DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application discloses and claims only subject matter disclosed in prior application no 16/090141, filed 09/28/18, which claim foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. 16165909.9, filed on 04/19/2016 and names the inventor or at least one joint inventor named in the prior application.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/29/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Instant application 17/162426
US 10992694 B2
1. A surveillance system connectable to a network, comprising: 
a communication module; and 
a management module; 
said system being configured to, during a first phase: 
a. intercept a first message from the network, said first message being sent to a first device; 
b. intercept a second message from the network, said second message being a response from the first device to the first message;
 c. calculate a time interval between the interception of the first message and the interception of the second message; 
d. repeat the steps a. to c. to determine further time intervals; 
e. determine a distribution of said time intervals; 
f. store with reference to the first device, the distribution of the time intervals; and during a second phase, said system being configured to:
 g. intercept a third message from the network, said message being sent to the first device;
 h. intercept a fourth message from the network, said fourth message being a response from the first device to the third message;
 i. calculate a new time interval between the interception of the third message and the interception of the fourth message; and 
j. verify that the new time interval is within the distribution of time intervals, 
wherein the messages are either a transport layer message or an application layer message, and the system is further configured to calculate the time intervals only from the application layer messages.
1. A surveillance system connectable to a network, comprising: 
a communication module; and 
a management module; 
said system being configured to, during a first phase:
a. intercept a first message from the network, said first message being sent to a first device; 
b. intercept a second message from the network, said second message being a response from the first device to the first message; 
c. calculate a time interval between the interception of the first message and the interception of the second message; 
d. repeat the steps a. to c. to determine further time intervals; 
e. determine a distribution of said time intervals;
 f. store with reference to the first device, the distribution of the time intervals; and during a second phase, said system being configured to: 
g. intercept a third message from the network, said message being sent to the first device;
 h. intercept a fourth message from the network, said fourth message being a response from the first device to the third message;
 i. calculate a new time interval between the interception of the third message and the interception of the fourth message; and
 j. verify that the new time interval is within the distribution of time intervals, 
wherein the first device generates a transport layer message and an application layer message, and 

the system is further configured to, after intercepting the second or the fourth message, discard the intercepted message if the second or forth message is a transport layer message.




Claims 1-10 rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-10 of U.S. Patent No. US 10992694 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because similar limitations with minor obvious variation.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Kulshreshta et al(US 20160359592 A1: considering priority of provisional application :IDSsupplied) in view of HIGUICHI et al(US 20160234344 A1:IDS supplied).

With regards to claim 1, 7 Kulshreshta discloses, A surveillance system connectable to a network, comprising: 
a communication module ( FIG 2 210 and associated text.); and 
a management module (FIG 2 244 and associated text); 
said system being configured to,: 
e. determine a distribution of said time intervals ([0047] The monitoring device also determines a network topology consistent with the one or more latency distributions and generates a graph of a network topology, including communication links between the nodes, relative positions for the nodes and representative response times between the nodes (e.g., a median response time, other measures of a response time from the corresponding latency distribution, etc.)..); 
f. store with reference to the first device, the distribution of time intervals; and ([0033]; In certain embodiments, the monitoring device may be part of a distributed monitoring system, including a number of remote monitoring devices/nodes (e.g., located at edge switches in a network). These remote monitoring devices/nodes may be configured to time stamp messages or packets exchanged between the nodes in the network (e.g., on receipt, on transmission, etc.).), 
j. verify that the new time interval is within the distribution of time intervals ([067] Operatively, the monitoring node monitors these statistical latency distributions for response times and/or retransmission response times between nodes, and identifies a network anomaly/fault for an increase in the distribution of representative retransmission latency values, as shown in diagram 1102..).  	

Kulshreshta does not exclusively but HIGUICHI teaches, during a first phase :
a. intercept a first message from the network, said first message being sent to a first device (FIG 3 Client REQUEST); 
b. intercept a second message from the network, said second message being a response from the first device to the first message (FIG 3 RESPONSE); 
c. calculate a time interval between the interception of the first message and the interception of the second message (FIG 3 SERVER Response time); 
d. repeat the steps a. to c. to determine further time intervals (FIG 3 2nd RESONSE TIME); 
said system being configured to: 
g. intercept a third message from the network, said message being sent to the first device (FIG 2 DATA); 
h. intercept a fourth message from the network, said fourth message being a response from the first device to the third message (FIG 2 DATA response); 
i. calculate a new time interval between the interception of the third message and the interception of the fourth message (FIG 2 Response time); and 
HIGUCHI also discloses, 
e. determine a distribution of said time intervals ([0111] When the identification of the groups is completed, the determination unit 34 determines whether the number of the pairs of the request and response messages included in each of the identified groups is equal to or greater than a predetermined threshold value t1. When it is determined that the number of the pairs of the request and response messages included in a identified group is equal to or greater than the predetermined threshold value t1, the determination unit 34 determines whether a standard deviation of the response time of the pairs of the request and response messages included in the group is equal to or less than a predetermined threshold value .sigma..sub.th. When it is determined that the standard deviation of the response time of the pairs of the request and response messages included in the group is equal to or less than the predetermined threshold value .sigma..sub.th, the determination unit 34 extracts a removal condition for the group.); 
f. store with reference to the first device, the distribution of time intervals; and during a second phase ([0111] When the identification of the groups is completed, the determination unit 34 determines whether the number of the pairs of the request and response messages included in each of the identified groups is equal to or greater than a predetermined threshold value t1. When it is determined that the number of the pairs of the request and response messages included in a identified group is equal to or greater than the predetermined threshold value t1, the determination unit 34 determines whether a standard deviation of the response time of the pairs of the request and response messages included in the group is equal to or less than a predetermined threshold value .sigma..sub.th. When it is determined that the standard deviation of the response time of the pairs of the request and response messages included in the group is equal to or less than the predetermined threshold value .sigma..sub.th, the determination unit 34 extracts a removal condition for the group.), 
j. verify that the new time interval is within the distribution of time intervals ([0111] When it is determined that the number of the pairs of the request and response messages included in a identified group is equal to or greater than the predetermined threshold value t1, the determination unit 34 determines whether a standard deviation of the response time of the pairs of the request and response messages included in the group is equal to or less than a predetermined threshold value .sigma..sub.th. When it is determined that the standard deviation of the response time of the pairs of the request and response messages included in the group is equal to or less than the predetermined threshold value .sigma..sub.th, the determination unit 34 extracts a removal condition for the group.[0019]).
wherein the messages are either a transport layer message or/and an application layer message (FIG 7 and associated text; ), and the system is further configured to calculate the time intervals only from the application layer messages ([0064] Specifically, the analysis unit 33 analyzes the packets at the transport layer. As a result of the analysis, the analysis unit 33 calculates the size and the response time for each pair of the request and response messages at the application layer. The analysis unit 33 records the calculated information in the message log 41. Note: analysis unit record application request and response application layer, also capable of calculating/analyzing time interval with application layer data only) .It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Kulshreshta’s system with teaching of HIGUICHI in order for improving efficiency network data analysis(HIGUICHI [0004])

With regards to claim 2, 8  Kulshreshta further discloses, wherein the surveillance system is further configured to analyze the messages on the network and to extract an addressing portion of each the messages to determine to which devices the messages are addressed, or from which devices the messages originates (FIG 3 and associated text; [0019]; The network monitoring device also identifies a network anomaly when the current response time deviates from the representative response time for the communication link interconnecting the one pair of nodes by a threshold amount. ). 

With regards to claim 3, 9  Kulshreshta further discloses, wherein the surveillance system is further configured to analyze the messages to further extract a message type wherein, said distribution of time intervals being determined by message type ([0019] According to one or more embodiments of the disclosure, a monitoring device (or module) monitors a plurality of nodes in a data center network, and determines one or more latency distributions of response times for messages exchanged between pairs of nodes of the plurality of nodes…. The network monitoring device also identifies a network anomaly when the current response time deviates from the representative response time for the communication link interconnecting the one pair of nodes by a threshold amount. Note: anomaly type packet is determined by distribution of latency/interval). 

With regards to claim 4,  Kulshreshta further discloses, wherein the surveillance system is further configured to calculate the time interval between the interception of first and the interception of the second message, the management module being configured to determine the distribution of time intervals, and to verify that the new time interval is within the distribution of time intervals ([0019] According to one or more embodiments of the disclosure, a monitoring device (or module) monitors a plurality of nodes in a data center network, and determines one or more latency distributions of response times for messages exchanged between pairs of nodes of the plurality of nodes…. The network monitoring device also identifies a network anomaly when the current response time deviates from the representative response time for the communication link interconnecting the one pair of nodes by a threshold amount.). 

With regards to claim 5,  Kulshreshta further discloses, wherein the communication module is located in the first device, and the management module is located in a controller connected with the first device to receive the time intervals calculated by the communication module (FIG 3 and associated text; ). 

With regards to claim 6, Kulshreshta further discloses, wherein the communication module further comprises an interface configured to communicate with a surveillance server, said server comprising the management module ([0033]; In some embodiments, the monitoring device determines communication latency for paired response times between nodes (e.g., from time stamp data associated with each message or packet exchanged between nodes). In certain embodiments, the monitoring device may be part of a distributed monitoring system, including a number of remote monitoring devices/nodes (e.g., located at edge switches in a network).). 


With regards to claim 10, wherein the distribution of time intervals is organized by type of devices, said method comprises: intercepting a fifth message from the network, said message being sent to a second device, said second device being of the same type of the first device; intercepting a sixth message from the network, said sixth message being a response from the second device to the fifth message; and calculating a new time interval between the interception of the fifth message and the interception of sixth message; wherein the verification is carried out with the device type distribution of time intervals (Pls see claim 1, examiner consider its repeat step of claim 1 ). 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20100281539 A1.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498