Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-15 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 101
 35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

 
Claims 8-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

Claims 8-15 are directed systems that when interpreted in light of the specification may read on software alone which is non-statutory.  In order to comply, the claimed systems must explicitly comprise hardware (e.g. a processor, memory) so they may not be reasonably be interpreted as software alone.
 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claim 1 recites, “repeating the previous steps” (second to last line), however it is unclear what of the previous steps this refers to. A clearer means of referring to specific steps would be to label the steps as was done in claim 8 and then refer to those labels when indicating what steps are repeated.

Claim 1 recites, “wherein the labelling is done by matching features from the first dataset and features collected by logs of metadata.” The limitation “logs of metadata” is unclear since the claim previously recites, “the first dataset comprising features defined by the metadata for each network flow.” That is, the claim does not previously recite “logs” but only metadata and therefore it is unclear where/how the logs are generated and if the metadata contained therein is the same metadata that was previously recited. Claim 8 recites similar limitations and is similarly rejected. 


Allowable Subject Matter
Claims 1-15 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, and 35 U.S.C. 101 set forth in this Office action. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US Pub. No. 2018/0219889 (Oliner) – The method involves obtaining sequences of time series values determined from raw machine data. Each sequence corresponds to a respective time series. The raw machine data is produced by one or more components within an information technology or security environment and reflects activity within the information technology or security environment. Several predictive models are generated for a first time series from the sequences of time series values. Each predictive model generates predicted values associated with the first time series using time series values corresponding to a second time series. One or more characteristics of several predictive models are evaluated. The predictive model is automatically selected  from several predictive models for anomaly detection based on the evaluation of one or more characteristics.
US Pat. 9,813,310 (Sieracki) – The system comprises a capture processing portion executing to time-capture multiple segments of the communications signals transmitted during an interconnected session established between the remote sites and the local site. A parsing processing portion is coupled to the capture processing portion to generate for the interconnected remote sites at the envelope signal indicative of a 
US Pat. 10,061,578 (Walsh et al) – The method involves obtaining event metadata defines the real time events from multiple different software development tools. The event metadata is obtained from multiple different software development tools comprise an agile product descriptor of a software product corresponding to each real time event. The event metadata records are stored, comprising several data fields to link a set of event metadata records across multiple different software development tools. The several data fields is provided with an agile product descriptor field.
US Pat. 10,375,090 (McGrew et al) – The method involves receiving telemetry data regarding traffic flow in a network. The set of the individually compressed features is extracted from the received telemetry data. A lookup of a set of classifier inputs is performed from an index of classifier inputs using the individually compressed features from the received telemetry data. The traffic flow is classified by inputting the classifier inputs to a machine learning-based classifier, where the feature comprises a sequence of packet lengths and time data regarding the traffic flow, a sequence of application lengths and time data regarding the traffic flow, byte distribution data regarding the traffic flow, a ciphersuite, and a transport layer security extension, the received telemetry data comprise a netflow or internet protocol flow information export record, and the machine learning-based classifier comprises a random forest classifier or a regression-based classifier.
US Pat. 10,904,275 (Anderson et al) – The method involves receiving traffic data regarding multiple observed traffic flows. One or more characteristics of the observed traffic flows are mapped from the traffic data to traffic characteristics associated with a 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS J DAILEY whose telephone number is (571)270-1246.  The examiner can normally be reached on 9:30am-6:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





Primary Examiner, Art Unit 2452