DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
The claim objections have been withdrawn in view of the claim amendments. 

The rejection of claim 20 under 35 U.S.C. § 112(b) has been withdrawn in view of the claim amendment. 

Applicant’s arguments with respect to claims 11-25 have been considered but are moot in view of the new ground(s) of rejection set forth.

Applicant's arguments filed June 23 2021 have been fully considered but they are not persuasive. In regards to the applicants arguments regarding independent claim 11, as amended, the applicant argues on (Pg. 2 of the remarks), that the applicant has amended claim 11 for clarity to emphasis that the network device resides locally at the end of the first communicating entity. In regards to the claim feature a new ground(s) of rejection is set forth and therefore arguments with regards to the claim feature are considered moot. 

Pg.’s 2-3 of the remarks), the applicant argues that in Samuell, the host devices do not directly communicate with each other but through the slow-path module, which modifies the data packets received from the first host before transmitting them to the second host. However in Samuell referring to Fig. 9B, the data traffic is sent to the communication network from the first host 110 which is interpreted as the claimed “first communication device” in which the data traffic in the form of data packets are intercepted at the slow-path module (Samuell, see Para [0224]). Therefore claim 11 requires a network device which monitors traffic received from the first communication device and in response generates  an acknowledgement for the data (i.e., see claim 11). Therefore regardless of the slow-path module modifying the packets, the teachings of Samuell still discloses generating by the network device or slow-path module 250 (Samuell, see Fig. 9B) an acknowledgement (see Fig. 9B i.e., local ACK 922, 924, 926) in response to received data traffic from the first communication device (Samuell, see Para’s [0224] & [0228]). In regards to the applicant’s arguments on (Pg. 3 lines1-3 of the remarks) that hence, the slow-path module in Samuell does not transmit any acknowledgement to the first host in response to a delivery of data to the second host, but in response to a receipt of the data packets by the slow-path module, the examiner agrees since claim 11 requires a network device which monitors traffic received from the first communication device and in response generates  an acknowledgement for the data. In regards to transmitting the acknowledgement based on delivery of data to the second host, the applicant is arguing subject matter which is not claimed because claim 11 merely describes generating and transmitting the acknowledgement to the first communication device in response to data traffic received at the network device from the first Samuell, see Fig. 9B i.e., Data packets 932-936 are delivered to host 130 & Para’s [0224] & [0227-0228]). Regardless of the packets being modified at slow-path module 250, the data in the packets 932-936 delivered to the host 130 still contains the same data of the received data packets 922-926 from host 110 which are transmitted in order to be delivered to the host 130 which is interpreted as the claimed “second communication device”. Therefore Fig 9B in Samuell is for performing data communications between the host 110 and the host 130 via the slow-path module 250. 

In regards to the applicants arguments on (Pg. 3 of the remarks), the applicant argues the claim feature in claim 11 of “in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic “ is not disclosed in Samuell, however the examiner respectfully disagrees. With broadest reasonable interpretation of the claim limitation the data portion or payload of the received packets may be a predetermined piece of information in at least one data frame in the data traffic on order to generate the acknowledgement (Samuell, see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

In response to the applicant’s arguments with respect to the reference of Iizuka and the claim feature in claim 11 of the network device is arranged to monitor the data traffic through a port of a network node, a new ground(s) of rejection is set forth the claim feature, therefore arguments presented with respect to the claim feature are moot. 

The arguments presented for claim 11 by the examiner also apply to the independent claims 16 and 20 as amended, which recite similar features as claim 11.  The dependent claims are further rejected over the prior art based on their dependence to the independent claims. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 11-12, 14-16, 18-21, and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Samuell et al. US (2014/0012981) in view of MUTOH et al. US (2014/0082180), and further in view of Kobayashi et al. US (2017/0155642). 

Regarding Claim 11, Sammuell discloses a method for controlling a communication of a first communication device (see Fig. 9B i.e., Host 110) to a second communication device (see Fig. 9B i.e., Host 130) over a communication network (see Fig. 9B i.e., Host 110 communicating with Host 130), the method comprises: monitoring, by a network device residing at an end of the first communication device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110), data traffic to the communication network from the first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]). 

in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

see Fig. 9B i.e., 250) residing at an end of the first communication device (see Fig. 9B i.e., Host 110), an acknowledgment (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926) complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

and transmitting, by the network device (see Fig. 9B i.e., 250) residing at an end of the first communication device (see Fig. 9B i.e., Host 110), the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110) for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device 

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at an end of a first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN, and operates as a proxy for devices inside the internal network & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

(MUTOH suggests one method of reducing the time desired for transmission when conducting transmission through a WAN involves the use of a WAN acceleration device  (see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at an end of the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at the end of the first communication device based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at an end of a first communication device such as transmitting node P2 because the motivation lies in MUTOH for reducing the time desired for transmission when conducting transmission through a WAN by using the WAN acceleration device P1A which transmits a pseudo ACK packet to the transmitting node P2 which shortens the transmission time.   

see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node, the network node residing locally at an end of the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kobayashi et al. US (2017/0155642).

Kobayashi discloses a network device (see Fig. 1 i.e., NW Monitoring Device 20) is arranged to monitor data traffic through a port of a network node (see Fig. 1 i.e., Switch connected to NW Monitoring Device 20), (see Fig. 1 & Para’s [0024] i.e., a network monitoring device 20 for monitoring communication related to the nodes 90…In the present embodiment, the network monitoring device 20 acquires packets, frames, and the like which pass through the network monitoring device 20 by being connected between a switch or a router of the network segment 2 and another switch or router that is hierarchically above the network monitoring device 20 & [0083] i.e., For example, the network monitoring device 20 may acquire a packet, a frame, or the like that is transmitted and received by the node 90 by being connected to a monitoring port (a mirror port) of a switch)

the network node (see Fig. 1 i.e., Switch) residing locally at an end of a first communication device (see Fig. 1 i.e., node 90) in the communication channel (see Fig. 1 i.e., network segment 2) in which the data traffic is conveyed (see Fig. 1 i.e., Switch (i.e., below NW Monitoring Device 20) residing locally at an end of a first communication device such as node 90 & Para’s [0024] i.e., a network monitoring device 20 for monitoring communication related to the nodes 90…In the present embodiment, the network monitoring device 20 acquires packets, frames, and the like which pass through the network monitoring device 20 by being connected between a switch or a router of the network segment 2 and another switch or router that is hierarchically above the network monitoring device 20 & [0083]) 

and the port of the network node (see Fig. 1 i.e., Switch) is arranged to mirror the data traffic to the network device, (see Para [0083] i.e., For example, the network monitoring device 20 may acquire a packet, a frame, or the like that is transmitted and received by the node 90 by being connected to a monitoring port (a mirror port) of a switch).

(Kobayashi suggests the network monitoring device 20 is used for monitoring communication related to the nodes 90 for detecting an event indicating the communication may not be reliable and transmits an alert notification to the node 90 for preventing the abnormal communication and eliminating vulnerability for the user terminal, (see Para’s [0038-0040]) 

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of a network node or switch apparatus in the communication channel in which the data traffic is conveyed as disclosed in Kobayashi who discloses the network node or switch apparatus which resides locally at an end of a first communication device or node 90 is arranged to mirror the data traffic to a network monitoring device 20 for monitoring the data traffic because the motivation lies in Kobayashi that the network monitoring device 20 is used for monitoring communication related to the nodes 90 for detecting an event indicating the communication may not be reliable and transmitting an alert notification to the node 90 for preventing the abnormal communication and eliminating vulnerability for the user terminal. 

Regarding Claim 12, Sammuell discloses the method of claim 11, wherein the at least one predetermined piece of information is at least one value of at least one data field in the at least one data frame, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0004] i.e., For example, if a sender sends a packet containing four payload bytes (i.e., “value”) with a sequence number field & [0095-0096] i.e., user plane data (i.e., “value”) may be considered to be “payload” data (i.e., “predetermined piece of information”),

see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 15, Sammuell discloses the method of claim 14, wherein the acknowledgement generated by the second communication device is filtered out from the data traffic intended to the first communication device, (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 16, Sammuell discloses a network device (see Fig. 9B i.e., 250 & Para [0226]) for controlling a communication of a first communication device (see Fig. 9B i.e., Host 110) to a second communication device (see Fig. 9B i.e., Host 130) over a communication network, (see Fig. 9B i.e., Host 110 communicating with Host 130)

the network device comprising: at least one processor (see Fig. 9B i.e., 250 & Para [0020] i.e., processor); at least one memory (see Fig. 9B i.e., 250 & Para [0020] i.e., memory) including computer program code (see Para’s [0048-0050]); the at least one memory (see Fig. 9B i.e., 250 & Para [0020] i.e., memory)  and the computer program see Para’s [0048-0050]) configured to, with the at least one processor (see Fig. 9B i.e., 250 & Para [0020] i.e., processor), cause the network device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110) to perform: monitor data traffic to the communication network from the first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]). 

generate, in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

an acknowledgment (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926) complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

and transmit the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110)  for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  
While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device residing locally at an end of the first communication device. However the claim feature would be rendered obvious in view of MUTOH et al. US (2014/0082180).

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at an end of a first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN, and operates as a proxy for devices inside the internal network & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

(MUTOH suggests one method of reducing the time desired for transmission when conducting transmission through a WAN involves the use of a WAN acceleration device  (see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at an end of the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at the end of the first communication device based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at an end of a first communication device such as transmitting node P2 because the motivation lies in MUTOH for reducing the time desired for transmission when conducting transmission through a WAN by using the WAN acceleration device P1A which transmits a pseudo ACK packet to the transmitting node P2 which shortens the transmission time.   

While Sammuell discloses the network device (see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node, the network node residing locally at an end of the first communication device in the communication channel in which the data traffic is conveyed and the port of 

Kobayashi discloses a network device (see Fig. 1 i.e., NW Monitoring Device 20) is arranged to monitor data traffic through a port of a network node (see Fig. 1 i.e., Switch connected to NW Monitoring Device 20), (see Fig. 1 & Para’s [0024] i.e., a network monitoring device 20 for monitoring communication related to the nodes 90…In the present embodiment, the network monitoring device 20 acquires packets, frames, and the like which pass through the network monitoring device 20 by being connected between a switch or a router of the network segment 2 and another switch or router that is hierarchically above the network monitoring device 20 & [0083] i.e., For example, the network monitoring device 20 may acquire a packet, a frame, or the like that is transmitted and received by the node 90 by being connected to a monitoring port (a mirror port) of a switch)

the network node (see Fig. 1 i.e., Switch) residing locally at an end of a first communication device (see Fig. 1 i.e., node 90) in the communication channel (see Fig. 1 i.e., network segment 2) in which the data traffic is conveyed (see Fig. 1 i.e., Switch (i.e., below NW Monitoring Device 20) residing locally at an end of a first communication device such as node 90 & Para’s [0024] i.e., a network monitoring device 20 for monitoring communication related to the nodes 90…In the present embodiment, the network monitoring device 20 acquires packets, frames, and the like which pass through the network monitoring device 20 by being connected between a switch or a router of the network segment 2 and another switch or router that is hierarchically above the network monitoring device 20 & [0083]) 

and the port of the network node (see Fig. 1 i.e., Switch) is arranged to mirror the data traffic to the network device, (see Para [0083] i.e., For example, the network monitoring device 20 may acquire a packet, a frame, or the like that is transmitted and received by the node 90 by being connected to a monitoring port (a mirror port) of a switch).

(Kobayashi suggests the network monitoring device 20 is used for monitoring communication related to the nodes 90 for detecting an event indicating the communication may not be reliable and transmits an alert notification to the node 90 for preventing the abnormal communication and eliminating vulnerability for the user terminal, (see Para’s [0038-0040]) 

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of a network node or switch apparatus in the communication channel in which the data traffic is conveyed as disclosed in Kobayashi who discloses the network node or switch apparatus which resides locally at an end of a first communication device or node 90 is arranged to mirror the data traffic to a network monitoring device 20 for monitoring the data traffic because the motivation lies in Kobayashi that the network monitoring 

Regarding Claim 18, Sammuell discloses the network device of claim 16, wherein the network device is configured to detect an acknowledgement generated by the second communication device in response to a receipt of data traffic from the first communication device from a data traffic intended to the first communication device. (see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 19, Sammuell discloses the network device of claim 18, wherein the network device is configured to filter out the acknowledgement generated by the second communication device from the data traffic intended to the first communication device. (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 20, Sammuell discloses a computer program product (see Para’s [0048-0050]) comprising at least one non-transitory computer-readable storage medium (see Para’s [0048-0050] a non-transitory computer-readable storage medium) having computer-executable program code instructions (see Para’s [0048-0050] i.e., non-transitory computer readable medium that bears computer usable instructions for one or more processors) stored therein that when the computer program product is executed on one or more computing devices, (see Para’s [0048-0050] i.e., a non-transitory computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner to perform the functions described herein), directs the one or more computing devices to:

Monitor data traffic to a communication network from a first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]) by a network device residing at an end of the first communication device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110),

Generate, by the network device (see Fig. 9B i.e., 250), in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

an acknowledgment (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926) complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

and transmit, by the network device (see Fig. 9B i.e., 250), the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110) for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device 

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at an end of a first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN, and operates as a proxy for devices inside the internal network & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

(MUTOH suggests one method of reducing the time desired for transmission when conducting transmission through a WAN involves the use of a WAN acceleration device  (see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at an end of the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at the end of the first communication device based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at an end of a first communication device such as transmitting node P2 because the motivation lies in MUTOH for reducing the time desired for transmission when conducting transmission through a WAN by using the WAN acceleration device P1A which transmits a pseudo ACK packet to the transmitting node P2 which shortens the transmission time.   

see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node, the network node residing locally at an end of the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kobayashi et al. US (2017/0155642).

Kobayashi discloses a network device (see Fig. 1 i.e., NW Monitoring Device 20) is arranged to monitor data traffic through a port of a network node (see Fig. 1 i.e., Switch connected to NW Monitoring Device 20), (see Fig. 1 & Para’s [0024] i.e., a network monitoring device 20 for monitoring communication related to the nodes 90…In the present embodiment, the network monitoring device 20 acquires packets, frames, and the like which pass through the network monitoring device 20 by being connected between a switch or a router of the network segment 2 and another switch or router that is hierarchically above the network monitoring device 20 & [0083] i.e., For example, the network monitoring device 20 may acquire a packet, a frame, or the like that is transmitted and received by the node 90 by being connected to a monitoring port (a mirror port) of a switch)

the network node (see Fig. 1 i.e., Switch) residing locally at an end of a first communication device (see Fig. 1 i.e., node 90) in the communication channel (see Fig. 1 i.e., network segment 2) in which the data traffic is conveyed (see Fig. 1 i.e., Switch (i.e., below NW Monitoring Device 20) residing locally at an end of a first communication device such as node 90 & Para’s [0024] i.e., a network monitoring device 20 for monitoring communication related to the nodes 90…In the present embodiment, the network monitoring device 20 acquires packets, frames, and the like which pass through the network monitoring device 20 by being connected between a switch or a router of the network segment 2 and another switch or router that is hierarchically above the network monitoring device 20 & [0083]) 

and the port of the network node (see Fig. 1 i.e., Switch) is arranged to mirror the data traffic to the network device, (see Para [0083] i.e., For example, the network monitoring device 20 may acquire a packet, a frame, or the like that is transmitted and received by the node 90 by being connected to a monitoring port (a mirror port) of a switch).

(Kobayashi suggests the network monitoring device 20 is used for monitoring communication related to the nodes 90 for detecting an event indicating the communication may not be reliable and transmits an alert notification to the node 90 for preventing the abnormal communication and eliminating vulnerability for the user terminal, (see Para’s [0038-0040]) 

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of a network node or switch apparatus in the communication channel in which the data traffic is conveyed as disclosed in Kobayashi who discloses the network node or switch apparatus which resides locally at an end of a first communication device or node 90 is arranged to mirror the data traffic to a network monitoring device 20 for monitoring the data traffic because the motivation lies in Kobayashi that the network monitoring device 20 is used for monitoring communication related to the nodes 90 for detecting an event indicating the communication may not be reliable and transmitting an alert notification to the node 90 for preventing the abnormal communication and eliminating vulnerability for the user terminal. 

Regarding Claim 21, Sammuell discloses the computer program product of claim 20, wherein the at least one predetermined piece of information is at least one value of at least one data field in the at least one data frame, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0004] i.e., For example, if a sender sends a packet containing four payload bytes (i.e., “value”) with a sequence number field & [0095-0096] i.e., user plane data (i.e., “value”) may be considered to be “payload” data (i.e., “predetermined piece of information”).

see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 24, Sammuell discloses the computer program product of claim 23, wherein the acknowledgement generated by the second communication device is filtered out from the data traffic intended to the first communication device, (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 25, Sammuell discloses the computer program product of claim 20, wherein one or more computer devices comprise the network device residing at an end of the first communication device, (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110).

6.	Claims 13, 17 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Samuell et al. US (2014/0012981) in view of MUTOH et al. US (2014/0082180), and further in view of Kobayashi et al. US (2017/0155642) as applied to claims 12, 16, and 21 above, and further in view of Park et al. US (2016/0189124)

Regarding Claims 13 and 22, the combination of Samuell in view of MUTOH, and further in view of Kobayashi discloses the method and computer program product of claims 12 and 21, but does not disclose wherein the local detection is performed by comparing the at least one value of the at least one data field to at least one comparison value and in response to local detection that the at least one value corresponds to the comparison value, the local detection is indicated. However the claim features would be rendered obvious in view of Park et al. US (2016/0189124).

Park discloses wherein the local detection is performed by comparing the at least one value of the at least one data field to at least one comparison value (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field)  of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

and in response to local detection that the at least one value corresponds to the comparison value, the local detection is indicated (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected (i.e., “detection is indicated”) by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field) of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected (i.e., “detection is indicated”) by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

(Park suggests a received packet from a source is detected by comparing the at least one value of the at least data field of the received packet to at least one comparison value for detecting the packet (see Para’s [0017], [0051], & [0055]).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the packets detected by the network device from the host as disclosed in Samuell in view of MUTOH, and further in view of Kobayashi to detect the packets according to the comparison techniques of Park who discloses detecting a received packet by comparing at least one value of a data field of the received packet to at least one comparison value because the motivation lies in Park for efficiently detecting the packet received from a source based on the comparison. 



Park discloses performing local detection by comparing at least one value of the at least one data field to at least one comparison value (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field)  of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 
and in response to local detection that the at least one value corresponds to the comparison value to indicate the local detection (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected (i.e., “detection is indicated”) by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field) of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected (i.e., “detection is indicated”) by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

(Park suggests a received packet from a source is detected by comparing the at least one value of the at least data field of the received packet to at least one comparison value for detecting the packet (see Para’s [0017], [0051], & [0055]).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the packets locally detected by the network device from the host as disclosed in Samuell in view of MUTOH, and further in view of Kobayashi to detect the packets according to the comparison techniques of Park who discloses locally detecting a received packet by comparing at least one value of a data field of the received packet to at least one comparison value because the motivation lies in Park for efficiently detecting the packet received from a source based on the comparison. 

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Huy Vu can be reached on 571-272-3155.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.