Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.This action is responsive to the communication filed on September 24, 2019. At this time, claims 1-9 are pending and addressed below. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
                                                                     Claim Objections
Claims 1, 5, 6, 7, 8 and 9 are objected to because of the following informalities: As to claims 1, 5 and 9, these claims recite “….tentatively…” It is not clear that the statement after that word is part of the limitation. A positive recitation of the claim needs to be recited.  Appropriate correction is required.

As to claims 5, 6, 7 and 8; these claims recite the word “…. Step…..”. A method claim is inherently a sequence of steps, therefore the word step creates redundancy in the claims. Appropriate correction is required. 
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.


As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)          the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)          the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)          the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
“ a collecting unit,” (claims 1,  ); “ an extracting unit ,” (claims 1,3 ); “ a generating unit,” (claims 1, 2 ); “ a submitting unit” (claim 4) 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function (accordingly, see corresponding 112(b) rejection).
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.




The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5-6 and 9 are rejected under 35 U.S.C 103 as being unpatentable over Stolfo, US pat.No 20050265331 in view of Sumeets, NPL document “ Automated Worm Fingerprinting “ (IDS submitted , 9/24/2019)

Claims 1, 5 and 9. Stolfo discloses a signature generating device (See [0015]; Signatures can optionally be generated for any payloads determined to be a worm or virus.         ) comprising: 
a collecting unit configured to collect threat information; (See [ 0016]; receiving a plurality of payload data in the network.)
an extracting unit configured to extract attack data from the threat information collected by the collecting unit; (See [0098]; the server can identify the longest common string, or longest common subsequence, found in payloads that are considered to be anomalous. If the anomalous data is determined not to be in fact a worm or virus, then it is discarded at step S436 and the process ends for that particular payload data.)
and a generating unit configured to generate a signature on the basis of the attack data extracted by the extracting unit, (See [0098]; Based on the longest common string, or the longest common subsequence, the host would generate a signature which identifies the particular worm or virus an serves as a content filter for the worm or virus )
wherein the generating unit is configured to, 

Stolfo does not appear to explicitly disclose evaluate whether a tentatively generated signature includes a character string used in non-attack data, 
and when the tentatively generated signature includes the character string used in the non-attack data, remove the character string from the tentatively generated signature to generate a signature. 
However, Smeets discloses evaluate whether a tentatively generated signature includes a character string used in non-attack data, (See Sumeets. Sections 2.2 and 5.2; While content prevalence is the key metric for identifying potential worm signatures, address dispersion is critical for avoiding false positives among this set. )
and when the tentatively generated signature includes the character string used in the non-attack data, remove the character string from the tentatively generated signature to generate a signature. (See Sumeets. Sections 2.2 and 5.2;  Like Earlybird, Autograph also uses network-level data to infer worm signatures and both systems employ Rabin fingerprints to index counters of content substrings and use white-lists to set aside wellknown false positives. E.g., the white list is used to remove non-attack data)
Stolfo and Sumeets are analogous art because they are from the same field of endeavor which is signature generation. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Stolfo with the teaching of Sumeets to include the white list because it would have been used to set aside begning data before generating a signature based on malicious information.

2. The combination of  Stolfo and Sumeets discloses the signature generating device according to claim 1, wherein the character string used in the non-attack data is stored in a database, (See Sumeets. Sections 2.2 and 5.2;  Like Earlybird, Autograph also uses network-level data to infer 
and the generating unit is configured to perform matching between a character string included in the tentatively generated signature and the character string stored in the database to evaluate whether the tentatively generated signature includes the character string used in the non-attack data. (See Stolfo, [0013]; Data transmitted through the network is compared to a model of "normal" data previously received by the network in order to determine its likelihood of being harmful.)
Stolfo and Sumeets are analogous art because they are from the same field of endeavor which is signature generation. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Stolfo with the teaching of Sumeets to include the white list because it would have been used to set aside begning data before generating a signature based on malicious information. Claim 6. As to claim 6, the claim is rejected under the same rationale as claim 2. See the rejection of claim 2 above.                                                    Allowable Subject Matter
Claims 3 and 4 (together) and 7 and 8 (together) are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
                                                             Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
YI, US10225269, title “ Method and apparatus for detecting network attacks and generating attack signatures based on signature merging” 

Xu, US pat.No 20170264626, abstract, “determining that the cookie is associated with malware; and generating a signature based on the cookie.“

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
Date: 11/17/2021                                                        /JOSNEL JEUDY/Primary Examiner, Art Unit 2438