Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This communication is responsive to Amendment filed 01/25/2022.
Claims 52-71 are pending in this application.  Claims 52 and 54 are independent claims.   In Amendment, claims 52, 54, 60, and 71 are amended.  This Office Action is made final.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 52-71 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because
the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  Claim(s) 52 and 54 is/are directed to a method and apparatus for network traffic analysis wherein the limitations “recording the traffic data in CRT-RS…, detecting abnormal buckets in the CRT-RS, and recovering abnormal source address…” are considered as either mentally or mathematically performed with help of generic computer system as required under prong I step 2A.  These steps are involved heavily with mathematical operations such as recording/encoding the data based on CRT-RS operation and recovering/decoding the abnormal source address based on mathematical operation (see claim 70) and the step of detecting the abnormal buckets or changes between the current bucket versus the previous bucket of data can be mentally judged with the help of generic computer components.   The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the limitations obtaining the traffic data is merely the pre-activity solution for gathering information/data for analysis which is insignificant and also known conventionally of gathering information as required under prong II steps 2A and 2B.
Additional dependent claims 53 and 55-71 do include additional elements, however these additional elements are insufficient to amount to significantly more than the judicial exception because these elements merely further detail the mathematical operations of the abstract idea above.  
The applicant is highly recommended to incorporate the limitations of claim 71 and additionally elaborating the detail of blocking a data packet that would help to overcome the abstract idea by integrating into the practical application.

Response to Arguments
Applicant's arguments filed 01/25/2022 have been fully considered but they are not persuasive. 
The applicant argues in pages 8-9 for claims 52-71 that (1) the examiner has not established that the claims are directed to merely a judicial exception as the claim is clearly recite a method for network traffic analysis and (2) the claim recite significantly more because the claim is reciting detecting abnormal buckets based on change between traffic data of different time intervals and recovering source address associated information based on the abnormal buckets. 
The examiner respectfully submits that (1) the above rejection clearly addressed in detail as how the claim is directing to merely a judicial exception wherein every limitation in the claim is carefully considered.  As mentioned in the rejection, there limitations including “recording…; detecting…; and recovering…” are considered as steps which can be mentally done with help of generic computer by applying certain mathematical algorithms to the data to perform mathematical analysis on the data.  The only remaining limitation would be the limitation of “obtaining traffic data of current time interval” but this limitation is merely considered as pre-activity solution for gathering the data to perform the mathematical analysis on the data which is insignificant as stated.  (2) As mentioned above, the steps of “detecting… and recovering…” are considered as mental steps in the analysis of Prong I step 2A wherein these steps are merely applying an algorithm mathematically to extract/obtain certain desired data from the traffic data.  The amendment does not add any additional element or limitations which can be considered under Prong II step 2A as integrating into the application for overcome the abstract idea but the amendment merely further elaborate what the data is representing as the abnormal source address is the malicious traffic data but it is just data itself.  

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHUOC H NGUYEN whose telephone number is (571)272-3919. The examiner can normally be reached M-F: 7:30 am -3:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry, can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/PHUOC H NGUYEN/Primary Examiner, Art Unit 2451