DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that use the word “means” or “step” but are nonetheless not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph because the claim limitation(s) recite(s) sufficient structure, materials, or acts to entirely perform the recited function.  Such claim limitation(s) is/are: firewall logging system, firewall reporting system, and extract, transform and load service in claim 1-8.
Because this/these claim limitation(s) is/are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are not being interpreted to cover only the corresponding structure, material, or acts described in the specification as performing the claimed function, and equivalents thereof.
If applicant intends to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to remove the structure, materials, or acts that performs the claimed function; or (2) present a sufficient showing that the claim limitation(s) does/do not recite sufficient structure, materials, or acts to perform the claimed function.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Regarding claim 1, the claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims are directed towards components that may be interpreted simply as software (firewall logging system, firewall reporting system operating on a processor), which does not fall under one of the four statutory categories, see for example applicant’s specification [0024, 0025, 0048, 0049].
It is recommended to the applicant to recite a hardware processor and memory configured to execute the components of the system. 
Dependent claims 2-8 are rejected under the same rationale as they do not cure the deficiencies of the independent claim. 
Claim 1-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Regarding claim 1 and 9, the claim recites receiving firewall log data and processing it and processing reduced firewall log data and generating a report . The limitation of recites Receiving firewall log data and processing it , as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by a processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by a processor” language, “Receiving firewall log data and processing it ” in the context of this claim encompasses the user manually receiving and analyzing log data. Similarly, the limitation of Processing reduced firewall log data and generating a report, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, but for the “by a processor” language, “Processing reduced firewall log data and generating a report ” in the context of this claim encompasses the user receiving the remainder of the data, analyzing it and writing out a report to be shared with other users.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a processor fir Receiving firewall log data and processing it, and Processing reduced firewall log data and generating a report. The processor in the steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of analyzing log data) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform Receiving firewall log data and processing it and Processing reduced firewall log data and generating a report amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Dependent claims 2-8 and 10-16 are rejected under the same rationale as they do not cure the deficiencies of the independent claim. 
Invitation to Participate in DSMER Pilot Program
The present application satisfies the criteria for participation set forth in the Federal Register Notice entitled “Deferred Subject Matter Eligibility Response (DSMER) Pilot Program.” Therefore, the examiner invites applicant to participate in the DSMER pilot program. 
An applicant who accepts the invitation to participate in this pilot program must still file a reply to every Office action mailed in this application, but may defer presenting arguments or amendments in response to subject matter eligibility (SME) rejection(s) until the earlier of final disposition of the application, or the withdrawal or obviation of all other outstanding non-SME rejections. A final disposition for purposes of this pilot program occurs upon the earliest of: mailing of a notice of allowance; mailing of a final Office action; filing of a notice of appeal; filing of a request for continued examination; or abandonment of the application. Other than applicant’s ability to defer responding to SME rejections, participation in the DSMER pilot program does not alter the normal examination process (e.g., as outlined in MPEP 700), and applicant must still respond to all non-SME rejections when replying to Office actions. 
Further information about the pilot program, including an explanation of the criteria for receiving an invitation, and the conditions of participation, is provided in the Federal Register Notice announcing the program, which is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response.
Applicant has two choices with respect to this invitation:
(1) Applicant may elect to participate in the DSMER pilot program. To effect this choice, applicant MUST accept this invitation by filing a completed request form PTO/SB/456 with a timely response to this Office action. The DSMER Pilot request form must be signed in accordance with 37 CFR § 1.33(b) by a person having authority to prosecute the application, and must be submitted via the USPTO’s patent electronic filing systems (EFS-Web or Patent Center). The form is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response. If the form is properly completed and timely received, the application will be entered into the pilot program.
(2) Applicant may decline to participate in the pilot program. No action is required from applicant to effect this choice, because if applicant does not timely file a properly completed form PTO/SB/456, the application will not be entered into the pilot program.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rohner (US 2009/0198707) in view of Bray et al (US 2014/0164595). 
Regarding claims 1 and 9, Rohner discloses a system and method for firewall data log processing, comprising: 
a firewall logging system operating on a first processor and configured to cause the first processor (or one or more first algorithms) to receive firewall log data and to process the firewall log data to reduce the size of the firewall log data [0017, 0029, 0032, fig 4];
Please note that in this example the firewall record manager may include a firewall record filter that may reduce or thin out the firewall log data into a smaller set.  
a firewall reporting system operating on a second processor (or a second algorithm) and configured to process the reduced size firewall log data to generate a report on a user interface that includes one or more analytics from the reduced size firewall data [0034-0039, fig 4];
Please note that in this example the firewall record manager may also include a firewall log record formatter that analyzes the reduced data and outputs an image display of the analyzed data. 
However, Rohner does not expressly disclose but Bray et al discloses reducing firewall data on a periodic basis [0045, 0053, 0059].
Please note that in this example a periodic reduction of firewall log data may be performed. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rohner by periodically reducing, for the purpose of reducing content on a regular basis, based upon the beneficial teachings provided by Bray et al, see for example [0045].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claims 2 and 10, Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses the system comprising an extract, transform and load service operating on a third processor and configured to extract two or more subsets of data from the firewall log data, to transform the extracted firewall log data into a metadata schema and to load the metadata schema into a data processing system configured to analyze the firewall log data using the metadata schema [0034-0039];
Please note that in this example the firewall record manager may also include a firewall log record formatter that analyzes the reduced data and outputs an image display of the analyzed data. 
Regarding claims 3 and 10, Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the extract, transform and load service further comprises a metadata repository configured to receive the metadata schema and to store the metadata schema
Regarding claims 4 and 10, Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner does not expressly disclose but Bray et al further discloses wherein the extract, transform and load service further comprises a scheduler configured to periodically process an update using the metadata schema [0045, 0053, 0059];
Please note that in this example a periodic reduction of firewall log data may be performed.
The motivation to combine is the same as disclosed in point (29). 
Regarding claims 5 and 10, Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for selecting a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039]. 
Regarding claims 6 and 10, Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for relocating a display for a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039].
Regarding claims 7 and 10, Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for relocating a display of firewall statistics for a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039].
Regarding claims 8 and 10, Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for relocating a display of firewall statistics for a predetermined user for a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042, 0034];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Zerkane et al (Software Defined Networking Reactive Stateful Firewall) discloses that Network security is a crucial issue of Software Defined Networking (SDN). It is probably, one of the key features for the success and the future pervasion of the SDN technology. In this perspective, we propose a SDN reactive stateful firewall. Our solution is integrated into the SDN architecture. The application filters TCP communications according to the network security policies. It records and processes the different states of connections and interprets their possible transitions into OpenFlow (OF) rules. The proposition uses a reactive behavior in order to reduce the number of OpenFlow rules in the data plane devices and to mitigate some Denial of Service (DoS) attacks like SYN Flooding. The firewall processes the Finite State Machine of network protocols so as to withdraw useless traffic not corresponding to their transitions’ conditions.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 8am-5pm(EST) and Friday 8am-12pm(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/KENDALL DOLLY/Primary Examiner, Art Unit 2436