DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings

Figure 3 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 302 (see Figure 3).  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application.
The drawings are objected to because they include informalities.  In particular, in Figure 2, step 208, it appears that “Monera” should read “Monero”.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application.
Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification

The abstract of the disclosure is objected to because it includes informalities.  In particular, in line 4, the phrase “a determination that that the request…” is grammatically unclear with respect to the repetition of “that”, and in lines 10-11, the phrase “a determination that that the reply…” is similarly grammatically unclear with respect to the repetition of “that”.  Correction is required.  See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:  
The specification includes minor grammatical and other errors.  For example, on page 1, line 11, the verb “generates” does not agree with the plural subject “cryptocurrencies”.  On page 1, line 13, it appears that the apostrophe in “computer’s” should be deleted to state the plural “computers”.  On page 2, line 18, the phrase “a determination that that the first request…” is grammatically unclear with respect to the repetition of “that”.  See also page 3, lines 3-4.  On page 3, line 7, the phrase “a determination that that the reply…” is grammatically unclear with respect to the repetition of “that”.  On page 3, lines 12-13, the phrase “a determination that that the destination…” is grammatically unclear with respect to the repetition of “that”.  On page 6, lines 14-15, reference is made to “L7 as a network layer”; however, layer 7 is the application layer.  On page 7, line 12, “external from” should read “external to”.  On page 7, line 15, the phrase “or one or more” is grammatically unclear in context.  On page 8, lines 8-11, it appears that the list items should be separated by semicolons, because it appears that some of the list items include internal commas.  On page 9, line 14, it is stated that “Block 204 is shown in dotted lines”; however, in Figure 2, block 204 appears to be shown with solid lines.  On page 10, line 19, the phrase “At in response” is grammatically unclear.  On page 10, line 19, the phrase “a determination that that the first request…” is grammatically unclear with respect to the repetition of “that”.  On page 11, line 4, the phrase “a response received to the second request” is grammatically unclear and not in clear idiomatic English.  On page 13, line 8, the period after “Notation” should be deleted.  On page 13, line 13, the phrase “params keys” is generally unclear.  On page 13, lines 14-15, it appears that the phrase “allowing a network monitor to outgoing and/or incoming communication” is missing critical language.  On page 17, line 1, the phrase “Still yet” is grammatically unclear and may be intended to read “Still further” or “Yet further” or similar. 
Appropriate correction is required.  Applicant’s cooperation is requested in correcting any other errors of which applicant may become aware in the specification.
The use of the terms Monero, Bitcoin, Ethereum, and Litecoin, which are trade names or marks used in commerce, has been noted in this application. The terms should be accompanied by the generic terminology; furthermore the terms should be capitalized wherever they appear or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) is permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “the cryptocurrency” in lines 6, 8, 9, 11, 12, and 14.  However, the claim also recites “at least one cryptocurrency”, and if there is more than one cryptocurrency, then it is not clear to which of the plural cryptocurrencies the phrase “the cryptocurrency” is intended to refer.  The claim further recites “a determination that that the first request…” in line 7.  This phrase is grammatically unclear with respect to the repetition of “that”.  The claim additionally recites “a destination indicated by the first request” in line 8.  It is not clear whether this is intended to refer to the destination of the first request or a different destination in a different field of the request.  The claim also recites “a determination that that the reply…” in line 13.  This phrase is grammatically unclear with respect to the repetition of “that”.  The above ambiguities render the claim indefinite.
Claim 2 recites “a determination that that the first request…” in line 2.  This phrase is grammatically unclear with respect to the repetition of “that”.  The claim further recites “the cryptocurrency” in line 2; however, if there is more than one cryptocurrency in Claim 1, then it is it is not clear to which of the plural cryptocurrencies this is intended to refer.  Claim 2 additionally recites “normal processing” in line 3.  The phrase “normal” is a relative or subjective term which does not appear to have been clearly defined or provided with a standard of comparison to allow one to determine what processing constitutes normal processing.  See MPEP § 2173.05(b).
Claim 3 recites “a determination that that the reply is not a cryptocurrency reply” in line 2.  This phrase is grammatically unclear with respect to the repetition of “that”.  Further, it appears that the prior determination is whether the reply is or is not a cryptocurrency response rather than a reply.  The claim further recites “the cryptocurrency” in line 2; however, if there is more than one cryptocurrency in Claim 1, then it is it is not clear to which of the plural cryptocurrencies this is intended to refer.  Claim 3 additionally recites “normal processing” in line 3.  The phrase “normal” is a relative or subjective term which does not appear to have been clearly defined or provided with a standard of comparison to allow one to determine what processing constitutes normal processing.  See MPEP § 2173.05(b).
Claim 5 recites “a determination that that the destination…” in line 3.  This phrase is grammatically unclear with respect to the repetition of “that”.
Claim 7 recites “the cryptocurrency” in lines 8, 10, 11-12, 14, 15, and 17.  However, the claim also recites “at least one cryptocurrency”, and if there is more than one cryptocurrency, then it is not clear to which of the plural cryptocurrencies the phrase “the cryptocurrency” is intended to refer.  The claim further recites “a determination that that the first request…” in line 9.  This phrase is grammatically unclear with respect to the repetition of “that”.  The claim additionally recites “a destination indicated by the first request” in lines 10-11.  It is not clear whether this is intended to refer to the destination of the first request or a different destination in a different field of the request.  The claim also recites “a determination that that the reply…” in line 16.  This phrase is grammatically unclear with respect to the repetition of “that”.  The above ambiguities render the claim indefinite.
Claim 8 recites “The computer-implemented method of claim 7” in line 1; however, Claim 7 is directed to a system rather than a method.  Claim 8 also recites “a determination that that the first request…” in line 3.  This phrase is grammatically unclear with respect to the repetition of “that”.  The claim further recites “the cryptocurrency” in line 3; however, if there is more than one cryptocurrency in Claim 7, then it is it is not clear to which of the plural cryptocurrencies this is intended to refer.  Claim 8 additionally recites “normal processing” in line 4.  The phrase “normal” is a relative or subjective term which does not appear to have been clearly defined or provided with a standard of comparison to allow one to determine what processing constitutes normal processing.  See MPEP § 2173.05(b).
Claim 9 recites “The computer-implemented method of claim 7” in line 1; however, Claim 7 is directed to a system rather than a method.  Claim 9 also recites “a determination that that the reply is not a cryptocurrency reply” in line 3.  This phrase is grammatically unclear with respect to the repetition of “that”.  Further, it appears that the prior determination is whether the reply is or is not a cryptocurrency response rather than a reply.  The claim further recites “the cryptocurrency” in line 3; however, if there is more than one cryptocurrency in Claim 7, then it is it is not clear to which of the plural cryptocurrencies this is intended to refer.  Claim 9 additionally recites “normal processing” in line 4.  The phrase “normal” is a relative or subjective term which does not appear to have been clearly defined or provided with a standard of comparison to allow one to determine what processing constitutes normal processing.  See MPEP § 2173.05(b).
Claim 10 recites “The computer-implemented method of claim 7” in line 1; however, Claim 7 is directed to a system rather than a method.
Claim 11 recites “The computer-implemented method of claim 7” in line 1; however, Claim 7 is directed to a system rather than a method.  Claim 11 also recites “a determination that that the destination…” in line 4.  This phrase is grammatically unclear with respect to the repetition of “that”.
Claim 12 recites “he computer-implemented method of claim 11” in line 1; however, Claim 7, from which Claim 11 depends, is directed to a system rather than a method.  Further, it appears that “he” should read “The”.
Claim 13 recites “the cryptocurrency” in lines 7, 9, 10, 12, 13, and 15.  However, the claim also recites “at least one cryptocurrency”, and if there is more than one cryptocurrency, then it is not clear to which of the plural cryptocurrencies the phrase “the cryptocurrency” is intended to refer.  The claim further recites “a determination that that the first request…” in line 8.  This phrase is grammatically unclear with respect to the repetition of “that”.  The claim additionally recites “a destination indicated by the first request” in line 9.  It is not clear whether this is intended to refer to the destination of the first request or a different destination in a different field of the request.  The claim also recites “a determination that that the reply…” in line 14.  This phrase is grammatically unclear with respect to the repetition of “that”.  The above ambiguities render the claim indefinite.
Claim 14 recites “a determination that that the first request…” in line 3.  This phrase is grammatically unclear with respect to the repetition of “that”.  The claim further recites “the cryptocurrency” in lines 3-4; however, if there is more than one cryptocurrency in Claim 13, then it is it is not clear to which of the plural cryptocurrencies this is intended to refer.  Claim 14 additionally recites “normal processing” in line 4.  The phrase “normal” is a relative or subjective term which does not appear to have been clearly defined or provided with a standard of comparison to allow one to determine what processing constitutes normal processing.  See MPEP § 2173.05(b).
Claim 15 recites “a determination that that the reply is not a cryptocurrency reply” in line 3.  This phrase is grammatically unclear with respect to the repetition of “that”.  Further, it appears that the prior determination is whether the reply is or is not a cryptocurrency response rather than a reply.  The claim further recites “the cryptocurrency” in lines 3-4; however, if there is more than one cryptocurrency in Claim 13, then it is it is not clear to which of the plural cryptocurrencies this is intended to refer.  Claim 15 additionally recites “normal processing” in line 4.  The phrase “normal” is a relative or subjective term which does not appear to have been clearly defined or provided with a standard of comparison to allow one to determine what processing constitutes normal processing.  See MPEP § 2173.05(b).
Claim 17 recites “a determination that that the destination…” in line 4.  This phrase is grammatically unclear with respect to the repetition of “that”.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.


Allowable Subject Matter

Claims 1-18 would be allowable if rewritten or amended to overcome the rejections under 35 U.S.C. 112(b) set forth in this Office action.
The following is a statement of reasons for the indication of allowable subject matter: 
Independent Claim 1 is directed to a method of monitoring network traffic for cryptojacking activity that includes receiving a first request from a host; determining whether the first request is a cryptocurrency request based on whether the request uses a protocol specified for requests that belong to communication associated with the cryptocurrency; if the first request is a cryptocurrency request, submitting a second request to a destination, where the second request is formatted as a cryptocurrency request; determining whether a reply to the second request is a cryptocurrency response based on whether the reply uses a protocol specified for responses that belong to communication associated with the cryptocurrency; and causing an intervention action if the reply to the second request is a cryptocurrency response.  Independent Claim 7 is directed to a system having functionality corresponding to the method of Claim 1, and independent Claim 13 is directed to a software implementation of the method of Claim 1.
Various prior art references, such as Lancioni et al, US Patent 11184373; Yang et al, US Patent 11258825; Korolov, “How to detect and prevent crypto mining malware”; and Muñoz et al. “Detecting cryptocurrency miners with NetFlow/IPFIX network measurements” generally disclose techniques for detecting cryptojacking; however, none of these techniques disclose analyzing the protocols used in requests or responses to determine if they are cryptocurrency communication protocols, and none of these references clearly teach or suggest submitting a second request to a destination indicated by a first request.  Similarly, additional cited references, Russo et al, “Detection of illicit cryptomining using network metadata”, and Naseem et al, “MINOS*: A Lightweight Real-Time Cryptojacking Detection System”, also generally disclose techniques for detecting cryptojacking including various network traffic analyses; however, these references do not qualify as prior art for the present application.  Therefore, the claims recite subject matter allowable over the cited prior art.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492