DETAILED ACTION
This Notice of Allowance is in response to applicants’ Request for Continued Examination filed on 01/03/2022 with an information disclosure statement.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114.  Applicants’ submission filed on 01/03/2022 has been entered.
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office actions.
The prior office actions are incorporated herein by reference.  In particular, the observations with respect to claim language, and response to previously presented arguments.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/03/2022 has been placed in the application file, and the information referred therein has been considered as to the merits.

Allowable Subject Matter
Claims 1-3, 6-15, and 18-23 are allowed.
Examiner’s Statement for Reasons of Allowance
The following is an examiner’s statement of reasons for allowance:
In interpreting the claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
After review of the information disclosed by applicants’ IDS filed on 01/03/2022, the cited prior art references and publications do not teach at least the following independent claim features below which recite novel subject matter not disclosed by the prior art.
[Claim 1] “a feedback analysis system that in operation receives the first logs and the second logs, and based on processing thereof produces at least one adjustment to at least one of the first configuration and the second configuration, said at least one adjustment comprising… an indication of network traffic to whitelist at the first network device, where said network traffic was previously routed to the second network device for inspection… wherein said at least one adjustment is based on at least one of the following: (a) a determination by the feedback analysis system that inspected network traffic is associated with an incidence of errors that exceeds a threshold and therefore is deemed incompatible with inspection, and (b) a determination by the feedback analysis system that inspected network traffic is associated with an incidence of sensitive data that exceeds a threshold, and therefore the inspected network traffic is deemed sensitive network traffic”;
[Claim 13] “receiving the first logs and the second logs, and based on processing thereof producing at least one adjustment to at least one of the first configuration and the second configuration, said at least one adjustment comprising: b) an indication of network traffic to whitelist, where said network traffic was previously routed to the network device for inspection… wherein said at least one adjustment is based on at least one of: (a) a determination that inspected network traffic is associated with an incidence of errors that exceeds a threshold and therefore is deemed incompatible with inspection, and (b) a determination that inspected network traffic is associated with an incidence of sensitive data that exceeds a threshold, and therefore the inspected network traffic is deemed sensitive network traffic”.
The prior art of record cited consisted of the following references.
Afek et al. (US 20020083175 A1) disclosed protecting against and/or responding to an overload condition at a node ("victim") in a distributed network divert traffic otherwise destined for the victim to one or more other nodes, which can filter the diverted traffic, passing a portion of it to the victim, and/or effect processing of one or more of the diverted packets on behalf of the victim. Diversion can be performed by one or more nodes (collectively, a "first set" of nodes) external to the victim. Filtering and/or effecting traffic processing can be performed by one or more nodes (collectively, a "second set" of nodes) also external to the victim. Those first and second sets can have zero, one or more nodes in common--or, put another way, they may wholly, partially or not overlap. The methods and apparatus have application in protecting nodes in a distributed network, such as the Internet, against distributed denial of service (DDoS) attacks.
Neves et al. (US 20060276209 A1) disclosed providing location-independent packet routing and secure access in a wireless networking environment (such as that encountered within a building), enabling client devices to travel seamlessly within the environment. Each client device uses a constant address. An address translation process that is transparent to the client and server is automatically performed as the device roams through the environment, enabling efficient client migration from one supporting access point to another. The secure access techniques provide user-centric authentication and allow policy-driven packet filtering, while taking advantage of encryption capabilities that are built in to the hardware at each endpoint.
Neystadt et al. (US 20080244748 A1)) disclosed an enterprise network environment comprising a plurality of security products called endpoints are detected in an automated manner by an arrangement in which a reputation service provides updates to identify resources including website URIs (Universal Resource Identifiers) and IP addresses (collectively "resources") whose reputations have changed and represent potential threats or adversaries to the enterprise network. Responsively to the updates, a malware analyzer, which can be configured as a standalone endpoint, or incorporated into an endpoint having anti-virus/malware detection capability, or incorporated into the reputation service, will analyze logs maintained by another endpoint (typically a firewall, router, proxy server, or gateway) to identify, in a retroactive manner over some predetermined time window, those client computers in the environment that had any past communications with a resource that is newly categorized by the reputation service as malicious.
Pope et al. (US 20140304803 A1) disclosed intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.
Di Pietro et al. (US 20170099310 A1) disclosed a device in a network that captures a first set of packets based on first packet capture criterion. The captured first set of packets is provided for deep packet inspection and anomaly detection. The device receives a second packet capture criterion that differs from the first packet capture criterion. The device captures a second set of packets based on the second packet capture criterion. The device provides the captured second set of packets for deep packet inspection and anomaly detection. The anomaly detection of the captured first and second sets of packets is performed by a machine learning-based anomaly detector configured to generate anomaly detection results based in part on one or more traffic metrics gathered from the network and based further in part on deep packet inspection results of packets captured in the network.
However, the prior art of record, taken by itself or in any combination, do not anticipate or make obvious the invention of the present application and in particular the claim features listed above.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

01.31.2022