DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This office action is in reply to Applicant’s Response dated 07/07/2022. Claims 1, 13 and 17 are amended. Claims 2, 14 and 18 are canceled. Claims 21-22 are new. Claims 1, 3-13, 15-17 and 19-22 remain pending in the application.
	
Response to Arguments
In response to the Applicant’s argument (see page 8) with respect to the objection to claim 17, the objection to claim 17 has been withdrawn in view of the amendments made to claim 17.

In response to the Applicant’s argument (see page 8) with respect to the rejection under 35 U.S.C. 112(b), the rejection under 35 U.S.C. 112(b) has been withdrawn in view of the amendments made to claims 1, 13 and 17.

The Applicant argues (see pages 8-10) that the independent claims are patent eligible under both prong 1 and prong 2 of the of Step 2A and Step 2B of the eligibility analysis. The Applicant argues that The MPEP gives several examples of claims that "do not recite mental processes because they cannot be practically performed in the human mind." (MPEP §2106(a)(2)(11l)(A)). One example is "a claim to detecting suspicious activity using network monitors and analyzing network packets." (Id.). The independent claims are directed to the same type of subject matter as the above example that has been previously determined to "not recite mental processes". At least the limitations beginning with observing, identifying, analyzing, generating, and comparing, are all related to data packets used to determine a flow direction. The specification is clearly directed to processes similar to "suspicious activity" in the cited example.
In response to the Applicant’s argument, the Examiner respectfully disagrees. The Examiner respectfully submits that nowhere in claims 1, 13 or 17 recites detecting suspicious activity. The claims also fail to recite limitations that explain how the data packets are gathered or observed. As such, the observing and gathering steps are mere data collection steps or insignificant extra solution activities. 
Additionally, since the claims do not specify how the data packets are observed or gathered, the observing and gathering steps encompass observing and gathering techniques that can be performed by a human (e.g. observing data packets on a user interface). Therefore, the observing and gathering steps as well as the identifying, analyzing, creating, generating, comparing and determining steps are steps that can be performed in the human mind.

The Applicant argues (see pages 9-10) that the claims are integrated the idea into a practical application by improving the functioning of a technology. "Monitoring network traffic can give warning of and assist in mitigating potential security threats to the network." (Specification [0013]). The determining "a flow direction of the flow session" improves computing systems by making the system "better identify security threats and reduce the number of false positive threats". (Specification [0014]). Thus, the independent claims are integrated into a practical application as they improve the functioning of flow directions determination technology. The independent claims "overcome a problem specifically arising in the realm of computer networks".
In response to the Applicant’s argument, the Examiner respectfully disagrees. The abstract idea is not integrated into a practical application and there is no improvement to the technology in the claims. This is because the claims do not utilize or apply the results or data obtained in the steps recited in the claims to give warnings or mitigate threats or to improve the technology. Instead, the claims merely recite steps that are mental processes to obtain results or data such as the flow direction. The claims merely require observing and evaluating data, and making a judgement regarding a flow direction based on the evaluation, which is clearly an abstract idea.  Hence, the rejection under 35 U.S.C. 101 is maintained.

Claim Objections
Claims 5-7 and 21 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 3-4, 8-13, 15-17, 19-20 and 22 rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Utilizing the process described in the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG), claims 1, 13 and 17 satisfy the Step 1 because the claims are a process, machine and article of manufacture respectively.
In Step 2A prong 1, the claim 1 recites “identifying, from the plurality of data packets, a flow session…gathering, from the plurality of data packets…analyzing a set of…creating a list…generating a confidence score…comparing the source port and the destination port…determining, based on the plurality of data packets, a flow direction…”, which, under the broadest reasonable interpretation, are steps that are performed in the human mind. For example, a human observes collected data packet information and from the information, identifies a flow session and metadata. A human can also analyze collected information, create or form a list of ports in the mind, comparing information and make a judgement regarding the flow direction based on the analysis or comparison. The steps in the claim merely involve the observation of flow data, evaluation of the observed or collected data, and making a judgement based on the evaluation, which are steps that can be performed in the human mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
In Step 2A prong 2, the judicial exception is not integrated into a practical application because processor and computer-readable storage medium are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component. The claims also recite the additional steps of “observing a plurality of data packets as each data packet travels past a connection point” and “storing the flow session in a database”. However, these steps are insignificant extra-solution activities, e.g., mere data gathering or storing data in conjunction with the abstract idea. Adding insignificant extra-solution activities to the judicial exception is not enough to qualify as “significantly more”. The additional elements or steps do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Claims 13 and 17 recite similar limitations and therefore, are directed to the abstract idea recited in claim 1. 
In Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because computer readable storage medium and processor are general purpose computer components, which are well-understood, routine and conventional (see Decasper et al. (U.S. PGPub 2007/0192474) paragraph 0004 where include conventional components such as a processor, a memory (e.g., RAM)… a network interface, such as a conventional modem), performing the steps recited in the claims and are not sufficient to transform a judicial exception into a patentable invention. 
Regarding claims 3-4, 8-12, 15-16, 19-20 and 22, claims 3-4, 8-12, 15-16, 19-20 and 22 recite the additional features “set of previously observed flow sessions…”, “…a number of times a port is a destination compared to a number of times the port is a source…”, “the flow session is marked as state 3…”, “transmission control protocol (TCP)… synchronization (SYN)… acknowledgement (ACK)…”, “updating…” and “the flow session is marked as state 1…” However, these features merely specifies what data are collected, identified, included or used in the analysis (e.g. the data gathered includes “SYN” and “ACK” data, data identified includes TCP, list of common destination ports is included in the set of previously observed flow sessions, etc.) Therefore, these features do not add meaningful limitation to the abstract idea. Regarding the step “the flow session is marked as state…” (claims 8 and 12) and the “updating” step (claim 11), these steps are steps that are performed in the human mind. For example, a human observes data such as a confidence score or metadata and makes a judgement as to what state to assign to the flow session. A human also updates or recalculates confidence scores. Therefore, claims 3-4, 8-12, 15-16, 19-20 and 22 fail to remedy the deficiencies of claims 1, 13 and 17.
The elements recited in claims 3-4, 8-12, 15-16, 19-20 and 22, when considered individually or in an ordered combination, fail to amount to significantly more than the abstract idea. Accordingly, claims 3-4, 8-12, 15-16, 19-20 and 22 are not eligible.
	
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG VANG whose telephone number is (571)270-7023. The examiner can normally be reached Monday - Friday 8:30 AM - 4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NICHOLAS TAYLOR can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG VANG/Primary Examiner, Art Unit 2443