Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 16/858,059 is presented for examination by the examiner.

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.


Claim Objections
Claims 11, 12, and 14-19 are objected to because of the following informalities:  
As per claim 14 the term WAF should be explicitly defined the first time so there is no confusion as to scope of the claim.  This term is being interpreted as a web application firewall for purposes of examination.  
As per claims 11 and 12, the phrase “if it is inconsistency” is grammatically incorrect.



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Claim 20 comprises a computer readable medium.  Computer readable medium include signals.  Signals are not a statutory class of invention.  In order to overcome this interpretation, the claim should be amended to only include “non-transitory” computer readable-medium.  There is support for this amendment because the original disclosure does not preclude the non-transitory types of computer readable medium.

 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 2-13 and 16 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 

.    Appropriate correction is required.
As per claim 7, contradicts itself by stating the form request is to be prevented but then states the prevention process is only done if greater than a preset threshold.  What happens to the form request if it is to be prevented but under the threshold?  Does it still get prevented?
As per claim 8 the same issue occurs along with the choice of “if NO’.
The alternative condition of claim 8 is unclear as well.  The claim has seeking, and determining, verifying and alternatively transmitting.  The claim is confusing as to how many of these steps are required and which is any are alternative to another.  The if YES and if NO are not tied definitively to a choice.
As per claim 13, there is a period where a comma should be after the first transmitting stage.  The alternative condition of claim 13 is unclear as well.  The claim has deleting, ‘and’ transmitting, transmitting for a second time and alternatively performing.  The claim is confusing as to how many of these steps are required and which is any are alternative to another.  The presumed two last steps if alternatives to one another need to be distinguished from the required steps but not with the use of a period.
As per claims 3 and 16, reciting after processed by big-data is confusing.  It is unclear what term in the claim is having machine learning applied to.  In any event, machine learning processes big-data.  The big-data does not process something else.  It is the information from which machine learning originates.





Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.






Claims 1, 2, 4-15, 17-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by USP Application Publication 2003/00551142 to Hidalgo et al., hereinafter Hildalgo.

adding the signature information to the form of the target response page and transmitting the target response page to a terminal (0160-10163); 
receiving a target form request corresponding to the target response page transmitted by the terminal and verifying the signature information in a form included in the target form request (0080); and transmitting the target form request to the server if the verification is successful (0080), otherwise performing a prevention process on the target form request (0080). 
As per claim 14, it is rejected for the same reason as claim 1.  Additionally, Hildalgo teaches a WAF (0057 and 0072)
As per claims 2 and 15, Hildalgo teaches receiving the target form request corresponding to the target response page transmitted by the terminal (0090) and obtaining request information of the target form request, wherein the request information at least includes a URL corresponding to the target form request (0095), a parameter format of the preset read-only parameter (0088) and the signature information (0080); determining whether the target form request is a form request to be prevented based on the request information and a form request learning table stored locally (0095 and 0134); and verifying the signature information in the form included in the target form request if YES (0094).
As per claims 4 and 17, Hildalgo teaches inserting the request information in the form request learning table and recording the target form request is in a learning phase 
As per claim 5 and 18, Hildalgo teaches after inserting the request information in the form request learning table, the method further comprising: determining target form requests as form requests to be prevented if the target form requests carrying signature information that transmitted by at least a preset number of different terminals are received within a preset duration [source and destination address must match what is in the signature so the preset number of different terminals is zero; 0165].

As per claims 6 and 19, Hildalgo teaches verifying the signature information in the form included in the target form request comprises: determining whether the signature information in the form included in the target form request is decrypted based on a preset decryption algorithm, whether a decrypted parameter information is consistent with the preset read-only parameter, and whether the request information of the target form request is consistent with the request information of the target form request recorded in the form request learning table (0095).
As per claim 7, Hildalgo teaches  determining a transmission terminal of the target form request if the target form request is a form request to be prevented and the target form request does not carry signature information (0105 and 0135); determining a number of un-signed times of form requests corresponding to the transmission terminal (0105); and performing a prevention process on the target form request if the number of 
As per claim 8, Hildalgo teaches seeking whether a same request information item is available in the form request learning table stored locally (0094), and determining whether the target form is the form request to be prevented; (0094) verifying the signature information in the form included in the target form request if YES (0093); alternatively, transmitting the target form request directly to the server if NO (0094).
As per claim 9, Hildalgo teaches recording form information of a form request that does not need to be prevented, and form information of a form request in a learning phase (0083 and 0084), by the form request learning table; tagging each form information accordingly; and determining whether a current form request is a form request to be prevented based on a corresponding tag when request information item of a certain form request is found in the form request learning table (0108 and 0111).
As per claim 10, Hildalgo teaches decrypting the signature information in the form included in the target form request based on the preset decryption algorithm (0091 and 0165); considering the signature information has been modified if the decryption is not performed normally (0080); and preventing the target form request (0080).
As per claim 11, Hildalgo teaches determining whether a decrypted parameter information is consistent with the preset read-only parameter of a corresponding form if the decryption is performed normally (0080); considering the signature information has been modified if it is inconsistency; and preventing the target form request (0080).

As per claim 13, Hildalgo teaches deleting the signature information in the target form request if the verification is successful (0078); and transmitting the target form request to the server (0080), transmitting the target form request to the server if the verification is successful, alternatively, performing a prevention process on the target form request (0080).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


s 3 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hildalgo in view of USP Application Publication 2014/0067728 to Ogren et al., hereinafter Ogren.
As per claims 3 and 16, Hildalgo teaches the form request learning table records request information of all form requests obtained that need to be prevented (0077).  Hildalgo is silent in explicitly teaching performing this function after being processed by big-data and machine learning.  Ogren teaches performing machine learning on big-data in order to match forms consisting of data strings.  Ogren uses machine learning to help matching forms.  Hildalgo teaches selectively generating signatures of some types of forms between client and server (0077, 0083, and 0088).  Hildalgo can set up exceptions to some type of messages that do not need signature and has the capability to handle situations where the signature content from the client changes in a legitimate way (0108). This is where the machine learning of Ogren can make decisions like this based on big-data analysis.  The result would be better form intelligence and automated decision making to reduce load on administrators while improve the security of the system to prevent hacking of the server.

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431