Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Status of Claims:
Claims 1, 3-5, 7, 8, 10 and 11 are pending in this Office Action.
Claims 1, 5 and 7 are amended.
Claims 2, 6, 9 and 12

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Sameer Gokhale (Reg. 62,618) on 6/15/2022.
The application has been amended as follows: 


Claim 1. (Currently Amended)  An intrusion prevention device connected with a network in which a packet containing a command for a device to be controlled is transmitted according to a predetermined rule, the intrusion prevention device comprising:
processing circuitry configured to:
store an analysis table comprised of a predetermined number of slots for storing each the command, the analysis table configured to store new information in the head slot of the analysis table by shifting the slot every predetermined time;
insert the command extracted from the packet detected from the network into the head slot of the analysis table together with the detected time of the packet; and
analyze whether or not the plurality of the commands stored in the slots of the analysis table follow the predetermined rule,
wherein the processing circuitry 
analyzes whether or not positions of slots storing the commands among the slots of the analysis table match a constant time cycle, and
when an analysis result indicates an abnormality, alters contents of the command included in the packet detected from the network into contents that can be set according to the predetermined rule, and transmits the packet to the net.

Claim 2. (Canceled)  


Claim 3. (Previously presented)  The intrusion prevention device according to Claim 1, wherein
the processing circuitry analyze whether or not differences among the commands stored in the slots of the analysis table match a change that can be caused when commands are set according to the predetermined rule.

Claim 4. (Previously presented)  The intrusion prevention device according to Claim 1, wherein
the processing circuitry analyze whether or not contents of the commands stored in the slots of the analysis table are contents that can be set according to the predetermined rule.

Claim 5. (Currently Amended)  The intrusion prevention device according to any of Claims 1, 3, and 4 
the processing circuitry output an alarm notifying occurrence of an abnormality when an analysis result indicates the abnormality.

Claim 6. (Canceled)  


Claim 7. (Currently Amended)  An intrusion detection method executed by an intrusion prevention device connected with a network in which a packet containing a command for a device to be controlled is transmitted according to a predetermined rule, the intrusion detection method comprising:
storing an analysis table comprised of a predetermined number of slots for storing each the command, the analysis table configured to store new information in the head slot of the analysis table by shifting the slot every predetermined time;
inserting the command extracted from the packet detected from the network into the head slot of the analysis table together with the detected time of the packet; and
analyzing whether or not the plurality of the commands stored in the slots of the analysis table follow the predetermined rule,
wherein the method further includes
analyzing whether or not positions of slots storing the commands among the slots of the analysis table match a constant time cycle, and
when an analysis result indicates an abnormality, altering contents of the command included in the packet detected from the network into contents that can be set according to the predetermined rule, and transmitting the packet to the network.

Claim 8. (Previously Presented)  A non-transitory computer-readable recording medium on which a program for causing a computer to operate as the intrusion prevention device according to claim 1.

Claim 9. (Canceled)  

Claim 10. (Previously Presented)  A non-transitory computer-readable recording medium on which a program for causing a computer to operate as the intrusion prevention device according to claim 3.

Claim 11. (Previously Presented)  A non-transitory computer-readable recording medium on which a program for causing a computer to operate as the intrusion prevention device according to claim 4.

Claim 12. (Canceled)  


Allowable Subject Matter
Claims 1, 3-5, 7, 8, 10 and 11 are allowed.
Applicant’s amendments/arguments presented, see Remarks pp. 5-8, filed 03/14/2022, have been fully considered and are persuasive.  
Therefore the 35 USC 103 rejection has been withdrawn.  
Additionally, the 35 USC 101 rejection has been withdrawn.
Additionally, the 35 USC 112 rejection has been withdrawn.
The following is an examiner’s statement of reasons for allowance:  
Applicant's reply/amendment makes evident the reasons for allowance, satisfying the "record as a whole" proviso of the rule 37 CFR 1.104(e).  Specifically, applicants arguments filed on 03/14/2022 are persuasive  (Remarks, pp. 5-8), as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14). 
Galula in view of Gao teach various aspects of intrusion prevention using a command analysis table, however the combination of references fails to teach the claim limitations as a whole. 
The dependent claims are also allowed as they depend upon allowable independent claims.
Therefore, Claims 1, 3-5, 7, 8, 10 and 11 are considered allowable when reading the claims in light of the specification, as per, MPEP §2111.01 or Toro Co. v. White Consolidated Inc., 199 F.3d 1295, 1301, 53 USPQ2d 1065,1069 (Fed. Cir. 1999).
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EMAD H SIDDIQI whose telephone number is (469)295-9126.  The examiner can normally be reached on M-F 9 am-5 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on 571-272-3980.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Emad Siddiqi/Examiner, Art Unit 2458

/KEVIN T BATES/Supervisory Patent Examiner, Art Unit 2458