DETAILED ACTION
This office action is in response to the original application filed on July 21, 2020.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claims 1-15 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-4, 6-9 and 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over Cruz Mota (US Pub. No. 2016/0028754) in view of Dakshinamoorthy (US Pub. No. 2018/0375880).

	As per claim 1 Cruz Mota discloses:
A network control device for controlling a network where a plurality of terminals and countermeasure devices are present, the network control device comprising: (paragraph 15 of Cruz Mota, FIG. 1 is a schematic block diagram of an example computer system 100 illustratively comprising one or more server(s)/controller(s) 102 and one or more nodes/devices 104 (e.g., a first through nth node/device) that are interconnected by various methods of communication).
A clustering unit that divides terminals including an incident-detected terminal and the related terminal group into a plurality of zones, on the basis of terminal information; (paragraph 38 of Cruz Mota, cluster process 249, as detailed below, includes computer executable instructions executed by the processor 220 to perform functions regarding the clustering of traffic data for input to attack detection process 248) and (paragraph 51 of Cruz Mota, when attack detectors 404 detect a network attack based on the whole aggregated set of traffic records, attack detection process 248 may initiate further analysis of the set of traffic records using clustering) and (paragraph 42 of Cruz Mota, attack detectors may be configured to flag a traffic data cluster as being attack-related and/or related to a specific type of attack detectors may be configured to flag a traffic data cluster as being attack-related and/or related to a specific type of attack).
The terminal information including information with which an incident-detected terminal is able to be identified and information with which a related terminal group suspected of being related to an incident is able to be identified among the plurality of terminals; (paragraph 42 pf Cruz Mota, once an attack has been detected using aggregated metrics for the entire set of traffic data, the set of traffic data may be clustered into various subsets and provided to one or more other attack detectors that have been specifically trained to analyze the clusters … attack detectors may be configured to flag a traffic data cluster as being attack-related and/or related to a specific type of attack detectors may be configured to flag a traffic data cluster as being attack-related and/or related to a specific type of attack).
A communication control setting unit that sets communication control relating to the terminals and the countermeasure devices for each of the plurality of zones. (Paragraph 16 of Cruz Mota, server(s)/controller(s) 102 provide some form of control over nodes/devices 104 and, more generally, over the operation of network 110. For example, servers/controllers 102 may include, but are not limited to, path computation engines (PCEs), network controllers, network management systems (NMSs), policy engines, reporting mechanisms, or any other form of device or system that provides some degree of global or localized control over other devices in network 110).
Cruz Mota teaches the method of clustering using attack-related and/or related to a specific type of attack information (see Fig. 2 of Cortez) but fails to disclose the method of clustering using an inter-terminal communication history.
However, in the same field of endeavor, Dakshinamoorthy teaches this limitation as, (paragraph 4 of Dakshinamoorthy, an embodiment of this disclosure provides a method for identifying malicious activity. the method includes retrieving historical communication data related to communications between a server and a plurality of clients in a system. The method also includes clustering the historical communication data to group communications of the historical communication data).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Cruz Mota and include the above limitation using the teaching of Dakshinamoorthy in order to identifying malicious/unauthorize activity using historical communication data (see paragraph 4 of Dakshinamoorthy).

Claims 6 and 11 are rejected under the same reason set forth in rejection of claim 1:

As per claim 2 Cruz Mota in view of Dakshinamoorthy discloses:
The network control device according to claim 1, wherein the clustering unit creates a graph with the incident-detected terminal and the terminal group suspected of being related to an incident as nodes. (paragraph 61 of Cruz Mota, as shown in FIG. 5, the overall set of traffic data 502 may be grouped into clusters 504 (e.g., based on their similarities) and each cluster used as input to a cluster-specific attack detector). Also see fig. 5 of Cruz Mota.

Claims 7 and 12 are rejected under the same reason set forth in rejection of claim 2:

As per claim 3 Cruz Mota in view of Dakshinamoorthy discloses:
The network control device according to claim 2, wherein the clustering unit obtains any number of zones each containing one or more of the incident-detected terminals or of the terminals suspected of being related to an incident after dividing the created graph. (Paragraph 42 of Cruz Mota, attack detectors may be configured to flag a traffic data cluster as being attack-related and/or related to a specific type of attack detectors may be configured to flag a traffic data cluster as being attack-related and/or related to a specific type of attack).


Claims 8 and 13 are rejected under the same reason set forth in rejection of claim 3:

As per claim 4 Cruz Mota in view of Dakshinamoorthy discloses:
The network control device according to claim 1, wherein the communication control setting unit applies different settings of the countermeasure device in every zone obtained by the clustering unit. (Paragraph 62 of Cruz Mota, one of controllers/servers 102 (e.g., an NMS, network controller, policy engine, etc.) may act as the CSE. In other implementations, one of nodes/devices 104 may act as the CSE. In general, the CSE is configured to oversee the various cluster processes (e.g., cluster process 249) and cluster detectors (e.g., attack detectors 410) distributed throughout the network).

Claims 9 and 14 are rejected under the same reason set forth in rejection of claim 4:


Claims 5, 10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Cruz Mota (US Pub. No. 2016/0028754) in view of Dakshinamoorthy (US Pub. No. 2018/0375880) and further in view of Li (US Pub. No. 2013/0144973).

As per claim 5 Cruz Mota in view of Dakshinamoorthy discloses:
The network control device according to claim 1, wherein the communication control setting unit sets different settings of the communication path in every zone obtained by the clustering unit to the terminal and countermeasure device. (Paragraph 16 of Cruz Mota, server(s)/controller(s) 102 provide some form of control over nodes/devices 104 and, more generally, over the operation of network 110. For example, servers/controllers 102 may include, but are not limited to, path computation engines (PCEs), network controllers, network management systems (NMSs), policy engines, reporting mechanisms, or any other form of device or system that provides some degree of global or localized control over other devices in network 110).
The combination of Cruz Mota and Dakshinamoorthy teaches the method of setting the communication path using path computation engines (see paragraph 16 of Cruz Motz) but fails to disclose the method of setting a communication range of the network.
However, in the same field of endeavor, Li teaches this limitation as, (paragraph 55 of Li, the network controller itself has a network topology structure and information of a physical distance between network nodes and a relative positional relation therebetween. The network engine can obtain the network information from the network controller. The network engine can calculate a sum of distances from all the possible locations of the sink nodes (i.e., the locations at which the sink nodes can be installed) to all the computing nodes).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Cruz Mota and Dakshinamoorthy to include the above limitation using the teaching of Li in order to enhance the optimization of network transfer in a large-scale computing system (see paragraph 2 of Li).

Claims 10 and 15 are rejected under the same reason set forth in rejection of claim 5: 

Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Muddu (US Pub. No. 2017/0063909). Muddu discloses the methods and systems for employing a variety of techniques and mechanisms to detect security related anomalies and threats in computer network environment.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TESHOME HAILU/Primary Examiner, Art Unit 2434