DETAILED ACTION
In a communication received on 7 September 2021, applicants request reconsideration of the rejected claims.
Claims 1-8 and 11-14 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 7 September 2021, have been fully considered but they are not persuasive.

With respect to claim 1, the applicants allege, "George is comparing time stamps, not match parameters of packets to identify a session start packet match. George relies upon a common URL, not matched packets from a first side and a second side of a network address translator. Finally, the claim specifies that the internal packets and external packets have different IP addresses, not the single IP address in George" (page 2) with respect to the claimed limitation(s), "identify within the internal packets and the external packets a session start packet match, wherein the instructions to identify evaluate match parameters associated with the internal packets from the first side of the network address translator and external packets from the second side of the network address translator".  The examiner respectfully traverses.  The arguments/remarks pertain to whether the cited prior art does not disclose or suggest evaluating parameters associated with internal or external packets.  The examiner 
Ascertaining the differences between the prior art and the claims at issue requires interpreting the claim language, and considering both the invention and the prior art references as a whole (See 2141.02 "Differences Between Prior art and Claimed Invention).
As best understood by the examiner, the claimed limitation merely pertains to matching packets based on matching parameters that are associated with packets.  The examiner notes that the match parameters are recited generically and are merely associated with the packets.  George clearly discloses matching packets based on fingerprint data in packets from different sides of a probe.  More specifically, George discloses: assigning a timestamp to first access of a URL (page 18 line 31 - page 19 line 2); and monitoring packets on both sides of a network, the packets are filtered for specific criteria and are then fingerprinted without the header fields, and the fingerprinted data can be matched from packets on either side to determine they relate to the same communications session (page 21 lines 4-31).  In other words, George discloses correlating packets originating from different sides of the probe/monitoring appliance by analyzing packets containing application data of interest.  These packets can then be matched or correlated.  Further application data includes assignment of start and end times of a particular browsing session.  Additionally, Wong discloses: evaluate correspondence with connection object for outbound/inbound packets with corresponding address and ports (col. 1 lines 46-57, col. 2 lines 18-42); and the foreign address is the source address/port for an inbound packet while the foreign address is the destination address/port in an outbound packet (col. 1 lines 46-57, col. 2 lines 18-42).  Thus, Wong further discloses inbound and outbound packets from different sides with different IP address destinations.  Therefore, the cited prior art of record discloses the matching of packets based on parameters associated with packets including assigned session start and end times.

In conclusion, the applicants argue(s) that the cited prior art does not disclose or suggest evaluating parameters associated with internal or external packets.  The examiner traverses because the cited prior art clearly discloses correlating packets based on data associated with the packets from different sides of a network.

The applicants allege, "George matches based upon time stamps from a single web site, not internal and external packets on two sides of a network address translator" (page 3) with respect to the claimed limitation(s), "create a session entry with a session start time in response to the session start packet match".  The examiner respectfully traverses.  The arguments/remarks pertain to whether the cited prior art does not disclose or suggest two sides of a network address translator.  The examiner concludes that the cited prior art discloses and/or suggests a network address translator and correlating packets from either side and recording a session duration and start and end times associated with these packets.
"The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference.... Rather, the test is what the combined teachings of those references would have suggested to those of ordinary skill in the art." In re Keller, 642 F.2d 413, 425, 208 USPQ 871, 881 (CCPA 1981).
As best understood by the examiner, the claimed limitations pertain merely to recordkeeping of a session start after matching packet parameters.  George discloses: probe receives packets from a Gn/S interface of the core network side of the GGSN and probe receives packets from an internet side interface of GGSN (page 20 lines 4-8).  As stated above, George correlates packets which originate from 
In conclusion, the applicants argue(s) that the cited prior art does not disclose or suggest two sides of a network address translator.  The examiner traverses because the cited prior art discloses and/or suggests a network address translator and correlating packets from either side and recording a session duration and start and end times associated with these packets.

The applicants allege, "George is based upon time stamps not an identification within the internal packets and the external packets from two sides of a network address translator a session end match" (page 3) with respect to the claimed limitation(s), "identify within the internal packets and the external packets a session end match".  The examiner respectfully traverses.  The arguments/remarks pertain to whether the cited prior art does not disclose and/or suggest identifying a session end match based on identification within internal/external packets.  The examiner concludes that the cited prior art clearly suggests to one of ordinary skill in the art matching packets from different sides of a network to a same communication session and the association of the session and application data to session start and end times.

As best understood by the examiner, the identification of a start/end for a packet match is based on associated data of the packets.  George, page 21 cols. 4-30, clearly disclose that the invention can probe/monitor packets from either side of a network device and its corresponding network interfaces.  The packets can be correlated to the same communication session based on a fingerprint of the data in each packet.  The session has associated application data which includes start and end times for the duration of the session.  A packet can be identified as a beginning or end to a session.
As suggested above, the examiner advises amending to recite that the identifying of a match be based on identifying two packets and based on a trailer field in each packet indicating the side of the network the packet comes from.
In conclusion, the applicants argue(s) that the cited prior art does not disclose and/or suggest identifying a session end match based on identification within internal/external packets.  The examiner traverses because the cited prior art clearly suggests to one of ordinary skill in the art matching packets from different sides of a network to a same communication session and the association of the session and application data to session start and end times.

The applicants allege, "There is no teaching related to classifying packets into two groups, including transmission control protocol signaling packets and transmission control protocol non-signaling packets" (page 3) with respect to the claimed limitation(s), "classify packets into two groups, including transmission control protocol signaling packets and transmission control protocol non-signaling packets ... omit from further processing the transmission control protocol non-signaling packets".  The examiner respectfully traverses.  The arguments/remarks pertain to whether the cited 
Ascertaining the differences between the prior art and the claims at issue requires interpreting the claim language, and considering both the invention and the prior art references as a whole (See 2141.02 "Differences Between Prior art and Claimed Invention).
As best understood by the examiner, the claimed limitation is functionality corresponding to ingress/egress devices but the ingress/egress devices are not positively recited as entities of the claimed system.  Therefore, the functionality is at best an intended use of the system with ingress/egress monitoring devices.  Moreover, the claimed limitations do not specify the basis of the classification and is therefore interpreted as merely distinguishing one group of packets from another.  George, page 6 cols 1-10, clearly disclose filtering packets in order to allow certain packets through for processing.  The filtering is based on identifying indicators in the packet headers corresponding to particular events of interest.  Therefore, George clearly discloses classifying packets based on analyzing the packet's data.
The examiner suggests positively reciting that the system comprises the ingress/egress network monitoring devices and their corresponding configured functionality as well as specifying the basis of the classification for signaling and non-signaling packets.
In conclusion, the applicants argue(s) that the cited prior art does not disclose and/or suggest classifying packets into two groups.  The examiner traverses because the cited prior art clearly pertains to classifying packets into groups based on indicators in packet headers to identify particular events and further allow processing of some packets.

The applicants allege, "There is no reference to an operation to append to transmission control protocol signaling packet trailers a field indicating whether the packet is on the first side of the network 
Ascertaining the differences between the prior art and the claims at issue requires interpreting the claim language, and considering both the invention and the prior art references as a whole (See 2141.02 "Differences Between Prior art and Claimed Invention).
As best understood by the examiner, the claimed limitation pertains to functionality of ingress/egress monitoring devices which are not positively recited within the claimed system.  Therefore, the claims merely pertain to appending trailers a label to packets as an intended use of the matching system of the claim.  George discloses fpga offloading processing by filtering packets for specific events and only allow packets that are relevant for further processing (page 6 lines 1-10).  Charzinski sections 21 and 37, disclose that data can be prepended or attached to the header or trailer regarding labels which identify what side of the network is entering or leaving from corresponding to ingress and egress routers.  Therefore, the cited prior art suggests network processors that can monitor packets and append to trailers a label indicating a side of a network and/or which ingress/egress router points correspond to each packet.
The examiner suggests positively reciting that the system comprises the ingress/egress monitoring devices and their corresponding configured functions.
.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 3 and 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1), and further in view of Charzinski et al. (US 2006/0155872 A1).

With respect to claim 1, George discloses: a system, comprising; a processor; a memory connected to the processor (i.e., performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity in George, page 4 lines 8-22), the memory storing instructions executed by the processor to:
the internal packets being received from an ingress network monitoring device (i.e., probe receives packets from a Gn/S interface of the core network side of the GGSN in George, page 20 lines 4-8),

the external packets being received from an egress network monitoring device (i.e., probe receives packets from an internet side interface of GGSN in George, page 20 lines 4-8),
identify within the internal packets and the external packets a session start packet match (i.e., assigning a timestamp to first access of a URL in George, page 18 line 31 - page 19 line 2),
wherein the instructions to identify evaluate match parameters associated with the internal packets from the first side of the network address translator and external packets from the second side of the network address translator (i.e., monitoring packets on both sides of a network, the packets are filtered for specific criteria and are then fingerprinted without the header fields, and the fingerprinted data can be matched from packets on either side to determine they relate to the same communications session in George, page 21 lines 4-31),
create a session entry with a session start time in response to the session start packet match (i.e., generating a record of session start and end timestamps from correlated packets from respective sides of network in George, page 18 line 29-33, page 19 lines 1-2, page 21 lines 27-31, page 22 lines 1-3),
identify within the internal packets and the external packets a session end match (i.e., monitoring packets on both sides of a network, for correlated packets corresponding to 
record a session end time in response to the session end match (i.e., generating a record of session start and end timestamps from correlated packets from respective sides of network in George, page 18 line 29-33, page 19 lines 1-2, page 21 lines 27-31, page 22 lines 1-3); and
wherein each of the ingress network monitoring device and the egress network monitoring device include a device processor, and a device memory connected to the device processor (i.e., a processing unit arranged to examine packets on a first side of the network corresponding to a first interface and examining packets on a second side of the network corresponding to a second interface in George, page 8 lines 3-15), the device memory storing instructions executed by the device processor to:
classify packets into two groups, including transmission control protocol signaling packets and transmission control protocol non-signaling packets (i.e., filtering received packets for allowing packets relevant to specific type to be further processed in George, page 6 lines 1-10),
omit from further processing the transmission control protocol non-signaling packets (i.e., fpga offloading processing by filtering packets for specific events and only allow packets that are relevant for further processing in George, page 6 lines 1-10), and
forward the transmission control protocol signaling packets and the trailers to a network connected device for further evaluation. (i.e., forwarding the data to an FPGA for further evaluation and forwarding the data to a remote location for storage and further evaluation in George, page 16 lines 4-12).


evaluate internal packets from a first side of a network address translator with a first internet protocol address and a first port designation (i.e., evaluate correspondence with connection object for outbound/inbound packets with corresponding address and ports in Wong, col. 1 lines 46-57, col. 2 lines 18-42),
wherein the first internet protocol address and the first port designation are different than the second internet protocol address and the second port designation (i.e., the foreign address is the source address/port for an inbound packet while the foreign address is the destination address/port in an outbound packet in Wong, col. 1 lines 46-57, col. 2 lines 18-42).
Based on George in view of Wong, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Wong to improve upon those of George in order to reduce the latency in network appliances by simplifying the lookup process to correlate a packet with a specific connection/flow.

George discloses fpga offloading processing by filtering packets for specific events and only allow packets that are relevant for further processing (page 6 lines 1-10).  George and Wong do(es) not explicitly disclose the following.  Charzinski, in order to classify a packet based on its origin instead of individual identifier to process or route the data, which ultimately reduces the amount of data stored by the system (¶0039), discloses: 

Based on George in view of Wong, and further in view of Charzinski, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Charzinski to improve upon those of George in order to classify a packet based on its origin instead of individual identifier to process or route the data, which ultimately reduces the amount of data stored by the system.

With respect to claim 2, George further discloses: the system of claim 1 further comprising instructions executed by the processor to compute a session time based upon the session start time and the session end time (i.e., calculating a duration of a session based on the session beginning and ending indicated by access to a URL in George, page 18 line 31-33 and page 19 lines 1 and 2).

With respect to claim 3, George further discloses: the system of claim 1 further comprising instructions executed by the processor to compute a session size (i.e., calculating a duration of a session based on the session beginning and ending indicated by access to a URL in George, page 18 line 31-33 and page 19 lines 1 and 2).

.


Claims 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1) and Charzinski et al. (US 2006/0155872 A1), and further in view of Gell (US 2012/0281536 A1).

With respect to claim 4, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  Wong discloses identify a corresponding connection object for inbound/outbound packets with an address/port values (col. 1 lines 46-57, col. 2 lines 18-42).  George, Wong, and Charzinski do(es) not explicitly disclose the following.  Gell, in order to improve stream usage by monitoring expected session durations based on TCP sequence number (¶0264), discloses: the system of claim 3 further comprising instructions executed by the processor to compute the session size based upon the difference between a transmission control protocol end sequence number and a transmission control protocol initial sequence number (i.e., monitoring client-side TCP ACK number where a response starts with sequence number N and ends with sequence number N+L, where L corresponds to the content length of the session in Gell, ¶0264).
.


Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1) and Charzinski et al. (US 2006/0155872 A1), and further in view of Dolganow et al. (US 2010/0260048 A1).

With respect to claim 5, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  Wong discloses matching the source/destination IP address to search for a connection object specifying actions, flags, and/or status of the connection (col. 2 line 42 to col. 3 line 4,  col. 6 lines 47-67, fig. 2c, ).   George, Wong, and Charzinski do(es) not explicitly disclose the following.  Dolganow, in order to improve quality of service by identifying premium sessions and managing the establishment and connection of those sessions (¶0051-0052), discloses: the system of claim 3 further comprising instructions executed by the processor to compute the session size based upon a session time (i.e., estimate the number of bytes per second required by categorizing session flows by their media such as HD video or audio in Dolganow, ¶0051-0052).
Based on George in view of Wong and Charzinski, and further in view of Dolganow, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Dolganow to improve upon those of George in order to improve .

Claim 7  is/are rejected under 35 U.S.C. 103 as being unpatentable over George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1) and Charzinski et al. (US 2006/0155872 A1), and further in view of Cartwright et al. (US 2016/0156531 A1).

With respect to claim 7, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  George, Wong, and Charzinski do(es) not explicitly disclose the following.  Cartwright, in order to improve future quality of service with diagnosis of problems in historical calls reported by a customer (¶0017), discloses: the system of claim 1 wherein the instructions executed by the processor include instructions to identify the session start packet match based upon an internal packet time stamp being within a time threshold of an external packet time stamp (i.e., close timestamps as taught by packets belong to the same call if timestamps satisfy a threshold condition in Cartwright, ¶0059).
Based on George in view of Wong and Charzinski, and further in view of Cartwright, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Cartwright to improve upon those of George in order to improve future quality of service with diagnosis of problems in historical calls reported by a customer.


Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1) and Charzinski et al. (US 2006/0155872 A1), and further in view of in view of Li et al. (US 2005/0076108 A1).

With respect to claim 8, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  George, Wong, and Charzinski do(es) not explicitly disclose the following.  Li, in order to improve efficiency in a media gateway allowing session specific filtering of packets due to application of NAT to conserve public IP addresses (¶0002, ¶0005), discloses: the system of claim 1 wherein the instructions executed by the processor includes instructions to identify the session start packet match based upon same destination address and different source address on egress to the network address translator and different destination address and same source address on ingress from the network address translator (i.e., match internal and external packet as taught by determine a match to a session based on the destination address matching and a source address matching a remote address  in Li, ¶0041-0045). 
Based on George in view of Wong and Charzinski, and further in view of Li, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Li to improve upon those of George in order to improve efficiency in a media gateway allowing session specific filtering of packets due to application of NAT to conserve public IP addresses.


Claim 11 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1) and Charzinski et al. (US 2006/0155872 A1), and further in view of van Bemmel (US 2014/0330977 A1).

With respect to claim 11, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  
Based on George in view of Wong and Charzinski, and further in view of van Bemmel, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of van Bemmel to improve upon those of George in order to implement stateless control of TCP connection through modification of TCP packets to include header/trailer information.

With respect to claim 12, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  George, Wong, and Charzinski do(es) not explicitly disclose the following.  van Bemmel, in order to implement stateless control of TCP connection through modification of TCP packets to include header/trailer information (¶0058), discloses: the system of claim 1 wherein each trailer of the trailers includes a network device identification (i.e., append a trailer with the client address, the original source of the packet, IP address in a trailer as taught by insert an IP address in the trailer in van Bemmel, ¶0058).
Based on George in view of Wong and Charzinski, and further in view of van Bemmel, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of van Bemmel to improve upon those of George in order to .


Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1) and Charzinski et al. (US 2006/0155872 A1), and further in view of Watanabe (US 6,647,427 B1).

With respect to claim 13, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  George, Wong, and Charzinski do(es) not explicitly disclose the following.  Watanabe, in order to add switching functionality for classification and processing based on the port (col. 5 line 60 to col. 6 line 4), discloses: the system of claim 1 wherein each trailer of the trailers includes a port identification (i.e., port in trailer as taught by include port number in a trailer, port number used for further switching in Watanabe, col. 5 line 60 to col. 6 line 4).
Based on George in view of Wong and Charzinski, and further in view of Watanabe, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Watanabe to improve upon those of George in order to add switching functionality for classification and processing based on the port.


Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable George et al. (GB 2534563 A1) in view of Wong et al. (US 6,389,419 B1) and Charzinski et al. (US 2006/0155872 A1), and further in view of Coburn et al. (US 2011/0145584 A1).

With respect to claim 14, George discloses performing an examination of packets from either side of a gateway node to correlate subscriber identities with internet activity (page 4 lines 8-22).  George, Wong, and Charzinski do(es) not explicitly disclose the following.  Coburn, in order to improve the integrity of received packet data by including a hash of the packet contents (¶0023), discloses: the system of claim 1 wherein each trailer of the trailers includes a hash of packet contents that omits a source internet protocol address and a destination internet protocol address (i.e., hash of packet content in a trailer as taught by hash value of the content of the packet in the trailer for use in verifying the integrity of the packet contents in Coburn, ¶0023).
Based on George in view of Wong and Charzinski, and further in view of Coburn, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Coburn to improve upon those of George in order to improve the integrity of received packet data by including a hash of the packet contents.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sherman Lin
12/28/2021



/JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447