continued from PTO-303, item 5:
(i)	Objection to Drawings
The amended drawings have overcome drawing objection.

(ii)	Objection to Claims
The amendments have overcome claim objection.

(iii)	112(b) rejection
The amendments have overcome 112(b) rejection.

continued from PTO-303, item 12:
-112(a) rejection
(a)	Applicant submits:
	“As for the term “subset” not being used in the specification, there is no requirement for the specification to describe the features of the claims using the exact terms used in the claims.” (see page 11, 1st par)
	Examiner maintains:
	The response, filed on January 28, 2022, amended independent claims 1, 14, and 16, and added new terms: “a first subset of the plurality of messages”, “a second subset of the plurality messages”, “one or more of the first subset of the plurality messages”, “other one of the first subset of the plurality of messages”, and “another one of the first subset of the plurality of messages that has previously been stored in the memory”.
	However, the specification does not disclose “a first subset of the plurality of messages”, “a second subset of the plurality messages”, and does not disclose “one or more of the first subset of the plurality messages”, “other one of the first subset of the plurality of messages”, and “another one of the first subset of the plurality of messages that has previously been stored in the memory”.
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

	Therefore, independent claims 1,14, and 16 are rejected as failing to comply with the written description requirement under 35 U.S.C. 112(a)
(b)	Applicant submits:
	“Thus, the specification provides written description support for the feature of “for each message of a first subset of the plurality of messages, the processor of the first user station (1) transmitting the respective message to a respective one of second user stations over the network via the transmission interface, (2) by a respective random selection, selecting the respective message for storage in the memory, and (3) based on the respective random selection, storing the respective message in the memory.”” (see page 12, 2nd par)
	Examiner maintains:
As an initial matter, the specification does not disclose a first subset of the plurality of messages.  Therefore, independent claims fail to comply with the written description requirement under 35 U.S.C. 112(a) (see (a) above). 
	Claim 1 recites:
	“for each message of a first subset of the plurality of messages, the processor of the first user station (1) transmitting the respective message to a respective one of second user stations over the network via the transmission interface, (2) by a respective random selection, selecting the respective message for storage in the memory, and (3) based on the respective random selection, storing the respective message in the memory;”.
Therefore, Claim 1 describes each message of a first subset of the plurality of messages is transmitted to a second user station.
The specification discloses:
“In a second step 22, it is decided by chance for a newly arriving message, in particular through the use of a random generator, whether it is to be stored in a memory to thereupon be able to be checked by the system for detecting or preventing an intruding attack on the network, or whether it is to be discarded. The discarding refers, in particular, only to the purposes of the security system. In particular, in the above-described scenario, upon being received in a buffer memory of the network user, the message may also be forwarded by this network user or be processed otherwise.” (see spec. pub., [0033])
Therefore, the specification discloses for each new message, use a random generator to determine whether the new message is to be stored or forwarded (transmitted) [i.e., each new message is either (i) stored, or (ii) transmitted ] to a second user station.  Therefore, the specification disclose that each new message is either stored or transmitted to a second user station.  However, the specification does not disclose each new message is transmitted to a second user station. 
Therefore, the independent claims are rejected for failing to comply with written description requirement under 35 U.S.C. 112(a).
Additionally, according to the limitations, when the processor performs “(1) transmitting the respective message to a respective one of second user stations over the network via the transmission interface”, the new message has therefore been transmitted to a second user station.  According to spec. pub. [0033], a new message is either be stored or transmitted, therefore a new message can not be stored as well as be transmitted.  So, it appears to be not right the processor performs “(2) by a respective random selection, selecting the respective message for storage in the memory, and (3) based on the respective random selection, storing the respective message in the memory”, because the new message has already been transmitted to a second user station when the processor performs “(1) transmitting the respective message to a respective one of second user stations over the network via the transmission interface”.
Therefore, the independent claims additionally fail the enablement requirement under 35 U.S.C. 112(a).
(c)	Applicant submits:
	“Thus, the specification provides written description support for the feature of “for each message of a second subset of the plurality of messages, the processor of the first user station (1) by a respective random selection, selecting the respective message to be transmitted without being stored in the memory, and (2) based on the respective random selection performed for the respective message, transmitting the respective message to a respective one of the second user stations over the network via the transmission interface without the respective message being stored in the memory.”” (see page 12, 3rd par)
	Examiner maintains:
As an initial matter, the specification does not disclose a second subset of the plurality of messages. Therefore, independent claims fail to comply with the written description requirement under 35 U.S.C. 112(a) (see (a) above). 
According the above limitation, for each message of a second subset of the plurality of messages, the processor will use a random selection to determine whether to transmit the message to a second user station. Therefore, a message in a second subset of the plurality of messages could be transmitted or not be transmitted (stored) to a second user station, based on the random selection. If the message in a second subset of the plurality of messages is not transmitted based on a random selection, the message in a second subset of the plurality of messages would be stored in the first user station, according to spec. pub. [0033].
Claim 1 further recites “the processor processing the memory by sequentially analyzing those of the messages that have been stored in the memory without being deleted prior to the analysis of the respective messages to detect an information attack with respect to the respective analyzed messages, such that the analysis (1) is performed for none of the second subset of the messages …”.
Since some of the messages in the second subset of the plurality of messages could be stored in the first user station, according to claim 1, it appears to be not right “the analysis (1) is performed for none of the second subset of the messages”, because this approach would omit the security analysis for some of the messages in the second subset of the plurality of messages stored in the first user station.  Therefore, independent claims additionally fail to comply with the enablement requirement under 35 U.S.C. 112(a). 
(d)	Applicant submits:
	“Thus, the specification provides written description support for the feature of “the processor processing the memory by sequentially analyzing those of the messages that have been stored in the memory without being deleted prior to the analysis of the respective messages to detect an information attack with respect to the respective analyzed messages, such that the analysis (1) is performed for none of the second subset of the messages and (2) is performed for one or more of the first subset of the plurality of messages only after the transmission of the one or more of the first subset of the plurality of messages.”” (see page 13, 1st par, emphasis added)
	Examiner maintains: 
As an initial matter, the specification does not disclose a first subset of the plurality of messages, and a second subset of the plurality of messages. Therefore, independent claims fail to comply with the written description requirement under 35 U.S.C. 112(a) (see (a) above). 
The limitation “such that the analysis (1) is performed for none of the second subset of the messages” appears to be not right (see (c) above).
The specification does not disclose sequentially analyzing messages. Memory buffer disclosed in the specification is a temporary storage area in the main memory (RAM) that stores data. However, having a memory buffer does not necessarily mean sequentially analyzing messages stored in the memory.  For example, the messages stored in the memory buffer could be processed in parallel. 
(e)	Applicant submits:
	“Thus, the specification provides written description support for the feature of “for each newly received one of one or more of the first subset of the plurality of messages, the storing of the respective message includes: randomly selecting another one of the first subset of the plurality of messages that has previously been stored in the memory; deleting the randomly selected other one of the first subset of the plurality of messages from the memory so that the analysis is not performed for the deleted randomly selected other one of the first subset of the plurality of messages; and storing the newly received one of the first subset of the plurality of messages in the memory.”
	Examiner maintains:
As an initial matter, the specification does not disclose the first subset of the plurality of messages. Therefore, independent claims fail to comply with the written description requirement under 35 U.S.C. 112(a) (see (a) above). 
Claim 1 recites “receiving a plurality of messages … for each message of a first subset of the plurality of messages … for each message of a second subset of the plurality of messages …’.
 Therefore, Claim 1 recites receiving a plurality of messages, wherein the plurality of newly received messages comprise a first subset of the plurality of messages, and a second subset of the plurality of messages.  Therefore, according Claim 1, the first subset of the plurality of messages in Claim 1 refers to the newly received messages.
Claim 1 further recites “randomly selecting another one of the first subset of the plurality of messages that has previously been stored in the memory”. 
Therefore, Claim 1 further recites that there is another (separate and different) “the first subset of the plurality of messages that has previously been stored in the memory”. Therefore, according to Claim 1, “the first subset of plurality of messages” refers to the messages that have previously been stored in the memory.
Therefore, Claim 1 provides two different, and conflict definitions to “the first subset of the plurality of messages”: (i) refers to the newly received message; and (ii) refers to the messages that have been previously stored in the memory.  Therefore, independent claims additionally fail to comply with the enablement requirement under 35 U.S.C. 112(a). 

-103 rejection
(f)	Applicant submits:
	“While Overby is relied upon as generally mentioning an intrusion detection system (IDS), Overby does not disclose a first user station transmitting a message to another user station prior to the first user station performing an IDS message analysis.” (see page 15, 2nd par)
	Examiner maintains:
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
In this case, primary reference Arvidson disclose a first user station transmitting a message to another user station prior to the first user station performing an security message analysis (see  Arvidson, [0024] ‘The processing may either imply transmitting the message from the cache buffer to nearby nodes,’; [0024] ‘executing the contents of the message if the node device is the intended destination node for the message.’; [0008] ‘security checks’; [0009] ‘checked against network security’; [0065] ‘Message Integrity Checks, define the level of security of the system.’)
Overby discloses in [0004] ‘IDPS’, and in Provisional [0023] ‘VIDPS’
Therefore, the combination of reference disclose the limitation. 
(g)	Applicant submits:
	“By contrast, the claims provide that the random selection of the message for its removal from the memory results in the processing performed on the messages of that memory to not be performed on that deleted message. The cited references do not suggest these features.” (see page 16, 1st par)
	Examiner maintains:
	Arvidson disclose “In such a scenario, the controller part 40, i.e. the cache buffer manager 42 determines one or more messages that need to be removed from the cache buffer 41. The messages to be removed are either selected at random or based on a pre-defined criterion.” (see Arvidson, [0070]), and  “reduce unnecessary security checks … of messages at a node device” (see Arvidson, [0008]).
	Therefore, the reference discloses or suggests the limitation.
(h)	Applicant submits:
	“While the Office Action also makes reference to Bennett as referring to a random number and a randomly assigned value, that general disclosure does not suggest modifying Arvidson to use the random selection to never store an obtained message in the memory in the first place.” (see page 16, 2nd par)
	Examiner maintains:
Arvidson disclose “In such a scenario, the controller part 40, i.e. the cache buffer manager 42 determines one or more messages that need to be removed from the cache buffer 41. The messages to be removed are either selected at random or based on a pre-defined criterion.” (see Arvidson, [0070]). Therefore, Arvidson disclose random selection of a message.
	Papa discloses par [0036] “when one of the nodes has identified an ongoing malicious DDOS attack, it may signal other nodes in the region’; [0063] ‘If one of the concentrators is becoming overloaded, it may request help from a neighbor, or may request that an eNodeB use a different concentrator, or may create a direct forwarding path to another concentrator [i.e. not to store an obtained message in the first user station ], in some embodiments. The firewall they provide is thus a distributed firewall.”.  Therefore, Papa disclose transmitting a message to a second user station.
	Thus, the combination of references disclose or suggest the limitation.
(i)	Applicant submits:
	“Par. 63 merely states that if a node is too overloaded to handle a firewall processing, then it can request another node to handle the firewall processing. This does not suggest a random selection by which a message is selected for not being provided in a memory for analysis of the message to detect an information attack.” (see page 16, 3rd par)
	Examiner maintains:
The combination of references disclose or suggest the limitation (see (h) above).


/PEILIANG PAN/Examiner, Art Unit 2492                                                                                                                                                                                                        


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492