DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Amendment 
  This office action is responsive to amendment filed on 09/23/2021. The Examiner has acknowledged claims 1, 3, 7-8, 14-15 and 19-20 amended. Claims 1-20 have been presented for examination and are rejected.  

Response to Arguments
Applicant's argument, filed on September 23rd, 2021 has been entered and carefully considered.
Applicant’s arguments, with respect to the rejection of claim 1 is rejected under 35 U.S.C. 103 as being directed to non-statutory subject matter. The rejection is traversed. Applicants have herein amended claim 11 to recite a non-transitory computer readable storage medium. Claim 11 rejection under 35 USC § 101, have been fully considered and are persuasive. Therefore, the rejection has been withdrawn.
Applicant's arguments with respect to amended claims1-20 under 35 USC § 103 have been considered but they are not persuasive.
Applicant argues in substance that: ” the teachings of Cochinwala and Verzun could be combined, any hypothetical combination of the references fails to teach, suggest, or describe a system comprising a processor that performs the operations recited by claim 1. In particular, none of the references teaches, suggests, or describes a system comprising a processor that counterpoises a client action by generating a supplemental action command and providing the supplemental action command to the machine-to-machine device, wherein the supplemental action command instructs the client application executing on the machine-to-machine device to generate a supplemental network message that counterpoises the client action, and wherein both the network message and the supplemental network message are transmitted by the machine-to machine device. …”
In response, the Examiner respectfully disagrees and finds this argument unpersuasive. After further review of the prior art applied, the Examiner contends that the reference still reads on the claimed invention. 
Under a broadest reasonable interpretation, words of the claim must be given their plain meaning, unless such meaning is inconsistent with the specification (MPEP § 2111.1). See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091,231 USPQ 375 (Fed. Cir. 1986). The Examiner respectfully disagrees because Under broadest reasonable interpretation (BRI), Cochinwala in view of  Verzun combined discloses the limitation that  " generating a supplemental action command and providing the supplemental action command to the machine-to-machine device, wherein the supplemental action command instructs the client application executing on the machine-to-machine device to generate a supplemental network message that counterpoises the client action, and wherein both the network message and the supplemental network message are transmitted by the machine-to machine device…”   describes that an obfuscated network traffic interface of the obfuscated network traffic server can transmit obfuscated network header content. According to specification paragraph [0046] supplemental client action should be implemented to counter balance, conceal, counterpoise, mask, obfuscate, and/or neutralize the client action. Therefore, Examiner interpreted counterpoises a client action by generating a supplemental action command as obfuscated network header content in ordered to mask the content that need to be secured or hidden. Paragraphs [0030-0035, 0047-0048] further discloses the obfuscated network traffic server 102 is operative to monitor and maintain a timeline of the communication sessions occurring in the physical network 104. The network traffic flows of the physical network 104 may include one or more communication sessions between any of the client network nodes 108-114, between any of the client server network nodes 116-122, or between any of the client network nodes 108-114 and the server network nodes 116-122. In general, a communication session may involve one or more network messages passed between two or more network nodes. Given their broadest reasonable interpretation consistent with the specification it still read on the amended claim.   
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Claim 1.
Applicants are interpreting the claims very narrow without considering the broad teaching of the reference to meet the claimed language. During patent examination, the pending claims must be "given their broadest reasonable interpretation consistent with the specification." > The Federal Circuit's en banc decision in Phillips v. AWH Corp., 415 F.3d 1303, 75 USPQ2d 1321 (Fed. Cir. 2005) expressly recognized that the USPTO employs the "broadest reasonable interpretation" standard: 
The Patent and Trademark Office ("PTO") determines the scope of claims in patent applications not solely on the basis of the claim language, but upon giving claims their broadest reasonable construction "in light of the specification as it would be interpreted by one of ordinary skill in the art." In re Am. Acad. of Sci. Tech. Ctr., 367 F.3d 1359, 1364[, 70 USPQ2d 1827] (Fed. Cir. 2004).
In view of the above, the examiner contends that all limitations as recited in the claims have been addressed in this Action. For the above reasons, Examiner believed that rejection of the last Office action was proper

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 8-13 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Cochinwala et al. (US 20120084464) in view of Verzun et al. (US 20160219024). 

With respect to claims 1, 8 and 15, Cochinwala teaches a system comprising: 
a processor (Cochinwala, see FIG. 2 and paragraphs [0037, 0047]); and
a memory that stores computer-executable instructions that, in response to being executed by the processor, cause the processor to perform operations (Cochinwala, see Paragraphs [0077, 0082]) comprising:
identifying, based on the network message, a client action that is associated with the client application (Cochinwala, see FIGS. 1, 2 and Paragraphs [0037-0038, 0045], and the network monitor 202 is operative to monitor one or more of the network traffic flows of the physical network 104. To monitor the network traffic flows, the network monitor 202 may be configured with a network model 212 that may identify the types of network traffic flows to monitor and how to handle a message extracted from an identified network traffic flow. In addition, the network model 212 may describe how the network monitor 202 is to parse the messages contained within a monitored network traffic flow. Paragraph [0058] further discloses the network traffic flow multiplexer 304 is also operative to request application content from the application content database 214 based on application content identifier. The application content identifier assists the network traffic flow multiplexer 304 in identifying the application content that was previously extracted by the network monitor 202 and facilitates the reconstruction of obfuscated network traffic flows that behave similarly to the network traffic flows monitored by the network monitor 202 (i.e. equivalent to client action ). As discussed below with reference to FIG. 7, the application content identifier may be a single identifier, such as a packet identifier, a combination of identifiers, or any other type of identifiers),
counterpoising the client action by generating a supplemental action command (Cochinwala, see paragraphs [0055-0061] FIG. 2, an obfuscated network traffic interface is in communication with the obfuscated network traffic database and the application content database. The obfuscated network traffic interface  is operative to receive a request for obfuscated network traffic and transmit the obfuscated network header content stored in the obfuscated network traffic database 218 based upon the request for obfuscated network traffic. Using the application content requested from the application content database 214 and the obfuscated network header content, the network traffic flow multiplexer 304 is further operative to reconstruct an obfuscated network traffic flow and/or obfuscated network messaged that includes the obfuscated network header content and the application content. The network traffic flow multiplexer 304 may also be operative to store the obfuscated network traffic flow and obfuscated network message in the obfuscated network traffic database), and
providing the supplemental action command to the device(Cochinwala, see paragraphs [0024-0027] The client network nodes 108-114 may be operative to request and receive content from the server network nodes 108-114. The server network nodes 108-114 may be operative to provide content to the client network nodes 108-114. Examples of content requested by the client network nodes 108-114 and provided by the server network nodes 116-112 include electronic files, streaming audio, streaming video, Internet web pages, or any other electronic content now known or later developed. The physical network 104 may include a first client network node 108 in communication with a second client network node 110. A client-client network traffic flow 128 may include network traffic that flows between the first client network node 108 and the second client network node 110. Any intervening number or types of network nodes may be between the first client network node 108 and the second client network node 110. An example of a network traffic flow type that may be communicated between the first client network node 108 and the second client network node 110 is a network traffic flow type for audiovisual communications). 
detecting a network message that is directed to a target source, wherein the network message is generated by a client application device based on a client action (Cochinwala, [0024-005] The client network nodes 108-114 may be operative to request and receive content from the server network nodes 108-114. The server network nodes 108-114 may be operative to provide content to the client network nodes 108-114. Examples of content requested by the client network nodes 108-114 and provided by the server network nodes 116-112), 
wherein the supplemental action command instructs the client application executing on the device to generate a supplemental network message that counterpoises the client action, and wherein both the 
Cochinwala yet fails to explicitly disclose a machine-to-machine,
However, Verzun discloses executing on a machine-to-machine (Verzun, see paragraphs [1285-1288] the sending client's SDNP application has to intentionally send a message informing a person being called or messaged that the information came from the specific caller. Since the signaling server knows the caller and the packet's routing it can determine a route for a reply data packet without ever revealing the caller's identity. Another condition requiring anonymous communication is in machine-to-machine or M2M, IoT or Internet-of-Things, vehicle-to-vehicle or V2V, or vehicle-to-infrastructure or V2X communication where a client doesn't want machines, gadgets and devices to be giving out contact and personal information to potentially hostile devices, agents, or cyber-pirate devices. For the 
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine Cochinwala with the teaching of Verzun to provide security, privacy, and as-required, anonymity, in transactional and information exchange involving machine-to-machine (M2M), vehicle-to-vehicle (V2V), and vehicle-to-infrastructure (V2X) communication. Insure the security of communicating devices and authenticate users to prevent unauthorized or fraudulent access or use; facilitate a secure means to store data in a device or online in network or cloud storage to prevent unauthorized access, where the combination of elements according to known methods would yield a predictable result, (Verzun, see paragraphs [0802-0805]).

With respect to claims 2, 9 and 16, Cochinwala-Verzun teaches the system, wherein the client action comprises at least one of requesting content from the target source, instantiating a tracking marker associated with the target source, retrieving content from the target source, and indicating a preference corresponding to content provided by the target source (Cochinwala, discloses requesting content paragraphs [0024-0027] the client network nodes 108-114 may be operative to request and receive content from the server network nodes 108-114. The server network nodes 108-114 may be operative to provide content to the client network nodes 108-114. Examples of content requested by the client network nodes 108-114 and provided by the server network nodes 116-112 include electronic files, streaming audio, streaming video, Internet web pages, or any other electronic content now known or later developed). 

With respect to claims 3, 10 and 17, Cochinwala-Verzun teaches the system, wherein the supplemental action command further instructs the machine-to-machine device to initiate a supplemental client action that generates the supplemental network message (Cochinwala, see Paragraphs [0054-0055, 0063, 0076] the obfuscated network traffic database 218 is operative to store the obfuscated network header content obfuscated (e.g., by masking) by the data masking processor 206. In the implementation shown in FIG. 2, an obfuscated network traffic interface 210 is in communication with 

With respect to claims 4 and 11, Cochinwala-Verzun teaches the system, wherein the network message comprises a network address corresponding to a target server that is associated with the target source, and wherein the supplemental network message is directed to an alternate source (Cochinwala, see Paragraphs [0014, 0028, 0047]the obfuscated network traffic database schema may include multiple segments, such as an Internet Protocol (“IP”) packet segment specifying IP packet attributes for the obfuscated network header content and a request and response segment specifying request and response attributes for the obfuscated network header content. The obfuscated network traffic database schema may also include a time segment specifying time attributes for the obfuscated network header content and a server segment specifying server attributes for the obfuscated network header content. Paragraph [0047] discloses masking may include analyzing the IP addresses in the network header content and changing or replacing the IP addresses with a set of IP addresses. In this example, the replacement IP addresses may be have characteristics in common with the replaced IP addresses, such as by being on a common sub-net or other characteristic. Paragraph [0055-0058] further discloses alternate obfuscated network traffic server 302 where the network traffic flow multiplexer 304 is operative to receive obfuscated network header content from the data masking processor 206. However, the network traffic flow multiplexer 304 may also receive the obfuscated network header content from another network header source, such as the obfuscated network traffic database 218, the network monitor 202, or any other component or system in communication with the obfuscated network traffic server 302. The network traffic flow multiplexer 304 is also operative to request application content from the application content database 214 based on application content identifier. The application content identifier assists the network traffic flow multiplexer 304 in identifying the application content that was previously extracted by the network monitor 202 and facilitates the reconstruction of obfuscated network traffic flows that behave similarly to the network traffic flows monitored by the network monitor 202).

With respect to claims 5, 12 and 18, Cochinwala-Verzun teaches the system, wherein the operations further comprise determining that the client action corresponds to a first content preference indicator, wherein the supplemental action command is generated such that a second content preference indicator is created so as to counterpoise the first content preference indicator (Cochinwala, see Paragraphs [0050-0053]) the masking attribute selector 208 may indicate that the data masking processor 206 is to mask the destination address field, source address field, the source port field, the destination port field, the sequence number field, or any other header field of a network message. Moreover, the masking attribute selector 208 may indicate that the header fields for one layer are to be masked while other header fields for another layer are not to be masked. For example, the masking attribute selector 208 may, indicate that one or more header fields of a transport layer protocol, such as TCP, are to be masked whereas one or more header fields of an Internet layer protocol, such as IP, are not to be masked. Other arrangements of selected header fields to be masked and header fields not to be masked are also possible. Paragraph [0062] further discloses the application content sensitivity attribute may indicate which types of application content are to be masked by the network traffic flow multiplexer 304 and/or the data masking processor 206. For example, the application content sensitivity attribute may indicate that the network traffic flow multiplexer 304 is to mask application content sent in a secured network message, such as a secured HTTP message, an SSH message, or other type of secured network message. As another example, the application content sensitivity attribute may indicate that the network traffic flow multiplexer 304 is to mask application content sent in an unsecured network message, but where the application content is of an application content type. For example, the sensitive application content may be passwords, usernames, bank account numbers, aliases, electronic images (e.g., .JPG, .GIF, etc.), electronic documents (e.g., .PDF, .DOC, .WPD, etc.) or any other type of sensitive application content that is sent in an unsecured network message. As another example, the application content may be identified as being sensitive when the application content is not intended to be viewed by a recipient other than the recipient identified in the corresponding network header content. Moreover, the application content sensitivity attribute may exclude types of application content from being 

With respect to claims 6, 13 and 19, Cochinwala-Verzun teaches the system, wherein the operations further comprise:
obtaining a network usage record that identifies instances of network activity by the machine-to-machine device (Cochinwala, see Paragraph [0044] the network model 212 may specify additional network traffic characteristics that the network monitor 202 is to record. For example, with regard to a network traffic flow having FTP content, the network model 212 may specify that the network monitor 202 is to record the name, size and transfer rate of the application content contained in the network traffic flow. As another example, with regard to a network traffic flow having HTTP content, the network model 212 may specify that the network monitor 202 is to record the number and type of Internet objects contained in each webpage of the HTTP content), and
isolating, from the network usage record, client action records that indicate network activity associated with user input, wherein the client action records are made available to a network service portal (Cochinwala, see Paragraphs [0041-0042] the network model 212 may describe that the content of the messages of the network traffic flows are to be divided into two or more groups of content based on the layers of the message (isolating or grouping user input such as user message). The network model 212 may define a first group of network content that includes the network level layers of a message. For example, where the OSI Model is specified, the first group of network content may include the network layer, the transport layer, the session layer, and the presentation layer. Similarly, where the TCP/IP Model is specified, the first group of network content may include the Internet layer and the transport layer. In this first group of network content. The second group of content that the network model 212 may define is a group of application content. The network model 212 may define that the group of application content includes the content of an application layer of a message. As examples, the type of content included in this group may include HTTP content, SIP content, FTP content, or any other type of application content. Thus, when the network monitor 202 receives a message, the network monitor 202 may extract the application .

Claims 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cochinwala et al. (US 20120084464) in view of Verzun et al. (US 20160219024) further in view of (Lin et al. (US 20070266091). 

With respect to claims 7, 14 and 20, Cochinwala-Verzun teaches the system,  yet fail to explicitly disclose wherein the operations further comprise:
intercepting the network message prior to the network message reaching the target source, and 
releasing the network message in response to detecting the supplemental network message from the machine-to-machine device.
However, Lin discloses wherein the operations further comprise:
intercepting the network message prior to the network message reaching the target source Lin, see FIG. 4, 5 and paragraphs [0051-0052, 0057, 0061-0064] FIG. 4 illustrates a flowchart representative of a process of detecting and intercepting a client TCP/IP request.  Modifications may be made to the TCP/IP process when detecting and/or intercepting TCP/IP responses destined for a client. A “pass-through” method whereby the HTTP request is intercepted before reaching its intended destination. When the system is active, it waits for a client TCP/IP request to be detected 40. If there is no request, the system waits for one to be detected 60. This detection step 40 may be incorporated as part of existing firewall monitoring processes, such as the process used by a firewall to monitor for viruses and unauthorized network access attempts), and 
releasing the network message in response to detecting the supplemental network message from the machine-to-machine device (Lin, see paragraph [0053, 0058, 0061] Once a TCP/IP request is detected 40, it is intercepted 41 and the desired content is selected 42, retrieved 44 from the content server and sent 46 to the client. In one embodiment, the content may be selected based on information contained within the communication protocol request and/or response, such as information indicative of the client (e.g., an IP address used alone or as an index or key to retrieve a profile associated with the client), information 
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine Cochinwala-Verzun with the teaching of Lin to provide method to intercept the network message prior to reaching the client device and the interception, or detection, of a data transfer protocol request occurs independently of the destination of the request. Obtaining extracted security sensitive data for security level and remainder data, and hence enabling data security, data privacy protection, secured sharing, collaboration, and survivability within a unified infrastructure, where the combination of elements according to known methods would yield a predictable result, (Lin, see paragraphs [0013, 0060]).

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELIZABETH KASSA whose telephone number is (571)270-0567.  The examiner can normally be reached on Monday -Friday 9 AM -6 PM.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
12/29/2021
/ELIZABETH KASSA/
Examiner, Art Unit 2457
 
/HEE SOO KIM/Primary Examiner, Art Unit 2457