary skill in the art before the effective filing date to have modified the teachings of Williams by treating the recommended rules list in a similar manner to the rules describes in paragraph 0090 such that the user is able to selectively add recommended rules to the policies.  This would have been obvious because the person having ordinary skill in the art would have been motivated to enable the user to implement the systems displayed recommendations.
Regarding claims 2, 10, and 18, while Williams taught that determining the urgency measure involved  for a given firewall rule of the plurality of firewall rules comprises combining 

Regarding claims 3, 11, and 19, Williams taught determining the urgency measure for the given firewall rule of the plurality of firewall rules comprises normalizing the product based on the deny count for each given firewall rule of the plurality of firewall rules and the anomaly score for each given firewall rule of the plurality of firewall rules (Williams Paragraph 0100). 
Regarding claims 4, 12, and 20, Williams taught receiving a request (Williams Paragraphs 0090, 0094, 0099, and 0100 for example); flagging the request based on one or more firewall rules of the plurality of firewall rules (Williams Paragraphs 0090, 0094, 0099, and 0100 for example); and incrementing the deny count for each respective firewall rule of the one or more firewall rules to produce an updated deny count for the respective firewall rule (Williams Paragraphs 0090, 0094, 0099, and 0100 for example). 

Regarding claims 6 and 14, Williams taught that the plurality of firewall rules relate to a web application firewall (Williams Paragraph 0059 and 0165 for example). 
Regarding claims 7 and 15, Williams taught that determining the update to the at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules comprises: determining an order for displaying the plurality firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules (Williams Paragraphs 0090, 0094, 0099, and 0100 for example); displaying the plurality of firewall rules via a user interface in the order (Williams Paragraphs 0090, 0094, 0099, and 0100 for example); and receiving, in response to the displaying, input defining the update via the user interface (See the rejection of claim 1 above). 
Regarding claims 8 and 16, Williams taught that the update comprises an exception to the at least one firewall rule (Williams Paragraphs 0090, 0094, 0099, and 0100 for example – deleting a rule). 

Conclusion
Claims 1-20 have been rejected.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

	US 2018/0091474 taught a system for ranking firewall rules including hit counts and relative importance.
	US 2006/0248580 taught a system for ranking and managing firewall rules including optimization, collapsing rules due to intersections, etc. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW T HENNING whose telephone number is (571)272-3790.  The examiner can normally be reached on Monday- Thursday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to 






/MATTHEW T HENNING/Primary Examiner, Art Unit 2491