DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Preliminary Amendment filed 21 September 2020 has been received and considered.
Claims 1-4, 6, 12-16, 19, 20, 23, 24, and 27-33 are pending.
This Action is Non-Final.

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 20 March 2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “controller module”, “input”, “preprocessing module”, “detection module”, “mitigation module”, “conditioning module” in claims 1 and 3 (and the remaining claims based on their dependencies).
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 6, 12-16, 19, 20, 23, 24, and 27-33 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
The term “substantially” in claim 1 is a relative term which renders the claim indefinite. The term “substantially” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. It is unclear how isolated (or separated) the features from the traffic must be to be considered “substantially isolate”. Different systems and different models will have different needs for how precise the isolation must be and therefore it is unclear what amount must be isolated and therefore the claims’ metes and bounds are unclear.
With respect to claim 2, based on the above interpretation of claim 1 invoking 35 USC 112(f), it is unclear the metes and bounds of this claim.  More specifically, because claim 1 invokes 35 USC 112(f) the system of claim 1 includes at least one structural element (i.e. hardware) and since claim 2 recites the system is implemented in “at least one of hardware and software” it is unclear whether claim 2 requires additional hardware, software in addition to the hardware of claim 1, both additional hardware and additional software, or software alone.  If this claim is intended to cover software alone, it would raise additional issues related to proper dependencies.  For the purposes of examination this claim is considered to require the system to be implemented in a combination of hardware and software.
The remaining claims are rejected by virtue of their dependencies.

Claim Interpretation - 35 USC § 101
As noted above, because claim 1 invokes 35 USC 112(f) the system of claim 1 includes at least one structural element (i.e. hardware).  If this is not the intention and the various modules are considered software alone, the claims would fail to fall into one of the statutory categories of invention because they would be directed to software per se.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 6, 12-16, 19, 20, 23, 24, and 28-30 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Ahmed et al. (US 20190297096).
As per claims 1 and 2, Ahmed et al. discloses a system implemented in hardware and software for analyzing traffic passing through an exposed computer device comprising: a controller module for controlling operation of the system (see paragraphs [0126]-[0129]); 
an input for receiving the traffic and an output for sending data to the exposed computer device (see paragraphs [0058] and [0076]-[0077] receiving the packet traffic data); 
a preprocessing module configured to filter the preprocessed traffic so as to substantially isolate from the traffic features carrying data representative of a cyberattack; a perception module configured to extract the data from the features (see paragraphs [0058] and [0077] where the packet data is passed through the preprocessor to filter, organize and curate the data and the curated data and additional information is extracted from the features to be sent for further analysis); 
a detection module configured to process the extracted data using a machine learning algorithm arranged to detect characteristics indicative of the cyberattack and to produce a prescribed output signal when the cyberattack has been detected (see paragraphs [0059] and [0077] threat detection/inference engine uses machine learning to detect an attack); and 
a mitigation module configured to generate a responsive action to the cyberattack in response to the prescribed output signal of the detection module (see paragraphs [0059]-[0060] and [0078] where a response to the attack takes place).
As per claim 3, Ahmed et al. discloses conditioning module intermediate the preprocessing module and the perception module such that the isolated features pass through the conditioning module so as to be conditioned prior to being received by the perception module (see paragraph [0058]).
As per claim 4, Ahmed et al. discloses a storage module configured to store the extracted data in a manner available for use outside of the system (see paragraphs [0058] and [0076] the logging).
As per claim 6, Ahmed et al. discloses the controller module is configured for bidirectional communication with each other module (see paragraphs [0126]-[0129]).
As per claims 12-14, Ahmed et al. discloses the preprocessing modules and the mitigation modules are configured for bidirectional communication to each other and to the exposed computer device (see paragraphs [0058]-[0060] and [0077]-[0078] where each of the modules communication with each other or via another module to the other modules).
As per claim 15, Ahmed et al. discloses each of the controller module, the preprocessing module, the perception module, the detection module, and the mitigation module is located in a common computing environment (see paragraph [0057] where each module is part of the platform).
As per claim 16, Ahmed et al. discloses one of the controller module, the preprocessing module, the perception module, the detection module, and the mitigation module and another one thereof are located in different computing environments (see Fig. 5).
As per claims 19, 20, 23, and 24, Ahmed et al. discloses the various modules are located in common geographical locations, common network environments, different geographic locations and/or different network environments (see paragraphs [0002], [0092], and Fig. 5).
As per claim 28, Ahmed et al. discloses there is formed a feedback loop between one of the controller module, the preprocessing module, the perception module, the detection module, and the mitigation module and another one thereof (see paragraph [0028]).
As per claim 29, Ahmed et al. discloses the preprocessing module defines the input of the system (see paragraphs [0058] and [0077]).
As per claim 30, Ahmed et al. discloses the mitigation module defines the output of the system (see paragraphs [0059]-[0060] and [0077]-[0078]).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Ahmed et al. as applied to claim 1 above, in view of El-Alfy et al. (US 20180083903).
As per claim 27, Ahmed et al. fails to explicitly disclose the use of tokens to carry information between the modules.
However, El-Alfy et al. teaches the tokenization of information communicated between modules (see paragraph [0032] and Fig. 1).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to use tokens to carry the information of Ahmed et al.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow for reduced data being transmitted.
Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over Ahmed et al. as applied to claim 1 above, in view of Rodriguez et al. (US 20190028506).
As per claim 31, Ahmed et al. fails to explicitly disclose the application of zero-crossing rate to form the extracted data.
However, Rodriguez et al. teaches applying the zero-crossing rate to form extracted data (see paragraph [0048]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to substitute the zero-crossing rate in place of the filtering of Ahmed et al. to obtain the extracted data with the predictable result of data extraction based on a known extraction method.
Claims 32 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Ahmed et al. as applied to claim 1 above, in view of Trinkel et al. (DE 102015002367 A1).
As per claims 32 and 33, Ahmed et al. discloses the use of machine learning, but fails to explicitly disclose the use of Hebbian learning and adaptive resonance theory (ART).
However, Trinkel et al. teaches use of Hebbian learning and adaptive resonance theory as part of a network protection system (see translated page 70 which corresponds to paragraph [0399] of the original document).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to substitute the Hebbian or ART learning  in place of the learning models of Ahmed et al. to determine attacks with the predictable result of classifying based on known machine learning methods.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are directed to machine learning to detect attacks.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571) 270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Michael Pyzocha/               Primary Examiner, Art Unit 2419