Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant's arguments filed 5/25/2022 have been fully considered but they are not persuasive.   
Applicant argues that “Warren requires a match between the data and a known pattern of bytes” (Remarks, page 2).  This argument is not persuasive for the reason that the obviousness rejection relies on Gonzalez-Pardo to teach regular expressions (i.e. not a known pattern of bytes) which is described as “[r]egular expressions, or regexes, have been used traditionally as a pattern matching tool to search for structures in a set of objects, like files, text documents or folders.”  It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed for a skilled artisan to modify Warren to use regular expressions as a pattern matching tool based on Gonzalez-Pardo’s explicit teaching of it as a pattern matching tool.
Applicant argues that “Warren’s method entails searching for a pattern known to be within a specific part of a data packet” (Remarks, page 4) such that the protocol must be known.  This argument is not persuasive for the reason that Applicant’s cited sections in Warren correspond to a particular embodiment where the detection of a pattern can be focused at a particular location of the data (see paragraph 0007).  However, Warren teaches that the detection of the pattern can correspond to all of the data such that the data protocol does not need to be known since the location of certain fields in the data packet does not need to be known (see paragraph 0016, “[a]n additional benefit of the example of FIG. 1 is that in at least some situations, all data that enters the device 100 is moved through the pipeline 102 for processing, such that the detector 104 is capable of detecting at least one pattern within the all of the data”)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 21, 23-26, 28-34, and 36-39 is/are rejected under 35 U.S.C. 103 as being unpatentable over Warren et al. (US 2013/0191917 A1) in view of Ahrens et al. (US 2012/0005224 A1) and Gonzalez-Pardo et al. publication (‘Analysis of Grammatical Evolutionary Approaches to Regular Expression Induction’).
With respect to  the claims (see claim mapping to the reference below), Warren teaches matching patterns within a data packet in paragraphs 0007, 0012 and 0024.  Warren does not teach (A) extracting data items and reporting the extracted items and (B) use of “regular expression.” 
With respect to  (A), Ahrens in a similar field of art teaches that data items are extracted from data traffic and reported to a post database (paragraphs 0044-46).  Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to extract and report the extracted data items in Warren using Ahren’s technique for the reason that Warren suggests that “a company might wish to detect specific patterns found in confidential information, and ensure that they are not being transmitted to insecure locations” (paragraph 0006) such that a skilled artisan would have been motivated to report such “interesting information” (paragraph 0006) where Ahrens teaches the data items that would have been interesting information to a skilled artisan (paragraphs 0045-0046) .
With respect to  (B), Warren does not teach “regular expression.”  In Warren, the pattern includes ASCII character sets in paragraph 0024 where a marked bit functions as a do-not-care bit in order to match both upper case characters and lower case counterparts.  Gonzalez-Pardo teaches that meta-characters (i.e. operators) can be used to describe sets of character strings, where the regular expression “www” is just a set of characters and meta-characters such a “+” can be used to indicate repetition (page 640, column 1, section A. Introduction to regular expressions).  Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to use regular expressions (i.e. meta-characters in addition to the ASCII characters) to describe the character strings in Warren as explicitly taught by Gonzalez-Pardo.
With respect to  the limitation of “the one or more communication protocols are unknown or undetected,” Warren explicitly teaches that “[d]ata is moved through a pipeline as processing of the data unrelated to detection of pattern is performed” (Abstract) and “[t]he data processing that is performed in the pipeline 102 is independent of the pattern detection performed by the detector 104.  Data enters, moves through, and exits the pipeline 102 without waiting for the detector 104 to perform its detection” (paragraph 0014).  Warren’s explicit teaching appears to indicate that the pattern detector 104 does not need to know or detect the protocol of the data since its primary function is to detect a pattern within the all of the data (paragraph 0016).  Thus, it would appear to be inherent that the protocols are unknown or undetected in the detector 104, or alternatively that it would have been obvious to one of ordinary skill in the art at the time the invention was filed for the protocols to be unknown or undetected since a skilled artisan would have been motivated to not provide additional functions to a pattern detector where Warren teaches that the processing in terms of various protocols are unrelated to the pattern detecting.
With respect to the claims, references to the prior art appear in parenthesis.
Claims
21.  A method (Warren’s pattern detection in Figure 2), comprising: 
receiving communication traffic, which is transferred over a communication network in accordance with one or more communication protocols (In Warren, Movement of Data 106 in Figure 1), wherein the one or more communication protocols are unknown or undetected (In Warren, the processing of data is unrelated to the pattern detection in the Abstract such that it would have been inherent or in the alternative obvious that the detector does not need to know or detect the communication protocol for the reason that the primary function of the detector is to detect a pattern within all of the data in paragraphs 0014 and 0016)  ;
searching textual portions of the communication traffic (Ahrens teaches that the communication traffic includes textual and non-textual portions in paragraph 0038, wherein it would have been obvious to one of ordinary skill in the art at the time the invention was filed to only search in textual portions of the communication traffic when the interesting information wished for in Warren is textual information), irrespective of the one or more communication protocols, for one or more predefined patterns (In Warren, Detector 104 in Figure 1 and paragraph 0014) indicative of data items in question, by applying to the communication traffic a regular expression representing the one or more predefined patterns, thereby identifying the data items in question (Gonzalez-Pardo teaches that the set of character strings can be described as regular expressions on page 640, column 1, section A. Introduction to regular expressions);
extracting the identified data items from the communication traffic, along with corresponding identifiers of the traffic from which the data items were extracted (Ahrens teaches a plurality of extracted data items including post terms (i.e. interesting information that a user wishes to detect) and a plurality of identifiers of the traffic from which the post terms were extracted in paragraphs 0045-0046) ; and 
reporting the extracted data items and the corresponding identifiers (Ahrens teaches that the extracted data items are reported to the content store 218 in the post data database 210 in paragraphs 0044-0045).

23.    The method according to claim 21, wherein identifying the data items comprises distinguishing between textual and non-textual portions of the traffic and searching for the data items only in the textual portions of the communication traffic (Ahrens teaches that the communication traffic includes textual and non-textual portions in paragraph 0038, wherein it would have been obvious to one of ordinary skill in the art at the time the invention was filed to only search in textual portions of the communication traffic when the interesting information wished for in Warren is textual information) .

24.    The method according to claim 21, wherein the data items comprise an identifier of a user or a communication terminal associated with the communication traffic (Ahrens teaches data items include information identifying the user who submitted the post and IP address of the user’s client device in paragraph 0041).

25.    The method according to claim 24, and comprising extracting an additional identifier of the user or the communication terminal from metadata of the communication traffic, and correlating the identifier and the additional identifier (Ahrens teaches extracting additional identifiers such as the geographic location of the user or client device which is correlated to the user identifying information and the IP address of the user’s client device in paragraph 0041) .

26.    The method according to claim 21, wherein the data item comprises location information of a communication terminal associated with the communication traffic (Ahrens teaches location information of the user or client device in paragraph 0041).

28.    The method according to claim 21, wherein identifying the data items comprises identifying specific strings followed by corresponding regular expressions and wherein extracting the identified data items comprises extracting the bytes that match the corresponding regular expressions (Gonzalez-Pardo teaches that the set of character strings can be described as regular expressions on page 640, column 1, section A. Introduction to regular expressions where Ahrens teaches to extract data items (paragraph 0045-0046) that are interesting  information that users in Warren might wish to detect(paragraph 0006)).

29.    The method according to claim 21, wherein identifying the data items comprises identifying data items matching a regular expression of email addresses (Gonzalez-Pardo teaches that it is popular to use regular expressions to detect such information as phone numbers, URLs and email addresses in the Abstract).

30.    The method according to claim 21, wherein identifying the data items comprises identifying data items matching a regular expression of telephone numbers (Gonzalez-Pardo teaches that it is popular to use regular expressions to detect such information as phone numbers, URLs and email addresses in the Abstract).

31.    The method according to claim 21, wherein identifying the data items comprises identifying data items matching a regular expression of credit card numbers (Warren teaches to detect specific patterns found in confidential information in paragraph 0006, wherein a skilled artisan would have been motivated to use the regular expression taught in Gonzalez-Pardo to detect credit card numbers in order to ensure that they are not being transmitted to insecure locations as suggested by Warren (paragraph 0006) .

32.    The method according to claim 21, wherein identifying the data items comprises identifying a plurality of data items in a single textual portion of the traffic and wherein reporting the extracted data items comprise reporting a correlation between the identified plurality of data items in the single textual portion (Ahrens teaches that the communication traffic includes textual and non-textual portions in paragraph 0038, wherein it would have been obvious to one of ordinary skill in the art at the time the invention was filed to only search in textual portions of the communication traffic when the interesting information wished for in Warren is textual information.  Further, Ahrens teaches to correlate the  number of terms in the post in paragraph 0045).

33.    The method according to claim 21, further comprising reporting the locations of the extracted data items in the traffic (Warren teaches storing the location within the data packet where the pattern was detected in paragraph 0024).

34.    An apparatus (Warren’s pattern detector 104 in Figure 1), comprising: 
an interface, which is configured to connect to a communication network and to receive communication traffic, previously unknown to the apparatus (In Warren, data processing (i.e. communication protocol) is independent from pattern detection in paragraph 0014 such that the communication protocol would be unknown to the pattern detector),  that is transferred over the communication network in accordance with one or more communication protocols (In Warren, Movement of Data 106 in Figure 1), wherein the one or more communication protocols are unknown to the apparatus or undetected by the apparatus (In Warren, the processing of data is unrelated to the pattern detection in the Abstract such that it would have been inherent or in the alternative obvious that the detector does not need to know or detect the communication protocol for the reason that the primary function of the detector is to detect a pattern within all of the data)and 
a processor, which is configured to search textual portions of  the communication traffic (Ahrens teaches that the communication traffic includes textual and non-textual portions in paragraph 0038, wherein it would have been obvious to one of ordinary skill in the art at the time the invention was filed to only search in textual portions of the communication traffic when the interesting information wished for in Warren is textual information), irrespective of the one or more communication protocols, for one or more predefined patterns (In Warren, Detector 104 in Figure 1 and paragraph 0014) indicative of data items in question, by applying to the communication traffic a regular expression representing the one or more predefined patterns, thereby identifying the data items in question (Gonzalez-Pardo teaches that the set of character strings can be described as regular expressions on page 640, column 1, section A. Introduction to regular expressions), 
to extract the identified data items from the communication traffic, along with corresponding identifiers of the traffic from which the data items were extracted (Ahrens teaches a plurality of extracted data items including post terms (i.e. interesting information that a user wishes to detect) and a plurality of identifiers of the traffic from which the post terms were extracted in paragraphs 0045-0046), and 
to report the extracted data items and the corresponding identifiers (Ahrens teaches that the extracted data items are reported to the content store 218 in the post data database 210 in paragraphs 0044-0045).

36.    The apparatus according to claim 34, wherein the processor is configured to distinguish between textual and non-textual portions of the traffic and to search for the data items only in the textual portions of the communication traffic (Ahrens teaches that the communication traffic includes textual and non-textual portions in paragraph 0038, wherein it would have been obvious to one of ordinary skill in the art at the time the invention was filed to only search in textual portions of the communication traffic when the interesting information wished for in Warren is textual information)  .

37.    The apparatus according to claim 34, wherein the data item comprises an identifier of a user or a communication terminal associated with the communication traffic (Ahrens teaches data items include information identifying the user who submitted the post and IP address of the user’s client device in paragraph 0041).

38.    The apparatus according to claim 37, wherein the processor is configured to extract an additional identifier of the user or the communication terminal from metadata of the communication traffic, and to correlate the identifier and the additional identifier (Ahrens teaches extracting additional identifiers such as the geographic location of the user or client device which is correlated to the user identifying information and the IP address of the user’s client device in paragraph 0041).

39.    The apparatus according to claim 34, wherein the data item comprises location information of a communication terminal associated with the communication traffic (Ahrens teaches location information of the user or client device in paragraph 0041).

Claims 27 and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Warren et al. , Ahrens et al., and Gonzalez-Pardo et al. publication as applied to claims above, and further in view of Zambon (US 2014/0297572 A1).
Warren does not teach a decoding algorithm based on the extracted data item to decode the unknown communication protocol.   Zambon teaches that the unknown protocol may be learned by monitoring the data traffic and deriving a protocol specification (i.e. train and decode the unknown protocol) in paragraph 0015.   Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to train a decoding algorithm to decode the unknown communication protocol in Warren as explicitly suggested by Zambon.
	With respect to the claims, references to the prior art appear in parenthesis.
Claim
27.    The method according to claim 21, and comprising training a decoding algorithm based on the extracted data item, to decode the communication protocol (Zambon teaches that the unknown protocol may be learned by monitoring the data traffic and deriving a protocol specification in paragraph 0015).

40.    The apparatus according to claim 34, wherein the processor is configured to train a decoding algorithm based on the extracted data item, to decode the communication protocol (Zambon teaches that the unknown protocol may be learned by monitoring the data traffic and deriving a protocol specification in paragraph 0015).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MELVIN C MARCELO whose telephone number is (571)272-3125. The examiner can normally be reached M-F 9:30-6:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pankaj Kumar can be reached on 571-272-3011. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MELVIN C. MARCELO
Primary Examiner
Art Unit 2463



/MELVIN C MARCELO/Primary Examiner, Art Unit 2463                                                                                                                                                                                                        June 8, 2022