Notice of Pre-AIA  or AIA  Status

This office action corrects a typographical error in Item 3 on the Form PTOL-37 included in the Notice of Allowance mailed by the Office on 26 January 2022. No other substantial changes are being made to that action.

The present application is being examined under the pre-AIA  first to invent provisions. 

For reissue applications filed before September 16, 2012, all references to 35 U.S.C. 251 and 37 CFR 1.172, 1.175, and 3.73 are to the law and rules in effect on September 15, 2012.  Where specifically designated, these are “pre-AIA ” provisions.  
For reissue applications filed on or after September 16, 2012, all references to 35 U.S.C. 251 and 37 CFR 1.172, 1.175, and 3.73 are to the current provisions.

Applicant is reminded of the continuing obligation under 37 CFR 1.178(b), to timely apprise the Office of any prior or concurrent proceeding in which Patent No. RE48,382 is or was involved. These proceedings would include any trial before the Patent Trial and Appeal Board, interferences, reissues, reexaminations, supplemental examinations, and litigation.
Applicant is further reminded of the continuing obligation under 37 CFR 1.56, to timely apprise the Office of any information which is material to patentability of the claims under consideration in this reissue application.


In response to the previous office action, claims 17, 19, 21, 22, 25, 27, 29, 30, 33, and 34 have been amended and claims 20 and 28 have been cancelled. Claims 17-19, 21-27, and 29-34 are further amended via Examiner’s Amendment for the purpose of bringing the claims in compliance with 37 CFR 1.173, below. Claims 17-19, 21-27, and 29-34 have been examined.

Priority

The instant application is a divisional reissue of U.S. Patent Application No. 15/482,681, now U.S. Patent No. RE48,382 (hereinafter the ‘382 reissue), filed on 7 April 2017. This application and the ‘382 reissue are both reissues of U.S. Patent No. 9,003,509 (hereinafter the ‘509 patent), filed on 10 December 2008. The ‘509 patent was filed as a continuation of U.S. Patent No. 7,472,413 (hereinafter the ‘413 patent), filed on 11 August 2004. A priority claim is made through the ‘413 patent to U.S. Provisional Patent Application No. 60/493,790, filed on 11 August 2003.

Allowable Subject Matter

Claims 17-19, 21-27, and 29-34 are allowed.

The following is an examiner’s statement of reasons for allowance: No art could be found that includes a training mode for training an analogous invention, as recited in claims 17, 25, 33, and 34.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW E HENEGHAN whose telephone number is (571)272-3834.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Fuelling can be reached on (571)270-1367.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/MATTHEW E HENEGHAN/Primary Examiner, Art Unit 3992                                                                                                                                                                                                        



Conferees:
/MINH DIEU NGUYEN/Primary Examiner, Art Unit 3992                                                                                                                                                                                                        

EXAMINER’S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
The application has been amended as follows: 

17. (New) A network device for managing communication over a network, comprising:
a transceiver configured to be capable of intercepting an incoming message from a client device and an outgoing message from a server device, wherein an application resides on the server device; and
one or more processors configured to be capable of performing actions, including:
intercepting a request in an incoming message, from the client device to the application residing on the server device, for content from the application;
automatically generating an application model of the application in part based on a probe of interactions with the application, the probe of interactions being separately generated by the network device without employing the incoming message or a response from the server device to the incoming message to obtain responses to the probes, wherein the probe responses are used to identify at least a list of allowable compliant requests including allowable navigation paths within the application, and wherein the list is based in part on a current state of the client device with the application and the application model;
determining that the request for content is compliant based on a comparison of information in the request with the application model of the application by performing actions, comprising:
examining the request for a protected state token;
unprotecting the protected state token;
extracting a first value from the unprotected state token;
comparing the extracted first value to data in an application state data store, or comparing the request to the list of allowable compliant requests, to indicate that the request is either compliant or non-compliant with the application model; and
forwarding the request for the content to the application based on the request being compliant with the application model;
blocking the request from being forwarded to the application based on the request being non-compliant with the application model;
operating the application in a training mode that records one or more requests for content from the application that are determined to be non-compliant; and
adding the one or more non-compliant requests to the application model.

18. (New) The network device of Claim 17, wherein the protected state token is encrypted and the unprotected state token is unencrypted.

19. (New) The network device of Claim 17, wherein the one or more processors are further configured for blocking the non-compliant request further comprises one of recording the non-compliant request, or discarding the non-compliant-request.

21. (New) The network device of Claim 17, wherein the one or more processors are further configured for blocking the request further comprises responding to the request with an indication that the request was unsuccessful.

22. (New) The network device of Claim 17, wherein the one or more processors are further configured for actions further comprising employing one or more of a pattern or a regular expression to automatically identify each non-compliant request that is to be discarded without being reviewed.

23. (New) The network device of Claim 17, wherein the probe of interactions is automatically performed by one or more software programs.

24. (New) The network device of Claim 17, wherein the application model is employed to control a flow of the navigation paths to one or more defined pages.

25. (New) A system for managing communication over a network, comprising:
a client device that is configured to capable of providing requests and receive responses over the network;
a server device that is configured to be capable of hosting a network based application; and
a security server device that is configured to be capable of performing actions, including:
intercepting a request in an incoming message, from the client device to the application residing on the server device, for content from the application;
automatically generating an application model of the application in part based on a probe of interactions with the application, the probe of interactions being separately generated by the network device without employing the incoming message or a response from the server device to the incoming message to obtain responses to the probes, wherein the probe responses are used to identify at least a list of allowable compliant requests including allowable navigation paths within the application, and wherein the list is based in part on a current state of the client device with the application and the application model;
determining that the request for content is compliant based on a comparison of information in the request with the application model of the application by performing actions, comprising:
examining the request for a protected state token;
unprotecting the protected state token;
extracting a first value from the unprotected state token;
comparing the extracted first value to data in an application state data store, or comparing the request to the list of allowable compliant requests, to indicate that the request is either compliant or non-compliant with the application model; and
forwarding the request for the content to the application based on the request being compliant with the application model;
blocking the request from being forwarded to the application based on the request being non-compliant with the application model;
operating the application in a training mode that records one or more requests for content from the application that are determined to be non-compliant; and
adding the one or more non-compliant requests to the application model.

26. (New) The system of Claim 25, wherein the protected state token is encrypted and the unprotected state token is unencrypted.

27. (New) The system of Claim 25, wherein the one or more processors are further configured for blocking the non-compliant request further comprises one of recording the non-compliant request, or discarding the non-compliant request.

29. (New) The system of Claim 25, wherein the one or more processors are further configured for blocking of the non-compliant request further comprises responding to the request with an indication that the request was unsuccessful.

30. (New) The system of Claim 25, wherein the one or more processors are further configured for actions further comprising employing one or more of a pattern or a regular expression to automatically identify each non-compliant request that is to be discarded without being reviewed.

31. (New) The system of Claim 25, wherein the probe of interactions is automatically performed by one or more software programs.

32. (New) The system of Claim 25, wherein the application model is employed to control a flow of the navigation paths to one or more defined pages.

33. (New) A non-transitory machine readable storage medium that is configured to store instructions and data for managing communication over a network, wherein when the instructions and data are installed on a computer that is enabled to execute the instructions to perform actions, comprising:
intercepting a request in an incoming message, from a client device to an application residing on a server device, for content from the application;
automatically generating an application model of the application in part based on a probe of interactions with the application, the probe of interactions being separately generated by the network device without employing the incoming message or a response from the server device to the incoming message to obtain responses to the probes, wherein the probe responses are used to identify at least a list of allowable compliant requests including allowable navigation paths within the application, and wherein the list is based in part on a current state of the client device with the application and the application model;
determining that the request for content is compliant based on a comparison of information in the request with the application model of the application by performing actions, comprising:
examining the request for a protected state token;
unprotecting the protected state token;
extracting a first value from the unprotected state token;
comparing the extracted first value to data in an application state data store, or comparing the request to the list of allowable compliant requests, to indicate that the request is either compliant or non-compliant with the application model; and
forwarding the request for the content to the application based on the request being compliant with the application model;
blocking the request from being forwarded to the application based on the request
being non-compliant with the application model;
operating the application in a training mode that records one or more requests for content from the application that are determined to be non-compliant; and
adding the one or more non-compliant requests to the application model.

34. (New) A method for managing communication over a network, wherein a computer that is configured to enable execution of the method, performs actions, comprising:
intercepting a request in an incoming message, from a client device to an application residing on a server device, for content from the application;
automatically generating an application model of the application in part based on a probe of interactions with the application, the probe of interactions being separately generated by the network device without employing the incoming message or a response from the server device to the incoming message to obtain responses to the probes, wherein the probe responses are used to identify at least a list of allowable compliant requests including allowable navigation paths within the application, and wherein the list is based in part on a current state of the client device with the application and the application model;
determining that the request for content is compliant based on a comparison of information in the request with the application model of the application by performing actions, comprising:
examining the request for a protected state token;
unprotecting the protected state token;
extracting a first value from the unprotected state token;
comparing the extracted first value to data in an application state data store, or comparing the request to the list of allowable compliant requests, to indicate that the request is either compliant or non-compliant with the application model; and
forwarding the request for the content to the application based on the request being
compliant with the application model;
blocking the request from being forwarded to the application based on the request being non-compliant with the application model;
operating the application in a training mode that records one or more requests for content from the application that are determined to be non-compliant; and
adding the one or more non-compliant requests to the application model.

/M.E.H/Primary Examiner, Art Unit 3992