DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 7/29/2019.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 7/29/2019 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Claim Rejections - 35 USC § 101
Claims 11-20 rejected under 35 U.S.C. 101 because the claims cover material not found in any of the four statutory categories and is therefore outside the scope of 35 U.S.C. 101.  Independent claim 11 recites a web application firewall and independent claim 15 recites a system for providing protection to a web application.  Neither of these claim incorporate any indication that hardware is required to practice the invention.  While the claims can be interpreted as hardware, which would be within the scope of the statute, the claims are also able to be interpreted as being wholly software, which would be outside the scope of the statute.  Therefore, the claims are rejected as being software per se.  
Examiner suggests that Applicant may be able to overcome this rejection by amending the claim 11 to recite, “…a processor coupled to memory configured to…”, which would preclude interpretation of the invention in a manner that is wholly software.  Applicant could also 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 15, 17-18 rejected under 35 U.S.C. 103 as being unpatentable over Nadir (U.S. Pat. App. Pub. 2010/0199345 A1).
Regarding claim 1, Nadir discloses: a method for efficiently protecting web applications (network security system preventing attacks on web servers. Nadir para. 0002.), the method comprising: receiving by a router, an application request, wherein the application request is directed to one of the web applications (inbound web traffic to web servers is routed through the secure WAF service system. Nadir para. 0023. Web requests (traffic from web users intended for the web servers being protected) are redirected or routed though the secure WAF service and individual secure WAF modules. Nadir para. 0024. The secure WAF service server operates in router mode. Nadir para. 0042.); provisioning a web application firewall, including binding the web application firewall to the web application (the secure WAF service system is a remote server that provisions WAF modules. Nadir paras. 0024-0025. Each secure WAF module is configured to protect a particular web server. Nadir Fig. 1 and para. 0025.); determining a rule to apply to the application request, wherein the rule is associated with a security policy; analyzing the application request to determine whether the application request is secure, wherein the analyzing is based on the rule, and wherein the analyzing the application request includes applying the rule to the application request (WAF modules employ various detection methods including correlation and analysis to determine severity levels of an attack based upon detection of abnormal behavior and protocol violations. Nadir para. 0069. Threat detection engines apply context analysis combined with behavior models to the received traffic. Nadir para. 0062.); in response to a determination that the application request is secure, transmitting the application request to the router by the web application firewall; determining, by the router, whether the application request has been transmitted from the web application firewall (traffic directed to the WAF modules is directed by the WAF server to the web server if no responsive action is required. Nadir paras. 0042 and 0044.); and in response to the determining that the application request has been transmitted from the web application firewall, verifying that the application request is secure and routing the application request to the web application (requests for online content for a particular web server is routed through the secure WAF service for processing in order to identify potentially malicious activity. Nadir para. 0044. If no malicious activity is detected, the request for line content is forwarded to the web server. Nadir para. 0044.).  
Nadir does not specifically disclose routing the application request to the web application firewall, wherein the web application firewall is between the router and the web application. However, it would be prima facie obvious to one of ordinary skill in the art to consider the placement of the WAF modules (interpreted as the recited web application firewall), which are web server specific sub-modules of the WAF service server (interpreted as the recited router) in a position between the WAF service server and the ultimate traffic destination web servers (interpreted as the recited web application) as a design choice.  The location of the sub-modules could easily be located remotely in a second secure server between the secure WAF service server and the destination web server. In the reference, the web requests (traffic from web users intended for the web servers being protected) are redirected or routed though the secure WAF service and individual secure WAF modules. Nadir para. 0024. After successful analysis, the traffic is routed then to the web server. Nadir para. 0042.  The motivation for this placement is to reduce costs of protecting a web server by employing a remote server with sub-WAF firewalls. Nadir para. 0023.
Regarding claim 2, Nadir discloses the limitations of claim 1, further comprising in response to a determination that the application request is not secure, denying the application request (if malicious activity is identified, at least one responsive action is performed, including block traffic. Nadir paras. 0050 and 0070.).
Regarding claim 3, Nadir discloses the limitations of claim 1, wherein the binding the web application firewall to the web application includes associating the security policy to the web application firewall and the web application (security analysis performed within the specific context of the web application. Nadir para. 0062.).  
Regarding claim 15, Nadir discloses: a system for efficiently providing customized protection to a web application (network security system preventing attacks on web servers. Nadir para. 0002.), comprising: a cloud platform to host the web application (the secure WAF service server can be established on a remote secure data center. Nadir para. 0024.); a router to route an application request received to the web application (inbound web traffic to web servers is routed through the secure WAF service system. Nadir para. 0023.); and a processor operable to: provision a web application firewall that includes the processor operable to bind the web application firewall to the web application (the secure WAF service system is a remote server that provisions WAF modules. Nadir paras. 0024-0025. Each secure WAF module is configured to protect a particular web server. Nadir Fig. 1 and para. 0025.); determine a rule to apply to the application request, wherein the rule is associated with a security policy; analyze the application request to determine whether the application request is secure based on the rule (WAF modules employ various detection methods including correlation and analysis to determine severity levels of an attack based upon detection of abnormal behavior and protocol violations. Nadir para. 0069. Threat detection engines apply context analysis combined with behavior models to the received traffic. Nadir para. 0062.); in response to a determination that the application request is secure, transmit the application request to the router; determine, by the router, that the application request has been transmitted from the web application firewall (traffic directed to the WAF modules is directed by the WAF server to the web server if no responsive action is required. Nadir paras. 0042 and 0044.); and in response to a determination that the application request has been transmitted from the web application firewall, verify that the application request is secure and route the application request to the web application (requests for online content for a particular web server is routed through the secure WAF service for processing in order to identify potentially malicious activity. Nadir para. 0044. If no malicious activity is detected, the request for line content is forwarded to the web server. Nadir para. 0044.).  
Nadir does not specifically disclose: route the application request to the web application firewall, wherein the web application firewall is between the router and the web application. However, it would be prima facie obvious to one of ordinary skill in the art to consider the placement of the WAF modules (interpreted as the recited web application firewall), which are web server specific sub-modules of the WAF service server (interpreted as the recited router) in a position between the WAF service server and the ultimate traffic destination web servers (interpreted as the recited web application) as a design choice.  The location of the sub-modules could easily be located remotely in a second secure server between the secure WAF service server and the destination web server. In the reference, the web requests (traffic from web users intended for the web servers being protected) are redirected or routed though the secure WAF service and individual secure WAF modules. Nadir para. 0024. After successful analysis, the traffic is routed then to the web server. Nadir para. 0042.  The motivation for this placement is to reduce costs of protecting a web server by employing a remote server with sub-WAF firewalls. Nadir para. 0023.
Regarding claim 17, Nadir discloses the limitations of claim 15, wherein the processor is further configured to bind the web application firewall to the web application by associating a security policy to the web application firewall (security analysis performed within the specific context of the web application. Nadir para. 0062.).  
Regarding claim 18, Nadir discloses the limitations of claim 15, wherein the processor is further configured to deny the application request in response to a determination that the application request is not secure (if malicious activity is identified, at least one responsive action is performed, including block traffic. Nadir paras. 0050 and 0070.).  

Allowable Subject Matter
Claims 4-10 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims 16, 19-20 objected to as being dependent upon a rejected base claim, but would be allowable if amended to overcome the above rejection under 35 U.S.C. 101 and rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Reddy (U.S. Pat. App. Pub. 2010/0325588 A1) learning engine applied to web traffic anomaly detection; Phonsa (U.S. Pat. App. Pub. 2016/0359809 A1) reconfigurable WAF in a distributed remote network platform; and Moon (U.S. Pat. App. Pub. 2021/0028943 A1).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493