DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
The rejection of claims 11-25 under 35 U.S.C. § 112 have been withdrawn in view of the claim amendment.

Applicant's arguments filed April 25 2022 have been fully considered but they are not persuasive. In regards to the applicants arguments regarding the rejection of claims 11-25 under 35 U.S.C. § 103 over the combination of Samuell (Of Record) in view of Mutoh (Of Record), and further in view of Kawasaki (Of Record), the examiner respectfully disagrees. 

More specifically the applicant argues on (Pg. 10 of the remarks), that Samuell, Mutoh and Kawasaki do not describe, teach, or suggest a network device residing locally at the first end with the first communication device. However the examiner respectfully disagrees as Mutoh discloses the claim feature. For example in light of the applicants disclosure the claim feature in claim 11 of “a network device residing locally at a first end with the first communication device” is described in the applicants specification of the US PG PUB (2020/0145517) in Para’s [0011], [0029], [0037], [0041] & [0049] and Fig. 2. 
For example, Para [0011] of the applicants disclosure discloses “monitoring, by a network device residing at an end of the first communication device”. Such network device is illustrated as network device 210 which resides at the end of the first communication device 120 (see Fig. 2). Therefore referring to the teachings of Mutoh, Mutoh discloses a network device (i.e., see Fig. 1, proxy P1A) residing at an end of a first communication device such as transmitting node P2. This is because P1A is a proxy which resides at the end of the transmitting node 2 for relaying traffic to a destination receiving node P3 (Mutoh, see Fig. 2 & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN, and operates as a proxy for devices inside the internal network & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 belongs). Therefore the WAN acceleration device P1A resides at the end of the transmitting node 2 which is similar to the network device 210 residing at the end of the first communication device 120 as in Fig. 2 of the applicants disclosure. Therefore Mutoh discloses “a network device residing locally at a first end with the first communication device” as in claim 11. 

Referring back to the applicants disclosure in Para [0029], Para [0029] discloses i.e., “the network device 210 may be configured to operate at the server 120 end for controlling the communication so that latency in the communication channel may be decreased between the client device 210 and the server 120”. Therefore the network device 210 resides at the server end 120 (emphasis added) and not the client end 110 according to the example of Fig. 2. The teachings of Mutoh discloses that the WAN acceleration device P1A is configured to operate at the transmitting node P2 end and not the receiving node P3 end.

Referring to Para [0037] of the applicants disclosure, Para [0037] discloses “a network device 210 is arranged at the server 120 end for performing at least some operations relating to TCP procedure. However, the similar arrangement may be implemented at the client end 110, wherein the network device 210 may perform the corresponding operation towards at least one client device 110 and in that manner accelerate the communication over the TCP”. Therefore Para [0037] of the applicants disclosure discloses that the network device may be arranged at either the server 120 end or the client end 110 for accelerating the communication. Mutoh teaches that the WAN acceleration device P1A is arranged at the transmitting node P2 end and not the receiving node P3 end for accelerating the communication (Mutoh, see Fig. 1 & Para’s [0004-0006] i.e., the WAN acceleration device P1A transmits pseudo ACK packet to the transmitting node P2 (OP112)). Therefore the WAN acceleration device P1A is arranged at the transmitting node P2 end which is similar to the network device 210 residing at the end of the first communication device 120 as in Fig. 2 of the applicants disclosure. Therefore Mutoh discloses “a network device residing locally at a first end with the first communication device” as in claim 11. 

Referring back to the applicants argument on (Pg.’s 10-11 of the remarks), the applicant argues that the teachings of Samuell does not disclose “monitoring, by a network device residing locally at a first end with the first communication device” and further argues that Samuell does not disclose all of the claim features in claim 11, as amended (see Pg.’s 10-11 of the remarks). However the rejection of claim 11 is an obviousness rejection under 35 U.S.C. 103, and therefore the applicant is arguing the single reference of Samuell for not disclosing the claim features of claim 11. 

In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

The applicant then makes the argument on (Pg. 11 of the remarks), that the claimed device is not an in-line device. The applicant then states the office action alleges that the network device 210 is an in-line device, which the examiner agrees and explains why the network device 210 is an in-line device in light of the applicants disclosure. The applicant then states the applicant disagrees with this characterization (i.e., see Pg. 11 of remarks) without any explanation why the network device isn’t an in-line device. However regardless of whether the network device 210 is an in-line device or not, the claim does not claim the network device as an in-line device nor does claim 11 require an in-line device. Rather claim 11 requires a network device residing locally at a first end with a first communication device to monitor data traffic to the communication network from the first communication device. The teachings of both Samuell and Mutoh discloses a network device for monitoring data traffic from a first communication device (Samuell, see Fig 9B i.e., slow path module 250 & Para [0224] & Mutoh, see Fig. 1 i.e., P1A & Para’s [0005-0006]).    

The applicant explains on (Pg. 11 of the remarks) that the problem to be solved is the latency in the communication in such a connection, especially in situations in which the communicating parties reside distantly. The applicant then explains that Fig. 2 of the applicants application illustrates an example of the device of the instant application implemented to control the communication so that latency in the communication channel may be decreased between the client device 110 and the server 10 (see Pg.’s 11-12 of the remarks). The teachings of both Samuell and Mutoh teach the same concept of a network device configured to control the communication so that latency in the communication channel may be decreased between a source and a destination of data transmission based on generating a local ack which is the same concept of Fig. 2 of the applicants disclosure which generates a local ACK 220 from network device 210 to server 120 (see Fig. 2 of applicants disclosure i.e., ACK 220). For example Samuell discloses a network device which generates a local ack for data received from host 110 which controls the communication so that latency in the communication channel may be decreased between the host 110 and the host 130 (Samuell, see Fig. 9B & Para’s  [0227-0228]). This is because the local ack 922, 924, and 926 generated by the slow path module 250 to the host 110 (Samuell, see Fig. 9B & Para [0228]) will accelerate the communication and therefore decrease latency which would have occurred from receiving the acknowledgements from the host 130 which is farther from host 110.

The teachings of Mutoh also discloses the claimed concept of a network device configured to control the communication so that latency in the communication channel may be decreased between a source and a destination of data transmission based on generating a local ack (Mutoh, see Fig. 1 & Para’s [0004-0006]). 

The applicant states on Pg. 12 of the remarks that claim 11 has been amended to clarify that the network device resides locally at a first end with the first communication device, not in the communication network. In this manner, it is possible to perform the acknowledgement locally in the transmitting end (i.e., local end), not the receiving end (i.e., far end). However Mutoh discloses such claim feature of performing an acknowledgement locally in the transmitting end (Mutoh, see Fig. 1 i.e., P1A resides locally at transmitting node P2 end and transmits a local acknowledgement i.e., pseudo ACK to the transmitting node P2 & Para’s [0004] & [0006]). The WAN acceleration device P1A is not in the WAN communication network but rather the located at a border between the WAN and the internal network which the transmitting node P2 belongs (Mutoh, see Fig. 1 & Para’s [0004-0006]).  

The applicant further argues on Pg. 12 of the remarks, that on the contrary Samuell discloses a network device 122 that resides in the communication network, and not residing locally at the first end with the first communication device. The examiner agrees that the network device 122 of Samuell does not reside locally at the first end with the first communication device 110. However the network device 122 which includes the slow path module performs the claim features in claim 11 of monitoring the data traffic from the host device 110 to the communication network, and generating and transmitting an acknowledgement to the first communication device which is similar to local ack 220 in Fig. 2 of applicants disclosure (Samuell, see Fig. 9B & Para [0228]). 

While Samuell does not disclose that the network device resides locally at the first end with the first communication device, the claim feature would be rendered obvious in view of the teachings of Mutoh who discloses a network device resides locally at a first end with a first communication device for generating a local acknowledgement (Mutoh, see Fig. 1 i.e., P1A resides locally at transmitting node P2 end and transmits a local acknowledgement i.e., pseudo ACK to the transmitting node P2 & Para’ [0004-0006]). 

Therefore it would be obvious to one of ordinary skill in the art for the network device disclosed in Samuell to be implemented to reside locally at the first end with the first communication device 110 based on the teachings of Mutoh who discloses who discloses a network device resides locally at a first end with a first communication device for generating a local acknowledgement because the motivation lies in Mutoh for speeding the acceleration of the communication based on the network device which resides locally at a first end with the first communication device by generating a local acknowledgement to the first communication device. 

Therefore the combined teachings of the references discloses the claim feature in claim 11 of the “network device resides locally at a first end with the first communication device”.
In regards to the applicants argument on (Pg. 13 of the remarks), the applicant argues that the slow-path module of Samuell generates two new connections which are managed separately i.e.,, operates as an in-line device. However the slow path module of Samuell is still a network device that monitors traffic from the host 110 to the communication network and generates a local acknowledgement to the host 110 as claimed in claim 11. 

The applicant argues that the slow-path module in Samuell generates acknowledgements both to the first communication device and the second communication device, where the network device of claim 11 performs only against the communication device that resides locally with the network device. However the examiner respectfully disagrees as claim 11 requires the network device to monitor data traffic to the communication network from the first communication device which is performed by the slow-path module in Fig. 9B of Samuell and to transmit an acknowledgement to the first communication device which is also disclosed in Samuell, (see Fig. 9B & Para’s [0224] & [0228]). That is, claim 11 does not claim the network device performs only against the communication device that resides locally with the network device. Furthermore, the embodiment of Fig. 9B illustrates that the slow-path module generates local acknowledgements 922, 924, and 926 to the host 110 only (Samuell, see Fig. 9B & Para’s [0224] & [0227-0228]). That is the host 130 in the embodiment of Fig. 9B of Samuell does not transmit any data to the slow-path module 250 in which a local acknowledgment is generated. Such procedure is only performed for the first communication device host 110 (Samuell, see Fig. 9B & Para’s [0224] & [0227-0228]). 

The applicant further argues that only this kind of approach may generate the advantage of the claimed device, i.e., the reduction of latency since the acknowledgement is rapidly received by the first communication device (i.e., see Pg. 13 of the remarks). However both of the teachings of Samuell and Mutoh discloses the acknowledgement is rapidly received by the first communication device for reduction of latency (Samuell, see Fig. 9B i.e., local Ack 922, 924, & 926 & Para [0228] & Mutoh, see Fig. 1 i.e., pseudo ACK OP112 & Para [0006]). The acknowledgement is rapidly received by the first communication from the network device in the teachings of Samuell and Mutoh instead of the acknowledgement being received from a far end destination device. 

The applicant further argues that the slow-path module in Fig. 9B of Samuell and in the corresponding description, that there is no way, when following the TCP protocol, that the slow-path module would generate acknowledgements corresponding to ones expected from the second communication device as already defined in the independent claim (i.e., Pg.’s 13-14 of remarks). However the examiner respectfully disagrees as Samuell discloses that the local acknowledgements generated by the slow-path module to the first communication device 110 acknowledges receipt of packets 922, 924, and 926 (i.e., see Fig. 9B i.e., local Ack 922, 924, & 926 & Para [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926). The same acknowledgements generated expected from the second communication device i.e., host 130 of Samuell would also confirm or acknowledge receipt of the data packets 922, 924, and 926 and therefore the local acknowledgements 922, 924, and 926 does correspond to acknowledgements expected from the second communication device since both acknowledgements will confirm or acknowledge receipt of the data. In fact Samuell discloses that the acknowledgement 932, 934, and 936 from the second communication device host 130 will not be forwarded to host device 110 (see Para [0227] i.e., The ACK packets are received by slow-path module 520 and not forwarded to host device 110). This is similar to applicants disclosure in Fig. 2 where the same acknowledgement expected from the communication device is not forwarded to the first communication device by the network device 210 (see applicants disclosure Fig. 2 i.e., dashed ACK from second communication device 110 is not forwarded to server 120 & Para [0032]). Therefore the slow path module of Samuell does generate acknowledgements corresponding to ones expected from the second communication device. 

The applicant further argues that Samuell does not disclose or suggest that the slow-path module would generate an acknowledgement indicative on that the recipient (host 130) would have received the data packet sent from the sender (host 110). However claim 11 claims that the acknowledgement is generated to correspond to an acknowledgement expected from the second communication device. As previously explained the acknowledgement is generated to correspond to an acknowledgement expected from the second communication device in the teachings of Samuell since both ACKs confirm receipt of the data (Samuell, see Para [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926). In regards to the claim feature in claim 11 of “the generated acknowledgement to the first communication device for indicating a delivery of the data traffic to the second communication device”. Such statement of “for indicating a delivery of the data traffic to the second communication device” is a statement of intended use and therefore does not further limit the claim feature of transmitting by the network device, the generated acknowledgement to the first communication device for indicating delivery of the data traffic to the second communication device as claimed in claim 11. 

In regards to the applicants argument on Pg. 15 of the remarks, the applicant argues that Mutoh discloses a pair of WAN acceleration devices P1A and P1B located at a border between a WAN and a respective internal network. The examiner agrees. The teachings of Mutoh is used in the rejection for teaching the claim feature of a network device residing locally at a first end with a first communication device for monitoring data traffic from the first communication device to the communication as required in claim 11. As previously explained Mutoh teaches such claimed feature (Mutoh, see Fig. 1 & Para’s [0004-0006]). The applicant argues that the WAN acceleration device resides in the border between WAN and an internal network, which is not the same as a device that resides locally at the end of the first communication device. However the examiner respectfully disagrees. While the WAN acceleration device is located at a border between a WAN and an internal network (i.e., Mutoh, Para [0004]), this does not mean that the WAN acceleration device P1A does not reside locally at the end of the first communication device. Mutoh discloses in Para [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 belongs. That is the WAN acceleration device P1A resides locally at the transmitting node P2 end and not the receiving node P3 end (Mutoh, see Fig. 1 i.e., P1A resides locally at transmitting node P2 end and transmits a local acknowledgement i.e., pseudo ACK to the transmitting node P2 & Para’ [0004-0006]). 

The applicant further argues that the operation is based on a transfer of data between cache memories which is not possible to replace, or  implement, with a parallel solution in the same manner as the device of the instant application. However the examiner respectfully disagrees as amended claim 11 claims the claim feature of a network device residing locally at a first end with a first communication device for monitoring data traffic from the first communication device to the communication and generating an acknowledgement to the first communication device which is disclosed in Mutoh in Fig. 1 & Para’s [0004-0006]. Therefore the combination of Samuell and Mutoh does disclose at least a network device residing locally at a first end with a first communication device for the reasons explained above.

In regards to the applicants argument regarding the claim feature in claim 11 of the network device is arranged to monitor the data traffic through a port of a network node in the same local area network as the network device, the network node residing locally at an end of the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device and the teachings of Kawasaki (Of Record), the examiner respectfully disagrees as the teachings of Kawasaki in the previous action discloses the claim features. 

The applicant argues on Pg. 17 that one of ordinary skill in the art would not combine the teachings of Kawasaki with Samuell and Mutoh. More specifically the applicant argues that data output from the mirror port in Kawasaki is used for detecting an anomaly occurring in the device i.e., an unauthorized access to the device (i.e., Kawasaki, Para’s [0042], [0044], & [0079])

In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Kawasaki suggests that the data output from the mirror port of the switch 5 to the monitoring port 361 of the network device or gateway apparatus 10 is used for efficiently monitoring  data traffic via the switch 5 from a recognized or authorized communication device in which data is expected to be received. Kawasaki further suggests in (Para [0033]), that the switch 5 has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port 5 to the monitoring port 361 for efficiently monitoring the entire traffic (Kawasaki, see Para [0033]).

Therefore it would be obvious to one of ordinary skill in the art for the network devices which monitor communication traffic from a first communication device as disclosed in Samuell in view of Mutoh to monitor the data traffic through the mirror port of the network node or switch as disclosed in Kawasaki who discloses the port of the network node or switch apparatus residing locally at a first end with a first communication device in the communication channel in which the data traffic is conveyed and is arranged to mirror the data traffic to a network device such as a gateway apparatus because the motivation lies in Kawasaki that the gateway apparatus is used for efficiently monitoring the entire data traffic received from the nodes or devices 8 to determine whether the data that is expected to be received is from an authorized device.

The network device which monitors traffic from the first communication device as disclosed in Samuell in view of Mutoh may implement the mirror port of the switch 5 which outputs the data to a network device such as the gateway 10 which monitors the traffic between the claimed network device and the first communication device in the communication channel for purposes of efficiently monitoring the entire data traffic.

For the reasons explained the combination of Samuell in view of Mutoh, and further in view of Kawasaki discloses the claim features in amended claim 11. Independent claims 16 and 20 which recites similar features to claim 11 are also rejected over the combined references for the same reasons as independent claim 11. The dependent claims remain rejected over the prior art (Of Record) based at least on their dependence to the independent claims 11, 16, and 20.   
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 11-12, 14-16, 18-21, and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Samuell et al. US (2014/0012981) in view of MUTOH et al. US (2014/0082180), and further in view of Kawasaki et al. US (2018/0183816). 

Regarding Claim 11, Sammuell discloses a method for controlling a communication of a first communication device (see Fig. 9B i.e., Host 110) to a second communication device (see Fig. 9B i.e., Host 130) over a communication network (see Fig. 9B i.e., Host 110 communicating with Host 130) with a network device configured to transmit acknowledgements to the first communication device (see Fig. 9B i.e., slow-path module & Para [0228]), the method comprises: monitoring, by the network device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module”), data traffic to the communication network from the first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]). 

in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

generating by the network device (see Fig. 9B i.e., 250) an acknowledgment to the first communication device (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926) the acknowledgement complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

The acknowledgement is generated to correspond to an acknowledgement expected from the second communication device (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).

and transmitting, by the network device (see Fig. 9B i.e., 250) the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110) for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device residing locally at a first end with the first communication device. However the claim feature would be rendered obvious in view of MUTOH et al. US (2014/0082180).

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at a first end with the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at transmitting node P2 end (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”) & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

(MUTOH suggests one method of reducing the time desired for transmission when conducting transmission through a WAN involves the use of a WAN acceleration device  (see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at a first end with the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at a first end with the first communication device based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at a first end with a first communication device such as transmitting node P2 because the motivation lies in MUTOH for reducing the time desired for transmission when conducting transmission through a WAN by using the WAN acceleration device P1A which transmits a pseudo ACK packet to the transmitting node P2 which shortens the transmission time.   

While Sammuell discloses the network device (see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node, the network node residing locally at the first end with the first communication device in a communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kawasaki et al. US (2018/0183816).

Kawasaki discloses a network device (see Fig. 1 i.e., Gateway Apparatus 10 & Fig. 3 i.e., Monitoring communication unit of Gateway Apparatus 10) is arranged to monitor (see Fig. 3 i.e., Monitoring Communication Unit 14) data traffic through a port (see Fig. 1 i.e., Mirror Port 51 of Switch 5) of a network node (see Fig. 1 i.e., Switch 5)  (see Fig. 1 i.e., Switch 5 connected to gateway apparatus 10), (see Fig. 1 & Para’s [0032] i.e., the switch 5 is connected to an internal network 9, such as a LAN. Further, the switch is connected to the gateway apparatus 10 (i.e., switch 5 (i.e., “network node”) is in the same LAN as the gateway apparatus 10 (i.e., “network device”), [0033] i.e., The switch 5 has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the gateway apparatus 10 is composed, as shown in Fig. 2, of… an internal network interface (IF) 36 for connecting the internal network 9 (i.e., internal network 9 is a LAN (i.e., see Para [0032]), therefore the gateway apparatus 10 (i.e., “network device”) and the switch 5 (i.e., “network node”) are in the same local area network)…Para [0035] i.e., The gateway apparatus 10 includes monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0036] i.e., monitoring communication unit 14 receives and acquires packet data which is input from the monitoring port 361, [0044] i.e., The switch 5 outputs, from the mirror port 51, data transmitted from an internal network 9 side, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110), [0049] i.e., the switch 5 is connected to the internal network 9, and the monitoring port 361 of the gateway apparatus 10 is connected to the mirror port 51 of the switch 5, & [0079])

the network node (see Fig. 1 i.e., Switch 5) residing locally at the first end with the first communication device (see Fig. 1 i.e., Device 8) in a communication channel (see Fig. 1 i.e., communication channel 9) in which the data traffic is conveyed (see Fig. 1 i.e., Switch 5 residing locally at an end of a first communication device such as device 8 & Para’s [0032-0033] i.e., the devices 8, connected directly or indirectly to the internal network 9 transmit data, [0036], & [0042] i.e., It should be noted that, in addition to the above-described processing performed in the normal operation, the switch 5 outputs, from the mirror port 51, data which are transmitted from the device 8 & [0043-0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9) 

and the port of the network node (see Fig. 1 i.e., Mirror Port 51 of Switch 5) is arranged to mirror the data traffic to the network device (see Fig. 1 i.e., Gateway Apparatus 10), (see Para’s [0033] i.e., The switch 5 in this embodiment has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0042] i.e., the switch 5 output, from the mirror port 51, data which are transmitted from the device 8, [0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110)).

(Kawasaki discloses suggests the gateway apparatus 10 is used for efficiently monitoring the entire data traffic related to the nodes or devices 8 for detecting unauthorized access to the devices based on the monitored data, (see Para’s [0001], [0009-0010], [0033], [0036], & [0044-0046]).  

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of the network node or switch as disclosed in Kawasaki who discloses the port of the network node or switch apparatus which resides locally at a first end with a first communication device in the communication channel in which the data traffic is conveyed is arranged to mirror the data traffic to a network device such as a gateway apparatus for monitoring the data traffic because the motivation lies in Kawasaki that the gateway apparatus is used for efficiently monitoring the entire data traffic received from the nodes or devices 8 to determine whether the data that is expected to be received is from an authorized device.

Regarding Claim 12, Sammuell discloses the method of claim 11, wherein the at least one predetermined piece of information is at least one value of at least one data field in the at least one data frame, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0004] i.e., For example, if a sender sends a packet containing four payload bytes (i.e., “value”) with a sequence number field & [0095-0096] i.e., user plane data (i.e., “value”) may be considered to be “payload” data (i.e., “predetermined piece of information”),

Regarding Claim 14, Sammuell discloses the method of claim 11, wherein an acknowledgement generated by the second communication device in response to a receipt of data traffic from the first communication device is detected, by the network device, from a data traffic intended to the first communication device, (see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 15, Sammuell discloses the method of claim 14, wherein the acknowledgement generated by the second communication device is filtered out from the data traffic intended to the first communication device, (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 16, Sammuell discloses a network device (see Fig. 9B i.e., 250 & Para [0226]) for controlling a communication of a first communication device (see Fig. 9B i.e., Host 110) to a second communication device (see Fig. 9B i.e., Host 130) over a communication network, (see Fig. 9B i.e., Host 110 communicating with Host 130), the network device configured to transmit acknowledgements to the first communication device (see Fig. 9B i.e., slow-path module & Para [0228])

the network device comprising: at least one processor (see Fig. 9B i.e., 250 & Para [0020] i.e., processor); at least one memory (see Fig. 9B i.e., 250 & Para [0020] i.e., memory) including computer program code (see Para’s [0048-0050]); the at least one memory (see Fig. 9B i.e., 250 & Para [0020] i.e., memory)  and the computer program code (see Para’s [0048-0050]) configured to, with the at least one processor (see Fig. 9B i.e., 250 & Para [0020] i.e., processor), cause the network device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110) to perform: monitor data traffic to the communication network from the first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]). 

generate, in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

an acknowledgment to the first communication device (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926), the acknowledgement complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

The acknowledgement is generated to correspond to an acknowledgement expected from the second communication device (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).

and transmit the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110)  for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device residing locally at a first end with the first communication device. However the claim feature would be rendered obvious in view of MUTOH et al. US (2014/0082180).

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at a first end with the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at transmitting node P2 end (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”) & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

(MUTOH suggests one method of reducing the time desired for transmission when conducting transmission through a WAN involves the use of a WAN acceleration device  (see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at a first end with the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at a first end with the first communication device based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at a first end with a first communication device such as transmitting node P2 because the motivation lies in MUTOH for reducing the time desired for transmission when conducting transmission through a WAN by using the WAN acceleration device P1A which transmits a pseudo ACK packet to the transmitting node P2 which shortens the transmission time.   

While Sammuell discloses the network device (see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node, the network node residing locally at the first end with the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kawasaki et al. US (2018/0183816).

Kawasaki discloses a network device (see Fig. 1 i.e., Gateway Apparatus 10 & Fig. 3 i.e., Monitoring communication unit of Gateway Apparatus 10) is arranged to monitor (see Fig. 3 i.e., Monitoring Communication Unit 14) data traffic through a port (see Fig. 1 i.e., Mirror Port 51 of Switch 5) of a network node (see Fig. 1 i.e., Switch 5), (see Fig. 1 i.e., Switch 5 connected to gateway apparatus 10), (see Fig. 1 & Para’s [0032] i.e., the switch 5 is connected to an internal network 9, such as a LAN. Further, the switch is connected to the gateway apparatus 10 (i.e., switch 5 (i.e., “network node”) is in the same LAN as the gateway apparatus 10 (i.e., “network device”), [0033] i.e., The switch 5 has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the gateway apparatus 10 is composed, as shown in Fig. 2, of… an internal network interface (IF) 36 for connecting the internal network 9 (i.e., internal network 9 is a LAN (i.e., see Para [0032]), therefore the gateway apparatus 10 (i.e., “network device”) and the switch 5 (i.e., “network node”) are in the same local area network)…Para [0035] i.e., The gateway apparatus 10 includes monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0036] i.e., monitoring communication unit 14 receives and acquires packet data which is input from the monitoring port 361, [0044] i.e., The switch 5 outputs, from the mirror port 51, data transmitted from an internal network 9 side, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110), [0049] i.e., the switch 5 is connected to the internal network 9, and the monitoring port 361 of the gateway apparatus 10 is connected to the mirror port 51 of the switch 5, & [0079])

the network node (see Fig. 1 i.e., Switch 5) residing locally at the first end with the first communication device (see Fig. 1 i.e., Device 8) in the communication channel (see Fig. 1 i.e., communication channel 9) in which the data traffic is conveyed (see Fig. 1 i.e., Switch 5 residing locally at an end of a first communication device such as device 8 & Para’s [0032-0033] i.e., the devices 8, connected directly or indirectly to the internal network 9 transmit data, [0036], & [0042] i.e., It should be noted that, in addition to the above-described processing performed in the normal operation, the switch 5 outputs, from the mirror port 51, data which are transmitted from the device 8 & [0043-0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9) 

and the port of the network node (see Fig. 1 i.e., Mirror Port 51 of Switch 5) is arranged to mirror the data traffic to the network device (see Fig. 1 i.e., Gateway Apparatus 10), (see Para’s [0033] i.e., The switch 5 in this embodiment has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0042] i.e., the switch 5 output, from the mirror port 51, data which are transmitted from the device 8, [0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110)).

(Kawasaki discloses suggests the gateway apparatus 10 is used for efficiently monitoring the entire data traffic related to the nodes or devices 8 for detecting unauthorized access to the devices based on the monitored data, (see Para’s [0001], [0009-0010], [0033], [0036], & [0044-0046]).  

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of the network node or switch which is in the same local area network as the network device as disclosed in Kawasaki who discloses the port of the network node or switch apparatus which resides locally at an end of a first communication device in the communication channel in which the data traffic is conveyed is arranged to mirror the data traffic to a network device such as a gateway apparatus for monitoring the data traffic because the motivation lies in Kawasaki that the gateway apparatus is used for efficiently monitoring the entire data traffic received from the nodes or devices 8 to determine whether the data that is expected to be received is from an authorized device.
. 
Regarding Claim 18, Sammuell discloses the network device of claim 16, wherein the network device is configured to detect an acknowledgement generated by the second communication device in response to a receipt of data traffic from the first communication device from a data traffic intended to the first communication device. (see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 19, Sammuell discloses the network device of claim 18, wherein the network device is configured to filter out the acknowledgement generated by the second communication device from the data traffic intended to the first communication device. (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 20, Sammuell discloses a computer program product (see Para’s [0048-0050]) comprising at least one non-transitory computer-readable storage medium (see Para’s [0048-0050] a non-transitory computer-readable storage medium) having computer-executable program code instructions (see Para’s [0048-0050] i.e., non-transitory computer readable medium that bears computer usable instructions for one or more processors) stored therein that when the computer program product is executed on one or more computing devices, (see Para’s [0048-0050] i.e., a non-transitory computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner to perform the functions described herein), directs the one or more computing devices to:

Monitor data traffic to a communication network from a first communication device, (see Fig. 9B i.e., Data-1 922, Data-2 924 and Data-3 926 & Para [0224]) by a network device (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110),

The network device is configured to transmit acknowledgements to the first communication device (see Fig. 9B i.e., slow-path module & Para [0228])

Generate, by the network device (see Fig. 9B i.e., 250), in response to local detection of at least one predetermined piece of information in at least one data frame in the data traffic (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0095-0096] i.e., user plane data may be considered to be “payload” data (i.e., “predetermined piece of information”), [0157-0160] i.e., data packets are analyzed or detected by slow-path module 250, [0164], i.e., slow-path module 250 generally inspects (i.e., “detection”) all packets delivered between the two hosts, [0211-0212] i.e., Once the data is analyzed, the slow-path module 520 decides whether to forward the packet(s) unchanged, [0191], & [0224] i.e., data packets 922, 924, & 926 which are intercepted by slow-path module 250 will be detected by the slow path module 250).

an acknowledgment to the first communication device (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926), the acknowledgement complying with a communication protocol used for the communication, (see Fig. 9B & Para’s [0139], [0221] i.e., TCP protocol, & [0228-0229] i.e., ACK packets comply with TCP protocol used for the communication). 

The acknowledgement is generated to correspond to an acknowledgement expected from a second communication device (see Fig. 9B i.e., the Local acknowledgement 922, 924, 926 is generated to correspond to acknowledgement 932, 934, 936 expected from second communication device Host 130 & Para’s [0227] i.e., Host device 130 receives the modified packets and transmits ACK packets (i.e., “acknowledgement expected from the second communication device”) at F4, F5, and F6, respectively. The ACK packets are received by slow-path module 520 and not forwarded to host device 110 (i.e., “acknowledgement expected from the second communication device”) & [0228] & slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).

and transmit, by the network device (see Fig. 9B i.e., 250), the generated acknowledgement to the first communication device (see Fig. 9B i.e., Host 110) for indicating a delivery of the data traffic to the second communication device, (see Fig. 9B i.e., Local ACK-1 922, Local ACK-2 924, & Local ACK-3 926 transmitted from Slow-Path Module 250 to Host 110 & Para’s [0224] & [0228] i.e., slow-path module 520 generates and transmits ACK packets to host device 110, acknowledging receipt of packets 922, 924, and 926).  

While Sammuell discloses monitoring by the network device (see Fig. 9B i.e., Slow-Path Module 250) data traffic from the first communication device (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), Sammuell does not explicitly disclose the network device residing locally at a first end with the first communication device. However the claim feature would be rendered obvious in view of MUTOH et al. US (2014/0082180).

MUTOH discloses a network device (see Fig. 1 i.e., WAN acceleration device P1A) residing locally at a first end with a first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at transmitting node P2 end (i.e., “first communication device”) & Para’s [0004] i.e., For example, a WAN acceleration device is located at a border between a WAN and an internal network such as a LAN (i.e., “local area network”), and operates as a proxy for devices inside the internal network (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”) & [0005] i.e., A WAN acceleration device P1A is a proxy for the network to which the transmitting node P2 (i.e., “first communication device”) belongs (i.e., “network device P1A resides locally at an end of the first communication device P2 in a local area network”)…According to the WAN acceleration device P1A, the internal network is the one to which the transmitting node P2 (i.e., “first communication device”) belongs, and the external networks are the ones to which the WAN and the receiving node P3 belong) which receives traffic to the communication network from the first communication device, (see Para [0006] i.e., The WAN acceleration device P1A receives a data packet from the transmitting node P2 (OP111) and then transfers the data packet to the receiving node P3 (OP112))

(MUTOH suggests one method of reducing the time desired for transmission when conducting transmission through a WAN involves the use of a WAN acceleration device  (see Para [0004]) which is achieved by transmitting, by the network device (see Fig. 1 i.e., P1A) residing locally at a first end with the first communication device (see Fig. 1 i.e., WAN acceleration device P1A residing locally at end of transmitting node P2 (i.e., “first communication device”)), a generated acknowledgement (see Fig. 1 i.e., Pseudo ACK packet at OP112) in response to receiving at least one data packet from the first communication device (see Fig. 1 i.e., Data Packet at OP111), (see Fig. 1 i.e. Pseudo ACK & Para’s [0006] i.e., Further, the WAN acceleration device P1A artificially creates an ACK packet (pseudo ACK packet) and transmits the pseudo ACK packet to the transmitting node P2 (OP112) & [0007] i.e., In communication using a normal TCP, the time from the receiving node P3 transmitting the ACK until the next data packet is received takes at least one round trip time (RTT). In comparison, the time may be shortened due to the WAN acceleration device P1A transmitting a pseudo packet to the transmitting node P2).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device such as the Slow-Path Module 250 which generates and transmits an acknowledgement to the first communication device based on received data traffic from the first communication device as disclosed in Sammuell to be configured to reside locally at a first end with the first communication device based on the teachings of MUTOH who discloses a network device such as WAN acceleration device P1A residing locally at a first end with a first communication device such as transmitting node P2 because the motivation lies in MUTOH for reducing the time desired for transmission when conducting transmission through a WAN by using the WAN acceleration device P1A which transmits a pseudo ACK packet to the transmitting node P2 which shortens the transmission time.   

While Sammuell discloses the network device (see Fig. 9B i.e., Slow-Path Module 250) is arranged to monitor the data traffic for TCP communications, (see Para’s [0010] i.e., monitoring the current data flow at the network device, [0053], [0154] i.e., slow-path module 520 may be implemented in a network device & [0156] i.e., slow-path module 520 monitors the TCP connection state between the communicating hosts, analyzes flow data & [0200]), the combination of Sammuell in view of MUTOH does not disclose the network device is arranged to monitor the data traffic through a port of a network node, the network node residing locally at the first end with the first communication device in the communication channel in which the data traffic is conveyed and the port of the network node is arranged to mirror the data traffic to the network device. However the claim features would be rendered obvious in view of Kawasaki et al. US (2018/0183816).

Kawasaki discloses a network device (see Fig. 1 i.e., Gateway Apparatus 10 & Fig. 3 i.e., Monitoring communication unit of Gateway Apparatus 10) is arranged to monitor (see Fig. 3 i.e., Monitoring Communication Unit 14) data traffic through a port (see Fig. 1 i.e., Mirror Port 51 of Switch 5) of a network node (see Fig. 1 i.e., Switch 5), (see Fig. 1 i.e., Switch 5 connected to gateway apparatus 10), (see Fig. 1 & Para’s [0032] i.e., the switch 5 is connected to an internal network 9, such as a LAN. Further, the switch is connected to the gateway apparatus 10 (i.e., switch 5 (i.e., “network node”) is in the same LAN as the gateway apparatus 10 (i.e., “network device”), [0033] i.e., The switch 5 has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the gateway apparatus 10 is composed, as shown in Fig. 2, of… an internal network interface (IF) 36 for connecting the internal network 9 (i.e., internal network 9 is a LAN (i.e., see Para [0032]), therefore the gateway apparatus 10 (i.e., “network device”) and the switch 5 (i.e., “network node”) are in the same local area network)…Para [0035] i.e., The gateway apparatus 10 includes monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0036] i.e., monitoring communication unit 14 receives and acquires packet data which is input from the monitoring port 361, [0044] i.e., The switch 5 outputs, from the mirror port 51, data transmitted from an internal network 9 side, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110), [0049] i.e., the switch 5 is connected to the internal network 9, and the monitoring port 361 of the gateway apparatus 10 is connected to the mirror port 51 of the switch 5, & [0079])

the network node (see Fig. 1 i.e., Switch 5) residing locally at the first end with the first communication device (see Fig. 1 i.e., Device 8) in the communication channel (see Fig. 1 i.e., communication channel 9) in which the data traffic is conveyed (see Fig. 1 i.e., Switch 5 residing locally at an end of a first communication device such as device 8 & Para’s [0032-0033] i.e., the devices 8, connected directly or indirectly to the internal network 9 transmit data, [0036], & [0042] i.e., It should be noted that, in addition to the above-described processing performed in the normal operation, the switch 5 outputs, from the mirror port 51, data which are transmitted from the device 8 & [0043-0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9) 

and the port of the network node (see Fig. 1 i.e., Mirror Port 51 of Switch 5) is arranged to mirror the data traffic to the network device (see Fig. 1 i.e., Gateway Apparatus 10), (see Para’s [0033] i.e., The switch 5 in this embodiment has a mirror port 51 for copying and outputting the entire traffic data passing through a regular port. The mirror port 51 is connected to a monitoring port 361 of the gateway apparatus 10 [0035] i.e., the monitoring port 361 for receiving an output from the mirror port 51 of the switch 5, [0042] i.e., the switch 5 output, from the mirror port 51, data which are transmitted from the device 8, [0044] i.e., the switch 5, outputs from the mirror port 51, data transmitted from an internal network 9, and the monitoring communication unit 14 receives the data output from the mirror port 51 (step 110)).

(Kawasaki discloses suggests the gateway apparatus 10 is used for efficiently monitoring the entire data traffic related to the nodes or devices 8 for detecting unauthorized access to the devices based on the monitored data, (see Para’s [0001], [0009-0010], [0033], [0036], & [0044-0046]).  

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the network device which monitors the data traffic for TCP communications as disclosed in Sammuell in view of MUTOH to monitor the data traffic through the mirror port of the network node or switch as disclosed in Kawasaki who discloses the port of the network node or switch apparatus which resides locally at a first end with the first communication device in the communication channel in which the data traffic is conveyed is arranged to mirror the data traffic to a network device such as a gateway apparatus for monitoring the data traffic because the motivation lies in Kawasaki that the gateway apparatus is used for efficiently monitoring the entire data traffic received from the nodes or devices 8 to determine whether the data that is expected to be received is from an authorized device.

Regarding Claim 21, Sammuell discloses the computer program product of claim 20, wherein the at least one predetermined piece of information is at least one value of at least one data field in the at least one data frame, (see Fig. 9B i.e., detection of the payload field (i.e., “predetermined piece of information”) in the Data packets 922, 924, and 926 & Para’s [0004] i.e., For example, if a sender sends a packet containing four payload bytes (i.e., “value”) with a sequence number field & [0095-0096] i.e., user plane data (i.e., “value”) may be considered to be “payload” data (i.e., “predetermined piece of information”).

Regarding Claim 23, Sammuell discloses the computer program product of claim 20, wherein an acknowledgement generated by the second communication device in response to a receipt of data traffic from the first communication device is detected, by a network device, from a data traffic intended to the first communication device.  (see Fig. 9B i.e., the acknowledgement is detected from the data traffic ACK-1 932, ACK-2 934, and ACK-3 936 & Para [0227])

Regarding Claim 24, Sammuell discloses the computer program product of claim 23, wherein the acknowledgement generated by the second communication device is filtered out from the data traffic intended to the first communication device, (see Para [0227] i.e., “the ACK packets are received by slow-path module 250 and not forwarded to host device 110” discloses that the acknowledgements are filtered out from the incoming data packets).  

Regarding Claim 25, Sammuell discloses the computer program product of claim 20, wherein one or more computer devices comprise the network device residing at an end of the first communication device, (see Fig. 9B i.e., 250 & Para [0226] i.e., “slow path module” is a network device situated at the end of host 110).


5.	Claims 13, 17 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Samuell et al. US (2014/0012981) in view of MUTOH et al. US (2014/0082180), and further in view of Kawasaki et al. US (2018/0183816), as applied to claims 12, 16, and 21 above, and further in view of Park et al. US (2016/0189124)

Regarding Claims 13 and 22, the combination of Samuell in view of MUTOH, and further in view of Kawasaki discloses the method and computer program product of claims 12 and 21, but does not disclose wherein the local detection is performed by comparing the at least one value of the at least one data field to at least one comparison value and in response to local detection that the at least one value corresponds to the comparison value, the local detection is indicated. However the claim features would be rendered obvious in view of Park et al. US (2016/0189124).

Park discloses wherein the local detection is performed by comparing the at least one value of the at least one data field to at least one comparison value (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field)  of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

and in response to local detection that the at least one value corresponds to the comparison value, the local detection is indicated (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected (i.e., “detection is indicated”) by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field) of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected (i.e., “detection is indicated”) by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

(Park suggests a received packet from a source is detected by comparing the at least one value of the at least data field of the received packet to at least one comparison value for detecting the packet (see Para’s [0017], [0051], & [0055]).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the packets detected by the network device from the host as disclosed in Samuell in view of MUTOH, and further in view of Kawasaki to detect the packets according to the comparison techniques of Park who discloses detecting a received packet by comparing at least one value of a data field of the received packet to at least one comparison value because the motivation lies in Park for efficiently detecting the packet received from a source based on the comparison. 

Regarding Claim 17, the combination of Samuell in view of MUTOH, and further in view of Kawasaki discloses the method of claim 16, but does not disclose performing the local detection by comparing at least one value of the at least one data field to at least one comparison value and in response to local detection that the at least one value corresponds to the comparison value to indicate the local detection. However the claim features would be rendered obvious in view of Park et al. US (2016/0189124).

Park discloses performing local detection by comparing at least one value of the at least one data field to at least one comparison value (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field)  of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

and in response to local detection that the at least one value corresponds to the comparison value to indicate the local detection (see Para’s [0017] i.e., According to some embodiments of the present disclosure, payloads of one or more IP packets are stored and, upon receiving at least one packet retransmitted based on a TCP, an attack packet is detected (i.e., “detection is indicated”) by comparing at least one of the stored payloads (i.e., “comparison value”) with a payload (i.e., “value” of data field) of the retransmitted packet, [0051], & [0055] i.e., an attack packet is detected (i.e., “detection is indicated”) by comparing partial bytes of data of a prestored payload (i.e., “comparison value”) only with partial bytes of corresponding data of the payload (i.e., “value” of data field)  of the retransmitted packet 320 to reduce the memory occupancy of the data billing system 100p, thereby increasing the efficiency of memory use). 

(Park suggests a received packet from a source is detected by comparing the at least one value of the at least data field of the received packet to at least one comparison value for detecting the packet (see Para’s [0017], [0051], & [0055]).

Therefore it would have been obvious to one of ordinary skill in the art at the time of filing for the packets locally detected by the network device from the host as disclosed in Samuell in view of MUTOH, and further in view of Kawasaki to detect the packets according to the comparison techniques of Park who discloses locally detecting a received packet by comparing at least one value of a data field of the received packet to at least one comparison value because the motivation lies in Park for efficiently detecting the packet received from a source based on the comparison. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ADNAN A BAIG whose telephone number is (571)270-7511. The examiner can normally be reached M-F 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Huy Vu can be reached on 571-272-3155. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ADNAN BAIG/Primary Examiner, Art Unit 2461