DETAILED ACTION
This Office Action is in response to the application 16/733,570 filed on 01/03/2020.
Claims 1-20 have been examined and are pending in this application.
This application claims priority to and the benefit of Indian Patent Application No. 201911000540, filed January 4, 2019 and titled "Methods and Systems for Data Traffic Based Adaptive Security,"


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Election/Restrictions
For the record, the Examiner acknowledges that NO restrictions warranted at applicants initial time of filing for patent.

Priority
This application claims priority to and the benefit of Indian Patent Application No. 201911000540, filed Jan. 4, 2019.


Information Disclosure Statement
No information disclosure statement (IDS), submitted at applicant’s initial time of filing for patent.

Oath/Declaration
For the record, the Examiner acknowledges that the Oath/Declaration submitted on 04/17/2020 has been accepted.

Drawings
For the record, the Examiner acknowledges that the drawings filed on 01/03/2020 has been accepted.

Specification
For the record, the Examiner acknowledges that the Applicant's specification filed on 01/03/2020 has been accepted.


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-10 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to 


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 11-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 11-120, the phrase "such that" renders the claim indefinite because it is unclear whether the limitation(s) following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102 (a) (1) as being anticipated by Subbarayan et al. (hereinafter Subbarayan), Pub. No.: US 2017/0012941.

Referring to claim 1, Subbarayan teaches a method, comprising: 
receiving, at a security server and from an access control server (proxy 404 in fig. 4), server resource request message data (log information in para. 0127) extracted from a server resource request message received at the access control server from a client (para. 0127 and figs. 4 and 8; At step 802, responsive to a trigger event, security server 408 receives from one or more than one proxies 404, (i) proxy access log information; see also para. 0129), the access control server being configured to: 
selectively route or transmit server resource request messages to at least one resource server implementing a server resource (para. 0117 and figs. 4 and 8; In case the authentication procedure results in an authentication failure, step 708 comprises rejecting or discarding the client request or message (i.e. without transmitting said request or message onward to the server backend) optionally with an error message returned to the client.); and 
extract information identifying the server resource from data packets associated with one or more server resource request messages (para. 0129; Exemplary instances of proxy access log information may comprise one or more of … (iv) API server to which a client request or message is transmitted by a proxy); 
analyzing the server resource request message data (para. 0132 and figs. 4 and 8; At step 804 the security server analyses information within the received access logs); and 
in response to the analyzing of the server resource request message data resulting in an identification of an indicator of compromise or that the client sending the server resource request is identified within a blacklist (para. 0132 and figs. 4 and 8; At step 804 the security server analyses information within the received access logs … and based on such analysis and one or more machine learning algorithms may generate, identify or consolidate information relating to one or more of: …. Indicators of compromise.), generating and sending a security response including an indication to not transmit at least one server resource request message received from the client at the access control server to a resource server (para. 0148 and figs. 4 and 8; At step 806, security server 408 communicates to the one or more proxies 404, one or more indicators of compromise identified at step 804, preferably along with a client device id or a connection id associated with each indicator of compromise. Each of the one or more proxies 404 may be configured to reject or discard one or more (and preferably all) subsequent client requests or messages from a client id or connection id associated with an indicator of compromise received from security server 408.).

Referring to claim 2, Subbarayan further teaches wherein the security response includes one of: an indication to not transmit the server resource request message received from the client to the resource server; an indication to transmit the server resource request message to the resource server and an indication to not transmit at least one server resource request message subsequently received from the client at the access control server to the resource server; or an indication to transmit the server resource request message to the resource server and an indication to not transmit at least one server resource response to the server resource request 91Attorney Docket No. PING-034/OOUS 304324-2136 message or at least one server resource response to at least one server resource request message subsequently received from the client at the access control server (paras. 0132, 0148 and figs. 4 and 8).

Referring to claim 3, Subbarayan further teaches wherein the analyzing the server resource request message data (para. 0148) includes one or more of: generating server resource metrics (paras. 0134 and 0147); generating blocked connection metrics (para. 0138); generating back end error code metrics (para. 0137); or identifying anomalies at the security server based on the server resource request message data (paras. 0137-0138).

Referring to claim 4, Subbarayan further wherein the server resource request message data includes at least one of: (i) server resource access request log information (paras. 0134 and 0147-0148), (iii) server resource characteristics data definitions (para. 0023), (iv) configuration data (para. 0024), (v) session data (para. 0025), or (vi) security data associated with the access control server (para. 0026).

Referring to claim 5, Subbarayan further wherein: the server resource access request data includes one or more of: (i) time stamp information corresponding to one or more communications received at or sent from the access control server, (ii) a connection identifier of the client communicating with the access control server, (iii) a connection identifier of the client communicating with the resource server through the access control server, (iii) a server resource name identified in the server resource request message, (iv) an identification of the resource server to which the server resource request message is to be transmitted by the access control server, (v) an Internet Protocol (IP) address 92Attorney Docket No. PING-034/OOUS 304324-2136 or port of the client; (vi) a method or command used by the client in generating the server resource request message, (vii) a Uniform Resource Locator (URL) and URL information, (viii) protocol information or version number, (ix) content type, (x) host accessed information, (xi) content length, (xii) client information, (xiii) user agent information, (xiv) Application Programming Interface (API) key, or (xv) authorization information including a token or cookie or other data record; the server resource characteristics data definitions include one or more of: (i) a client side name associated with the server resource, (ii) a server side name associated with the server resource, (iii) hostname associated with the server resource, (iv) an IP address of the server resource, (paras. 0023-0026, 0134 and 0147-0148; server resources).

Referring to claim 6, Subbarayan further wherein the security response is a first security response, the method further comprising: in response to the analyzing the server resource request message data indicating absence of indicators of compromise and that the client is not identified within the blacklist, generating and sending a second security response including an indication to transmit the server resource request message to the resource server (paras. 0132, 0148 and figs. 4 and 8).

Referring to claim 7, Subbarayan further teaches comprising: receiving, at the security server and from the access control server, server resource response message data extracted from a server resource response message provided by the resource server in response to the server resource request message; analyzing the server resource response message data; and in response to the analyzing the server resource response message data resulting in an identification of an indicator of compromise by the security server, generating and sending a third security response including an indication to not transmit at least one server response message from the resource server or at least one received server resource request message subsequently received from the client (paras. 0132, 0148 and figs. 4 and 8).

Referring to claim 8, Subbarayan further teaches wherein the third security response includes one of: an indication to not transmit the server resource response message by the access control server to the client; or an indication to transmit the server resource response message by the access control server to the client, and (i) an indication to not transmit at least one server resource response message subsequently received from the resource server for onward transmission to the client 94Attorney Docket No. PING-034/OOUS 304324-2136 or (ii) an indication to not transmit at least one server resource request message subsequently received from the client (paras. 0132, 0148 and figs. 4 and 8).

Referring to claim 9, Subbarayan further teaches comprising: in response to the analyzing the server resource response message data indicating absence of indicators of compromise, generating and sending a fourth security response including an indication to (paras. 0132, 0148 and figs. 4 and 8).

Referring to claim 10, Subbarayan further teaches comprising: authenticating the access control server from which the security server has received the server resource request message data prior to the analyzing the server resource request message data (paras. 0132, 0148 and figs. 4 and 8).

Referring to claim 11, This claim is similar in scope to claim 1, and is therefore rejected under similar rationale.

Referring to claim 12, This claim is similar in scope to claim 2, and is therefore rejected under similar rationale.

Referring to claim 13, This claim is similar in scope to claim 3, and is therefore rejected under similar rationale.

Referring to claim 14, This claim is similar in scope to claim 4, and is therefore rejected under similar rationale.

Referring to claim 15, This claim is similar in scope to claim 5, and is therefore rejected under similar rationale.

Referring to claim 16, This claim is similar in scope to claim 6, and is therefore rejected under similar rationale.

Referring to claim 17, This claim is similar in scope to claim 7, and is therefore rejected under similar rationale.

Referring to claim 18, This claim is similar in scope to claim 10, and is therefore rejected under similar rationale.

Referring to claim 19, Subbarayan further teaches a computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code comprising instructions executable by a processor to: 
in response to receiving a server resource request message (para. 0127 and figs. 4 and 8) and an access token from a client, verify the access token; 
in response to verifying that the access token is valid (paras. 0117 and 0123), (1) extract server resource request message data from the server resource request message and (2) send the server resource request message data to a security server such that the security server analyzes the server resource request message data and sends a security response based on the analyzing the server resource request message data (para. 0127-0132, 0148 and figs. 4 and 8); 
in response to the security response including an indication to not transmit at least one server resource request message received from the client to a resource server, (1) (para. 0148).

Referring to claim 20, Subbarayan further teaches wherein the instruction executable by the processor to verify the access token includes at least one of: an instruction executable by the processor to send a message to an authorization server that generated the access token to request a username associated with the access token; or an instruction executable by the processor to extract the username associated with the access token from the server resource request message (paras. 0117 and 0123).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please see PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YONAS A BAYOU whose telephone number is (571)272-7610.  The examiner can normally be reached on Monday-Friday 7AM-4PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/YONAS A BAYOU/Primary Examiner, Art Unit 2434                                                                                                                                                                                                        09/16/2021