DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 11-25 have been considered but are moot in view of the new ground(s) of rejection set forth.

Applicant's arguments filed October 6 2021 have been fully considered but they are not persuasive. In regards to the applicant’s arguments regarding claim 11, as amended, the examiner respectfully disagrees with certain arguments presented by the applicant. For example, the applicant argues that independent claim 11 as amended, includes the claim feature of “the local acknowledgement is generated to correspond to an acknowledgement expected from the second communication device” is not taught in the prior art (Of Record). 

However the examiner respectfully disagrees as Samuell (Of Record), discloses the newly amended claim feature in claim 11 of “the acknowledgement is generated to correspond to an acknowledgement expected from the second communication device” (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926). For example referring to Fig. 9B of Samuell, the acknowledgements 932 from Host device 130 is an acknowledgement expected to be received from the second communication device but is not received because the slow-path module does not forward the acknowledgements to the host 110, (Samuell, see Fig. 9B & Para [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”)). Instead the host 110 receives the local acknowledgements 922, 924, & 926 for acknowledging receipt of the data 922, 924, & 926 (Samuell, see Para [0228]). Therefore Samuell does disclose the claim feature in claim 11 of “the acknowledgement is generated to correspond to an acknowledgement expected from the second communication device”. Such local acknowledgement 922, 924, & 926 (Samuell, see Fig. 9B) taught in Samuell is the same as the local acknowledgement generated by the network device according to the applicants claimed invention for accelerating the communication which results in reducing latency in the communication instead of waiting for the acknowledgement from the second communication device to be received and then see Fig. 9B i.e., Data-N from host 110 after reception of acknowledgements 922, 924, & 926 & Para [0228]) which would have been performed if the acknowledgement was received from the second communication device Host 130. 
 
In regards to the applicants argument on (Pg. 8 of the remarks), the applicant argues the newly amended claim feature in claim 11 of the network device and the network node reside in the same local area network. However a new ground(s) of rejection has been set forth for the amended claim feature, and therefore arguments presented with respect to the newly amended feature are considered moot.  

The applicant argues on (Pg. 8 of the remarks), that the instant application relates to enhancing communication between communicating entities by reducing a latency in the communication by acknowledging the delivery of the data traffic locally in the transmitting end. Samuell teaches this concept of generating local acknowledgements exactly corresponding to the acknowledgements receivable from the recipient  (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926). 

The applicant further argues that the transmitting end can initiate a transmittal of another data frame in response to the generated acknowledgement, without waiting to receive an acknowledgement from the recipient (see Pg. 8 of the remarks). Samuell teaches this concept the transmitting end initiating transmittal of another data frame in response to receiving the generated local acknowledgment (Samuell, see Fig. 9B i.e., Data-N from host 110 after reception of acknowledgements 922, 924, & 926 & Para’s [0227-0228]). As previously explained the local acknowledgement generated in Fig. 9B of Samuell results in accelerating the communication which results in reducing latency in the communication instead of waiting for the acknowledgement from the second communication device to be received and then sending additional data from the first communication device. 

In regards to the applicant’s argument that Samuell relates to an inline device, the “network device” 210 which resides locally at an end of the first communication device 120 according to applicants disclosure (see Fig. 1 of applicants disclosure) is an inline device since it is in line of the communication channel and obtains or intercepts data from the first communication device 120, (see Fig. 1 of applicants disclosure & Pg. 14 of applicants disclosure lines 1-6 i.e., the data traffic goes through the network device 210, Pg. 8 lines 1-4 i.e., The server 120 transmits to the client device 110 through the network device 210 & Pg. 10 lines 4-7 i.e., a network device 210 through which data traffic is arranged to travel & Pg. 10 lines 13-16 i.e., The monitoring of the data traffic may e.g. be implemented so that the network device 210 is coupled to an applicable connection point of a device residing in the communication channel, such as a predetermined port in a switch). Therefore, according to the applicants disclosure, the network device being coupled to a connection point of a device residing in the communication channel such as a predetermined port in a switch, will be an inline device in the communication channel which obtains the data from the port of the switch because the data goes through the network device. Therefore the network device 210 of applicant’s disclosure in an inline device.

The examiner respectfully disagrees with applicant’s argument that the inline proxy of Samuell only increases latency. The inline proxy of Samuell decreases latency of communication between the devices 110 and 130 based on the generated local acknowledgement which accelerates the communication and this decreases latency of the data communication (Samuell, see Para’s [0227-0228]). 

In regards to the applicant’s argument regarding the teachings of Mutoh (Of Record), the examiner respectfully disagrees. MUTOH discloses the claim feature in claim 11 of a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at an end of a first communication device in a local area network (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”) & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong). 

The applicant argues that the WAN accelerators are clearly inline devices. However as previously explained, the claimed network device is also an inline device in light of the applicant’s disclosure. The WAN accelerators of Mutoh can be compared to the network device according to the instant application because first, it resides locally at an end of a first communication device in a local area network, (Mutoh, see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004-0005] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)) and because it generates local acknowledgements to the transmitting node P2 in response to a received data packet transmitted from the transmitting node P2 (Mutoh, see Fig. 1 & Para [0006] i.e., ACK packet) which results in the transmitting node P2 transmitting the next data packet (Mutoh, see Para [0006]). This procedure in Mutoh also results in accelerating the communication which results in reducing latency in the communication instead of waiting for the acknowledgement from the second communication device to be received and then sending additional data from the first communication device which is what the applicants claimed invention aims to achieve based on generating the local acknowledgement. Therefore the WAN accelerator in Mutoh can be compared to the claimed network device in claim 11. 

In regards to the applicants arguments on (Pg. 9 of the remarks), the applicant argues that in Mutoh, since the location of the WAN accelerator is defined to be at the border as mentioned in Para [0004], it confirms that the accelerator does not locate close to the communication device. However the examiner respectfully disagrees with applicant’s argument since the claim does not claim the network device is “close” to the first communication device, nor is the term “close” even claimed. Rather the claim requires that the network device resides locally at an end of the first communication device. With broadest reasonable interpretation of the claim feature, the WAN accelerator does reside locally at an end of the first communication device P2 because it is a proxy for devices inside the internal network including the transmitting node P2 (Mutoh, see Fig. 1 & Para’s [0004-0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 belongs). Therefore the WAN acceleration device P1A resides locally at an end of the transmitting node P2 since it is a proxy for devices inside the internal network including the transmitting node P2 according to Fig. 1 of Mutoh which is similar to the network device 210 residing locally at an end of the first communication device such as the server 120 in Fig. 2 of the applicant’s disclosure.   

In regards to the applicants argument that the latency cannot be decreased in the same sense as the network device of the instant application, the examiner respectfully disagrees. The latency can be decreased in the same sense as the network device of the instant application because a local acknowledgement is generated by the WAN accelerator and a next data packet is transmitted from the transmitting node P2 which decreases latency of the communications in the same way as the instant application (Mutoh, see Fig. 1 & Para [0006]).  

In regards to the applicant’s argument on Pg. 10 of the remarks, the applicant argues that “Furthermore, even if Mutoh teaches that the operation of the WAN accelerator is to increase data transmission, it is not based on using ACK frames locally, and thus, the increase of the data transmission is not caused by the same merits as in the network device of claim 11 in which the generation of local acknowledgements bring the advantages of the instant application” However the examiner respectfully disagrees as the WAN accelerator in Mutoh does teach the WAN accelerator generating ACK frame locally (Mutoh, see Fig. 1 & Para [0006] i.e., ACK). Therefore the WAN accelerator of 

The applicant further argues on Pg. 10 that any acknowledgement is not locally generated in Samuell and Mutoh. However the examiner respectfully disagrees as the acknowledgement is locally generated in both references (Samuell, see Para’s [0227-0228] & Mutoh, see Para [0006]). In regards to the applicant’s argument that the accelerator device in Mutoh is clearly an inline device, the claimed network device in claim 11 is an inline device in light of the applicant’s disclosure as previously explained. 

In regards to the applicants argument that the WAN accelerator of Mutoh does not generate an acknowledgment corresponding to an acknowledgement received from the recipient, the teachings of Samuell discloses such feature as previously explained above with respect to the claim feature “the acknowledgement is generated to correspond to an acknowledgement expected from the second communication device” (Samuell, see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926). Mutoh furthermore discloses generating a local acknowledgement (see Para [0006]). Therefore one of ordinary skill in the art would combine the teachings of Samuell and Mutoh for purposes of reducing latency in the data communication. 

In regards to the applicant’s arguments regarding the teachings of Kobayashi, a new ground(s) of rejection has been set forth in view of the claim amendment of claim 11. Therefore arguments with respect to the teachings of Kobayashi are considered moot. 

The same reasoning also applies to independent claims 16 and 19 which recite similar claim features as independent claim 11. For the reasons explained the references of Samuell and Mutoh are maintained. The dependent claims remain rejected over the prior art references of Samuell and Mutoh based on their dependence to the independent claims.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

3.	Claims 11-25 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the 

Regarding Claim 11, the claimed subject matter of “the first communication device in a local area network” and “the network device is arranged to monitor the data traffic through a port of a network node in the same local area network as the network device” was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 

For example the specification does not describe the claimed subject matter of the first communication device in a local area network and a network node in the same local area network as the network device. The examiner has failed to locate the description of the claimed subject matter in the applicant’s specification. The only communication network described in the applicants specification is the communication network 130 of Fig.’s 1-2. However the specification does not describe a local area network nor does the specification describe the claimed subject matter of “the first communication device in a local area network” and “the network device is arranged to monitor the data traffic through a port of a network node in the same local area network as the network device”. Independent claims 16 and 20 which recite similar features, are also rejected under 35 U.S.C. 112(a) 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 11-12, 14-16, 18-21, and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Samuell et al. US (2014/0012981) in view of MUTOH et al. US (2014/0082180), and further in view of Kawasaki et al. US (2018/0183816). 

Regarding Claim 11, Sammuell discloses a method for controlling a communication of a first communication device (see Fig. 9B i.e., Host 110) to a second communication device (see Fig. 9B i.e., Host 130) over a communication network (see Fig. 9B i.e., Host 110 communicating with Host 130), the method comprises: monitoring, by a network device residing at an end of the first communication device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110), data traffic to the communication network from the first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]). 

see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

generating by the network device (see Fig. 9B i.e., 250) residing at an end of the first communication device (see Fig. 9B i.e., Host 110), an acknowledgment (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926) complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

The acknowledgement is generated to correspond to an acknowledgement expected from the second communication device (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).

and transmitting, by the network device (see Fig. 9B i.e., 250) residing at an end of the first communication device (see Fig. 9B i.e., Host 110), the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110) for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device residing locally at an end of the first communication device in a local area network. 

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at an end of a first communication device in a local area network (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”) & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at an end of the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at the end of the first communication device in a local area network based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at an end of a first communication device such as transmitting node 

While Sammuell discloses the network device (see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node in the same local area network as the network device, the network node residing locally at an end of the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kawasaki et al. US (2018/0183816).

Kawasaki discloses a network device (see Fig. 1 i.e., Gateway Apparatus 10 & Fig. 3 i.e., Monitoring communication unit of Gateway Apparatus 10) is arranged to monitor (see Fig. 3 i.e., Monitoring Communication Unit 14) data traffic through a port (see Fig. 1 i.e., Mirror Port 51 of Switch 5) of a network node (see Fig. 1 i.e., Switch 5)  in the same local area network as the network device (see Fig. 1 i.e., Switch 5 connected to gateway apparatus 10), (see Fig. 1 & Para’s [0032] i.e., the switch 5 is connected to an internal network 9, such as a LAN. Further, the switch is connected to the gateway apparatus 10 (i.e., switch 5 (i.e., “network node”) is in the same LAN as the gateway apparatus 10 (i.e., “network device”), [0033] i.e., The switch 5 has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the gateway apparatus 10 is composed, as shown in Fig. 2, of… an internal network interface (IF) 36 for connecting the internal network 9 (i.e., internal network 9 is a LAN (i.e., see Para [0032]), therefore the gateway apparatus 10 (i.e., “network device”) and the switch 5 (i.e., “network node”) are in the same local area network)…Para [0035] i.e., The gateway apparatus 10 includes monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0036] i.e., monitoring communication unit 14 receives and acquires packet data which is input from the monitoring port 361, [0044] i.e., The switch 5 outputs, from the mirror port 51, data transmitted from an internal network 9 side, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110), [0049] i.e., the switch 5 is connected to the internal network 9, and the monitoring port 361 of the gateway apparatus 10 is connected to the mirror port 51 of the switch 5, & [0079])

the network node (see Fig. 1 i.e., Switch 5) residing locally at an end of a first communication device (see Fig. 1 i.e., Device 8) in the communication channel (see Fig. 1 i.e., communication channel 9) in which the data traffic is conveyed (see Fig. 1 i.e., Switch 5 residing locally at an end of a first communication device such as device 8 & Para’s [0032-0033] i.e., the devices 8, connected directly or indirectly to the internal network 9 transmit data, [0036], & [0042] i.e., It should be noted that, in addition to the above-described processing performed in the normal operation, the switch 5 outputs, from the mirror port 51, data which are transmitted from the device 8 & [0043-0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9) 

and the port of the network node (see Fig. 1 i.e., Mirror Port 51 of Switch 5) is arranged to mirror the data traffic to the network device (see Fig. 1 i.e., Gateway Apparatus 10), (see Para’s [0033] i.e., The switch 5 in this embodiment has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0042] i.e., the switch 5 output, from the mirror port 51, data which are transmitted from the device 8, [0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110)).

(Kawasaki discloses suggests the gateway apparatus 10 is used for monitoring communication related to the nodes or devices 8 for detecting unauthorized access to the devices based on the monitored data, (see Para’s [0001], [0009-0010], [0036], & [0044-0046]).  

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of the network node or switch which is in the same local area network as the network device as disclosed in Kawasaki who discloses the port of the network node or switch apparatus which resides locally at an end of a first communication device in the communication channel in which the data traffic is conveyed is arranged to mirror the data traffic to a network device such as a gateway apparatus for monitoring the data traffic because the motivation lies in Kawasaki that the gateway apparatus is used for monitoring communication related to the nodes or devices 8 for efficiently detecting unauthorized access to the devices based on the monitored data. 

Regarding Claim 12, Sammuell discloses the method of claim 11, wherein the at least one predetermined piece of information is at least one value of at least one data field in the at least one data frame, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0004] i.e., For example, if a sender sends a packet containing four payload bytes (i.e., “value”) with a sequence number field & [0095-0096] i.e., user plane data (i.e., “value”) may be considered to be “payload” data (i.e., “predetermined piece of information”),

see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 15, Sammuell discloses the method of claim 14, wherein the acknowledgement generated by the second communication device is filtered out from the data traffic intended to the first communication device, (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 16, Sammuell discloses a network device (see Fig. 9B i.e., 250 & Para [0226]) for controlling a communication of a first communication device (see Fig. 9B i.e., Host 110) to a second communication device (see Fig. 9B i.e., Host 130) over a communication network, (see Fig. 9B i.e., Host 110 communicating with Host 130)

the network device comprising: at least one processor (see Fig. 9B i.e., 250 & Para [0020] i.e., processor); at least one memory (see Fig. 9B i.e., 250 & Para [0020] i.e., memory) including computer program code (see Para’s [0048-0050]); the at least one memory (see Fig. 9B i.e., 250 & Para [0020] i.e., memory)  and the computer program see Para’s [0048-0050]) configured to, with the at least one processor (see Fig. 9B i.e., 250 & Para [0020] i.e., processor), cause the network device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110) to perform: monitor data traffic to the communication network from the first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]). 

generate, in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

an acknowledgment (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926) complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

The acknowledgement is generated to correspond to an acknowledgement expected from the second communication device (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).

and transmit the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110)  for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device residing locally at an end of the first communication device in a local area network. However the claim feature would be rendered obvious in view of MUTOH et al. US (2014/0082180).

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at an end of a first communication device in a local area network (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”) & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

(MUTOH suggests one method of reducing the time desired for transmission when conducting transmission through a WAN involves the use of a WAN acceleration device  (see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at an end of the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside 

While Sammuell discloses the network device (see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node in the same local area network as the network device, the network node residing locally at an end of the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kawasaki et al. US (2018/0183816).

Kawasaki discloses a network device (see Fig. 1 i.e., Gateway Apparatus 10 & Fig. 3 i.e., Monitoring communication unit of Gateway Apparatus 10) is arranged to monitor see Fig. 3 i.e., Monitoring Communication Unit 14) data traffic through a port (see Fig. 1 i.e., Mirror Port 51 of Switch 5) of a network node (see Fig. 1 i.e., Switch 5)  in the same local area network as the network device (see Fig. 1 i.e., Switch 5 connected to gateway apparatus 10), (see Fig. 1 & Para’s [0032] i.e., the switch 5 is connected to an internal network 9, such as a LAN. Further, the switch is connected to the gateway apparatus 10 (i.e., switch 5 (i.e., “network node”) is in the same LAN as the gateway apparatus 10 (i.e., “network device”), [0033] i.e., The switch 5 has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the gateway apparatus 10 is composed, as shown in Fig. 2, of… an internal network interface (IF) 36 for connecting the internal network 9 (i.e., internal network 9 is a LAN (i.e., see Para [0032]), therefore the gateway apparatus 10 (i.e., “network device”) and the switch 5 (i.e., “network node”) are in the same local area network)…Para [0035] i.e., The gateway apparatus 10 includes monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0036] i.e., monitoring communication unit 14 receives and acquires packet data which is input from the monitoring port 361, [0044] i.e., The switch 5 outputs, from the mirror port 51, data transmitted from an internal network 9 side, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110), [0049] i.e., the switch 5 is connected to the internal network 9, and the monitoring port 361 of the gateway apparatus 10 is connected to the mirror port 51 of the switch 5, & [0079])

see Fig. 1 i.e., Switch 5) residing locally at an end of a first communication device (see Fig. 1 i.e., Device 8) in the communication channel (see Fig. 1 i.e., communication channel 9) in which the data traffic is conveyed (see Fig. 1 i.e., Switch 5 residing locally at an end of a first communication device such as device 8 & Para’s [0032-0033] i.e., the devices 8, connected directly or indirectly to the internal network 9 transmit data, [0036], & [0042] i.e., It should be noted that, in addition to the above-described processing performed in the normal operation, the switch 5 outputs, from the mirror port 51, data which are transmitted from the device 8 & [0043-0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9) 

and the port of the network node (see Fig. 1 i.e., Mirror Port 51 of Switch 5) is arranged to mirror the data traffic to the network device (see Fig. 1 i.e., Gateway Apparatus 10), (see Para’s [0033] i.e., The switch 5 in this embodiment has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0042] i.e., the switch 5 output, from the mirror port 51, data which are transmitted from the device 8, [0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110)).

see Para’s [0001], [0009-0010], [0036], & [0044-0046]).  

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of the network node or switch which is in the same local area network as the network device as disclosed in Kawasaki who discloses the port of the network node or switch apparatus which resides locally at an end of a first communication device in the communication channel in which the data traffic is conveyed is arranged to mirror the data traffic to a network device such as a gateway apparatus for monitoring the data traffic because the motivation lies in Kawasaki that the gateway apparatus is used for monitoring communication related to the nodes or devices 8 for efficiently detecting unauthorized access to the devices based on the monitored data. 

Regarding Claim 18, Sammuell discloses the network device of claim 16, wherein the network device is configured to detect an acknowledgement generated by the second communication device in response to a receipt of data traffic from the first communication device from a data traffic intended to the first communication device. (see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 19, Sammuell discloses the network device of claim 18, wherein the network device is configured to filter out the acknowledgement generated by the second communication device from the data traffic intended to the first communication device. (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 20, Sammuell discloses a computer program product (see Para’s [0048-0050]) comprising at least one non-transitory computer-readable storage medium (see Para’s [0048-0050] a non-transitory computer-readable storage medium) having computer-executable program code instructions (see Para’s [0048-0050] i.e., non-transitory computer readable medium that bears computer usable instructions for one or more processors) stored therein that when the computer program product is executed on one or more computing devices, (see Para’s [0048-0050] i.e., a non-transitory computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner to perform the functions described herein), directs the one or more computing devices to:

Monitor data traffic to a communication network from a first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]) by a network device see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110),

Generate, by the network device (see Fig. 9B i.e., 250), in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

an acknowledgment (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926) complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

The acknowledgement is generated to correspond to an acknowledgement expected from the second communication device (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).

and transmit, by the network device (see Fig. 9B i.e., 250), the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110) for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device residing locally at an end of the first communication device in a local area network. 

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at an end of a first communication device in a local area network (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”) & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at an end of the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at the end of the first communication device in a local area network based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at an end of a first communication device such as transmitting node 

While Sammuell discloses the network device (see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node in the same local area network as the network device, the network node residing locally at an end of the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kawasaki et al. US (2018/0183816).

Kawasaki discloses a network device (see Fig. 1 i.e., Gateway Apparatus 10 & Fig. 3 i.e., Monitoring communication unit of Gateway Apparatus 10) is arranged to monitor (see Fig. 3 i.e., Monitoring Communication Unit 14) data traffic through a port (see Fig. 1 i.e., Mirror Port 51 of Switch 5) of a network node (see Fig. 1 i.e., Switch 5)  in the same local area network as the network device (see Fig. 1 i.e., Switch 5 connected to gateway apparatus 10), (see Fig. 1 & Para’s [0032] i.e., the switch 5 is connected to an internal network 9, such as a LAN. Further, the switch is connected to the gateway apparatus 10 (i.e., switch 5 (i.e., “network node”) is in the same LAN as the gateway apparatus 10 (i.e., “network device”), [0033] i.e., The switch 5 has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the gateway apparatus 10 is composed, as shown in Fig. 2, of… an internal network interface (IF) 36 for connecting the internal network 9 (i.e., internal network 9 is a LAN (i.e., see Para [0032]), therefore the gateway apparatus 10 (i.e., “network device”) and the switch 5 (i.e., “network node”) are in the same local area network)…Para [0035] i.e., The gateway apparatus 10 includes monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0036] i.e., monitoring communication unit 14 receives and acquires packet data which is input from the monitoring port 361, [0044] i.e., The switch 5 outputs, from the mirror port 51, data transmitted from an internal network 9 side, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110), [0049] i.e., the switch 5 is connected to the internal network 9, and the monitoring port 361 of the gateway apparatus 10 is connected to the mirror port 51 of the switch 5, & [0079])

the network node (see Fig. 1 i.e., Switch 5) residing locally at an end of a first communication device (see Fig. 1 i.e., Device 8) in the communication channel (see Fig. 1 i.e., communication channel 9) in which the data traffic is conveyed (see Fig. 1 i.e., Switch 5 residing locally at an end of a first communication device such as device 8 & Para’s [0032-0033] i.e., the devices 8, connected directly or indirectly to the internal network 9 transmit data, [0036], & [0042] i.e., It should be noted that, in addition to the above-described processing performed in the normal operation, the switch 5 outputs, from the mirror port 51, data which are transmitted from the device 8 & [0043-0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9) 

and the port of the network node (see Fig. 1 i.e., Mirror Port 51 of Switch 5) is arranged to mirror the data traffic to the network device (see Fig. 1 i.e., Gateway Apparatus 10), (see Para’s [0033] i.e., The switch 5 in this embodiment has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0042] i.e., the switch 5 output, from the mirror port 51, data which are transmitted from the device 8, [0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110)).

(Kawasaki discloses suggests the gateway apparatus 10 is used for monitoring communication related to the nodes or devices 8 for detecting unauthorized access to the devices based on the monitored data, (see Para’s [0001], [0009-0010], [0036], & [0044-0046]).  

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of the network node or switch which is in the same local area network as the network device as disclosed in Kawasaki who discloses the port of the network node or switch apparatus which resides locally at an end of a first communication device in the communication channel in which the data traffic is conveyed is arranged to mirror the data traffic to a network device such as a gateway apparatus for monitoring the data traffic because the motivation lies in Kawasaki that the gateway apparatus is used for monitoring communication related to the nodes or devices 8 for efficiently detecting unauthorized access to the devices based on the monitored data. 

Regarding Claim 21, Sammuell discloses the computer program product of claim 20, wherein the at least one predetermined piece of information is at least one value of at least one data field in the at least one data frame, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0004] i.e., For example, if a sender sends a packet containing four payload bytes (i.e., “value”) with a sequence number field & [0095-0096] i.e., user plane data (i.e., “value”) may be considered to be “payload” data (i.e., “predetermined piece of information”).

see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 24, Sammuell discloses the computer program product of claim 23, wherein the acknowledgement generated by the second communication device is filtered out from the data traffic intended to the first communication device, (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 25, Sammuell discloses the computer program product of claim 20, wherein one or more computer devices comprise the network device residing at an end of the first communication device, (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110).


5.	Claims 13, 17 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Samuell et al. US (2014/0012981) in view of MUTOH et al. US (2014/0082180), and further in view of Kawasaki et al. US (2018/0183816), as s 12, 16, and 21 above, and further in view of Park et al. US (2016/0189124)

Regarding Claims 13 and 22, the combination of Samuell in view of MUTOH, and further in view of Kawasaki discloses the method and computer program product of claims 12 and 21, but does not disclose wherein the local detection is performed by comparing the at least one value of the at least one data field to at least one comparison value and in response to local detection that the at least one value corresponds to the comparison value, the local detection is indicated. However the claim features would be rendered obvious in view of Park et al. US (2016/0189124).

Park discloses wherein the local detection is performed by comparing the at least one value of the at least one data field to at least one comparison value (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field)  of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected (i.e., “detection is indicated”) by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field) of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected (i.e., “detection is indicated”) by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

(Park suggests a received packet from a source is detected by comparing the at least one value of the at least data field of the received packet to at least one comparison value for detecting the packet (see Para’s [0017], [0051], & [0055]).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the packets detected by the network device from the host as disclosed in Samuell in view of MUTOH, and further in view of Kawasaki to detect the packets according to the comparison techniques of Park who discloses detecting a received packet by comparing at least one value of a data field of the received packet to at least one comparison value 

Regarding Claim 17, the combination of Samuell in view of MUTOH, and further in view of Kawasaki discloses the method of claim 16, but does not disclose performing the local detection by comparing at least one value of the at least one data field to at least one comparison value and in response to local detection that the at least one value corresponds to the comparison value to indicate the local detection. However the claim features would be rendered obvious in view of Park et al. US (2016/0189124).

Park discloses performing local detection by comparing at least one value of the at least one data field to at least one comparison value (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field)  of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 
and in response to local detection that the at least one value corresponds to the comparison value to indicate the local detection (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected (i.e., “detection is indicated”) by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field) of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected (i.e., “detection is indicated”) by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

(Park suggests a received packet from a source is detected by comparing the at least one value of the at least data field of the received packet to at least one comparison value for detecting the packet (see Para’s [0017], [0051], & [0055]).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the packets locally detected by the network device from the host as disclosed in Samuell in view of MUTOH, and further in view of Kawasaki to detect the packets according to the comparison techniques of Park who discloses locally detecting a received packet by comparing at least one value of a data field of the received packet to at least one comparison value because the motivation lies in Park for efficiently detecting the packet received from a source based on the comparison. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ADNAN A BAIG whose telephone number is (571)270-7511. The examiner can normally be reached M-F 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Huy Vu can be reached on 571-272-3155. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/ADNAN BAIG/Primary Examiner, Art Unit 2461