Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

 
Claims 1, 3, 4, 6-8, 10, 11, 13-15, 17, 18, and 20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Ismailsheriff et al (US Pat. 10,873,533).

As to claim 1, Ismailsheriff discloses a computer-implemented method for process discovery in a computer network based on session traffic (Abstract), the method being executed by one or more processors and comprising: 

receiving session datasets representative of sessions performed during execution of each instance of the process (column, 18, lines 35-52, particularly, “The traffic data generator 406 can generate traffic at various levels of granularity, including frame-level, packet-level, flow-level, stream-level, application-level, and system-level. Frame-level and packet-level generators can create single frames or packets, respectively, having specified characteristics (e.g., protocol, source, destination, size, etc.).”); 
generating a set of session traces, each session trace representing a sequence of sessions performed during an instance of the process within the computer network (column 19, line 54-column 20, line 67 particularly, “The traffic data processor 408 can prepare the traffic data captured by the traffic data collector 404 and traffic data generator 406 for input into downstream components of the machine learning platform 400, such as the training data assembler 410 or the machine learning model generator 412. The traffic data processing tasks can include data cleansing, aggregation, filtration, data type conversion, normalization, discretization, other transformations, and feature extraction, among others...Aggregation can involve constructing units of data at a specified level of granularity from traffic data, such as building packets into segments, segments into application layer protocol messages (e.g., unidirectional flows, requests, or responses), messages into connections (e.g., bidirectional flows or request/response pairs), connections into sessions, and so forth.”); 

providing a process model that generically represents multiple executions of the process within the computer network, the process model comprising a sequence of labels of the two or more clusters corresponding to session traces in the set of session traces (column 22, lines 1-49, particularly, “To generate a training data set for a traffic class-specific congestion signature 426, the traffic data collector 404 can collect or the traffic data generator 406 can create traffic data for a period of time, the traffic data processor 408 can process the traffic data, and the training data assembler 410 can label a portion of the processed traffic data that correspond to the predetermined traffic class and predetermined congestion state…To generate a training data set for a traffic class-specific window size and/or congestion threshold estimator 428, the training data assembler 410 can extract the minimum, maximum, and CV of RTTs sampled during RTT sampling periods for flows corresponding to the predetermined traffic class and predetermined congestion state. The training data assembler 410 can utilize the same set of traffic class-specific flows used to generate a corresponding traffic-class specific congestion signature 426, or the training data assembler may apply the corresponding traffic class-specific congestion signature 426 to second traffic data collected or generated over a second period of time to identify traffic class-specific flows corresponding to the predetermined congestion state.”)
  
As to claims 8 and 15, they are rejected by a similar rationale to that set forth in claims 1’s rejection. 

As to claim 3, 10, and 17, Ismailsheriff discloses generating a set of activity traces based on the set of session traces and labels of the two or more clusters  (column 22, lines 1-30, particularly, “To generate a training data set for a traffic class-specific congestion signature 426, the traffic data collector 404 can collect or the traffic data generator 406 can create traffic data for a period of time, the traffic data processor 408 can process the traffic data, and the training data assembler 410 can label a portion of the processed traffic data that correspond to the predetermined traffic class and predetermined congestion state.”).

As to claim 4, 11, and 18, Ismailsheriff discloses the process model is provided based on a process discovery technique that is executed on the set of activity traces (column, 18, lines 35-52, particularly, “The traffic data generator 406 can generate traffic at various levels of granularity, including frame-level, packet-level, flow-level, stream-level, application-level, and system-level. Frame-level and packet-level generators can create single frames or packets, respectively, having specified characteristics (e.g., protocol, source, destination, size, etc.).”).

As to claim 6, 13, and 20, Ismailsheriff discloses training a machine-learning (ML) model at least partially based on the process model (Abstract).

As to claim 7 and 14, Ismailsheriff discloses the computer network assets comprise information technology (IT) components and operational technology (OT) components, each session being associated with communication between multiple IT components (Fig. 1 and Abstract). 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Ismailsheriff in view of Malik et al (US Pub. No. 2010/0174670), hereafter, “Malik.”

As to claim 2, 9, and 16, Ismailsheriff discloses the parent claim but does not the clustering algorithm comprises a hierarchical clustering algorithm. However, Malik discloses a clustering algorithm comprises a hierarchical clustering algorithm (Abstract). Therefore it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Ismailsheriff and Malik in order to utilize a known and reliable clustering algorithm to ensure an efficient and consistent system.

Allowable Subject Matter
Claims 5, 12, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US Pub. No. 2020/0112487 (Inamdar) – The method involves receiving network traffic  to a first container of a containerized production environment. Transmit the network traffic to a first version of a second container of the containerized production environment and to a traffic analysis engine. Determined one or more traffic patterns included in the network traffic. Generates simulated network traffic corresponding to the one or more traffic patterns and transmitting the simulated network traffic to a second version of the second container.
US Pub. No. 2015/0199207 (Lin) – The method involves receiving network traffic statistics and properties associated with operation of a network that comprises first number of virtual client machines and corresponding virtual server machines. First virtual network comprising second number of virtual client machines and corresponding virtual server machines is established, where the second number is greater than the first number. Performance of the first virtual network is simulated based on the network traffic properties associated with operation of second virtual network.
US Pub. No. 2009/03194248 (White) – A computer network platform includes actual and simulated network components that are configured to simulate an operating network for a defined set of users. A network traffic module generates application traffic including network traffic simulating specific network traffic. A network event module generates network events within simulated network traffic generated by network traffic module. A user interface is configured as network administrator for monitoring 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS J DAILEY whose telephone number is (571)270-1246.  The examiner can normally be reached on 9:30am-6:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Thomas J Dailey/
Primary Examiner, Art Unit 2452