DETAILED ACTION

Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 07/28/2021, 10/08/2020, and 06/11/2020 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Jain  et al. (US Patent Application No. 20110276951) (Hereinafter Jain ) in view of Fadida et al. (US Patent Application No. 20140053226) (Hereinafter Fadida).

	
As per claim 1, Jain discloses a system comprising: one or more processors; and memory storing instructions which, when executed by the one or more processors, cause the one or more processors to: 
obtain network data from sensor processes executing in a data center (para 34, sensor outputs the network data), the network data being at least partly based on operation system states associated with two or more operating systems (para 23,  guest and host; para 35, types of operating systems, for instance HP SiteScope and /proc file system in Unix/Linux) in the data center (para 34, the hosts in the cloud, infrastructure, which may be in a data center); 

 detect, based at least partly on the status of the data center, an indication of an attack within the data center (para 28. 42 , violation is detected. to detect several problems in data centers). Jain does not explicitly disclose in response to the indication of the attack, modify a security policy based on status of the data center. However, Fadida  discloses in response to the indication of the attack, modify a security policy based on status of the data center (fig 6, para 74, the detected security causes to update/modifies the security policy). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jain and Fadida. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). 

As per claim 2, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein the network data comprises a respective indication of active or previously active processes on each of the two or more operating systems (para 37, Sensor constructs based on active and passive network-level measurements may be implemented to infer path characteristics inside a data center; para 25, The cloud infrastructure may also cause an instance of the monitor 112 to concurrently run along-with the operating system kernel or the hypervisor/VMM (virtual machine manager) to observe the execution of all running applications or VMs, respectively, on a given host). 

As per claim 3, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein the network data identifies files present on the two or more operating systems ( para 25, The cloud infrastructure may also cause an instance of the monitor 112 to concurrently run along-with the operating system kernel or the hypervisor/VMM (virtual machine manager) to observe the execution of all running applications or VMs, respectively, on a given host). 

As per claim 4, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein the network data comprises data describing packets captured by the sensor processes executing in the data center (fig 1, data center para 55, Before sending or receiving each packet, network monitor consults the policy engine). 

As per claim 5, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein at least f the two or more operating systems comprises a first operating system of a virtual machine or a second operating system of a hypervisor (para 28, hypervisor in the cloud service layer 104 or OS).

As per claim 6, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein detecting the indication of the attack comprises at least one of detecting a spike in an amount of resources used by at least one of the sensor processes or detecting spoofed packets (fig 1, data center para 55, sending or receiving each packet [can be spoof packet), network monitor consults the policy engine). 

As per claim 7, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein detecting the indication of the attack comprises detecting a hidden process embedded in traffic between two or more reference points (para 36, kernel-level properties and network traffic). 

As per claim 8, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein detecting the indication of the attack comprises detecting a scan of a network as initiated by a command from outside of the network or from an unexpected source inside the network (para 53, DDoS attack). 

As per claim 9, claim is rejected for the same reasons including motivation as claim1, above. In addition, Jain discloses wherein detecting the indication of the attack comprises detecting a packet that has a packet header field that differs from an expected header pattern (para 33, Before sending or receiving each packet, network monitor consults the policy engine, broadly reads on the filtering based on the change of pattern). 

Claims 10-17 are rejected for the same reasons as claims 1-8, above.

Claims 18-20 are rejected for the same reasons as claims 1, 3, and 4, above.

Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493