Remarks
Claims 1-7 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement filed 7/22/2019 fails to comply with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because non-patent literature documents 3 and 5-7 do not have dates.  It has been placed in the application file, but the information referred to therein has not been considered as to the merits.  Applicant is advised that the date of any re-submission of any item of information contained in this information disclosure statement or the submission of any missing element(s) will be the date of submission for purposes of determining compliance with the requirements based on the time of filing the statement, including all certification requirements for statements under 37 CFR 1.97(e).  See MPEP § 609.05(a).


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.




Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1 and 5-7 are rejected under 35 U.S.C. 102(a)(1) and/or 102(a)(2) as being anticipated by Nakae (U.S. Patent Application Publication 2004/0172557).  
Regarding Claim 1,
Nakae discloses a request control device comprising:
A memory (Exemplary Citations: for example, Abstract, Paragraphs 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, and associated figures; memory on which data, programs, and such are stored, for example.  This is seen in many additional areas, such as figure 31, as one example); and
A processor coupled to the memory and programmed to execute a process comprising (Exemplary Citations: for example, Abstract, Paragraphs 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, and associated figures; processor of any kind, for example.  This is seen in many additional areas, such as figure 31, as one example):
Receiving a request issued from a terminal device to a server, causing a sandbox in which an environment of the server is reproduced to 
Regarding Claim 6,
Claim 6 is a method claim that corresponds to device claim 1 and is rejected for the same reasons.  
Regarding Claim 7,
Claim 7 is a medium claim that corresponds to device claim 1 and is rejected for the same reasons.  
Regarding Claim 5,
Nakae discloses that the processor is further programmed to execute:
Obtaining identification information on the request by using at least one of an IP address of the request, a port number, a reception time, and a hash value of the request, and storing, in a memory, inspected request information in which the identification information on the request and an inspection result of the request in the sandbox are associated with each other (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 202-209, 219, 237-242, 
When receiving a request from the terminal device, obtaining the identification information on the received request from the inspected request information, causing the sandbox to inspect the received request if a request corresponding to the identification information has not been inspected, and transferring the received request to the server if a request corresponding to the identification information has been inspected and an inspection result of the request does not indicate detection of an attack in the inspected request information (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 202-209, 219, 237-242, 329,  527-534, and associated figures; allowing traffic if a rule says to, and sending traffic to the decoy unit if no rule is set, for example).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-4 are rejected under 35 U.S.C. 103 as being unpatentable over Nakae in view of Terry (U.S. Patent Application Publication 2017/0201543).

Nakae discloses that the processor is further programmed to execute:
Storing in a memory, for each of variables included in the request, information indicating a value of the variable, the value of the variable being processible in an application in the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, 527-534, and associated figures; variables, such as addresses, ports, or the like, as examples); and
Receiving a request issued from the terminal device and sending a variable in the request into a value of the variable that is processible in the application in the sandbox, and transferring the request to the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, 527-534, and associated figures);
But does not explicitly disclose converting the variable.  
Terry, however, discloses that the processor is further programmed to execute:
Storing in a memory, for each of variables included in the request, conversion information indicating a value of the variable, the value of the variable being processible in an application in the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-
Receiving a request issued from the terminal device and converting a variable in the request into a value of the variable that is processible in the application in the sandbox, and transferring the request to the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-84, 87, and associated figures; converting to benign format, hexadecimal, etc., for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the malicious activity detection techniques of Terry into the attack defending system of Nakae in order to allow the system to detect additional forms of malicious activity, to prioritize which communications to drop, to allow for further analysis, to provide benign formats of data for analysis so that attacks are less likely, and/or to increase security in the system.  
Regarding Claim 3,
Nakae as modified by Terry discloses the device of claim 2, in addition, Nakae discloses that a variable to be converted among the variables included in the request is at least one of a session ID, a nonce, a user ID, a password, and a content ID of dynamic content that are included in the request (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 
Terry discloses that a variable to be converted among the variables included in the request is at least one of a session ID, a nonce, a user ID, a password, and a content ID of dynamic content that are included in the request (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-84, 87, and associated figures; all data can be converted to hexadecimal, for example).  
Regarding Claim 4,
Nakae as modified by Terry discloses the device of claim 2, in addition, Nakae discloses that the processor is further programmed to execute:
Extracting variables included in the request from a past access log or a communication packet to the server, identifying a variable for which a degree of value change at every access or communication to the server is equal to or higher than a predetermined threshold from among the extracted variables, and setting the identified variable as the conversion information (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 202-209, 219, 237-242, 329,  527-534, and associated figures; using historical data from previous communications, confidence goes up with good communications, for example); and

Extracting variables included in the request from a past access log or a communication packet to the server, identifying, as a variable to be converted in the request, a variable for which a degree of value change at every access or communication to the server is equal to or higher than a predetermined threshold from among the extracted variables, and setting the identified variable as the conversion information (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-84, 87, and associated figures; frequencies based on previous communications, going up as more malicious traffic is sent, for example).  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432