Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  6/23/2022. The instant application has claims 1-4, 6-14, 16-20 pending. The system, method and medium for detecting the user credential in SSLKEYLOGFILE in encrypted communication. There a total of 20 claims.

Revival from Abandonment
The examiner notes that the case has been revived from abandonment via ePetitions Request Form, this office action follows as result of request being granted.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-4, 6-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Specification
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01.

The specification mentions hyperlinks like Par. 0010.
Content of Specification
(a) TITLE OF THE INVENTION: See 37 CFR 1.72(a) and MPEP § 606. The title of the invention should be placed at the top of the first page of the specification unless the title is provided in an application data sheet. The title of the invention should be brief but technically accurate and descriptive, preferably from two to seven words. It may not contain more than 500 characters.
(b) CROSS-REFERENCES TO RELATED APPLICATIONS: See 37 CFR 1.78 and MPEP § 211 et seq.
(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT: See MPEP § 310.
(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT. See 37 CFR 1.71(g).
(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A READ-ONLY OPTICAL DISC OR AS A TEXT FILE VIA THE OFFICE ELECTRONIC FILING SYSTEM: The specification is required to include an incorporation-by-reference of electronic documents that are to become part of the permanent United States Patent and Trademark Office records in the file of a patent application. See 37 CFR 1.77(b)(5) and MPEP § 608.05. See also the Legal Framework for Electronic Filing System posted on the USPTO website (https://www.uspto.gov/sites/default/files/documents/2019LegalFrameworkPES.pdf) and MPEP § 502.05
(f) STATEMENT REGARDING PRIOR DISCLOSURES BY THE INVENTOR OR A JOINT INVENTOR. See 35 U.S.C. 102(b) and 37 CFR 1.77.
(g) BACKGROUND OF THE INVENTION: See MPEP § 608.01(c). The specification should set forth the Background of the Invention in two parts:
(1) Field of the Invention: A statement of the field of art to which the invention pertains. This statement may include a paraphrasing of the applicable U.S. patent classification definitions of the subject matter of the claimed invention. This item may also be titled “Technical Field.”
(2) Description of the Related Art including information disclosed under 37 CFR 1.97 and 37 CFR 1.98: A description of the related art known to the applicant and including, if applicable, references to specific related art and problems involved in the prior art which are solved by the applicant’s invention. This item may also be titled “Background Art.”
(h) BRIEF SUMMARY OF THE INVENTION: See MPEP § 608.01(d). A brief summary or general statement of the invention as set forth in 37 CFR 1.73. The summary is separate and distinct from the abstract and is directed toward the invention rather than the disclosure as a whole. The summary may point out the advantages of the invention or how it solves problems previously existent in the prior art (and preferably indicated in the Background of the Invention). In chemical cases it should point out in general terms the utility of the invention. If possible, the nature and gist of the invention or the inventive concept should be set forth. Objects of the invention should be treated briefly and only to the extent that they contribute to an understanding of the invention.
(i) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S): See MPEP § 608.01(f). A reference to and brief description of the drawing(s) as set forth in 37 CFR 1.74.
(j) DETAILED DESCRIPTION OF THE INVENTION: See MPEP § 608.01(g). A description of the preferred embodiment(s) of the invention as required in 37 CFR 1.71. The description should be as short and specific as is necessary to describe the invention adequately and accurately. Where elements or groups of elements, compounds, and processes, which are conventional and generally widely known in the field of the invention described, and their exact nature or type is not necessary for an understanding and use of the invention by a person skilled in the art, they should not be described in detail. However, where particularly complicated subject matter is involved or where the elements, compounds, or processes may not be commonly or widely known in the field, the specification should refer to another patent or readily available publication which adequately describes the subject matter.
(k) CLAIM OR CLAIMS: See 37 CFR 1.75 and MPEP § 608.01(m). The claim or claims must commence on a separate sheet or electronic page ( 37 CFR 1.52(b)(3) ). Where a claim sets forth a plurality of elements or steps, each element or step of the claim should be separated by a line indentation. There may be plural indentations to further segregate subcombinations or related steps. See 37 CFR 1.75 and MPEP 608.01(i) - (p).
(l) ABSTRACT OF THE DISCLOSURE: See 37 CFR 1.72 (b) and MPEP § 608.01(b). The abstract is a brief narrative of the disclosure as a whole, as concise as the disclosure permits, in a single paragraph preferably not exceeding 150 words, commencing on a separate sheet following the claims. In an international application which has entered the national stage (37 CFR 1.491(b)), the applicant need not submit an abstract commencing on a separate sheet if an abstract was published with the international application under PCT Article 21. The abstract that appears on the cover page of the pamphlet published by the International Bureau (IB) of the World Intellectual Property Organization (WIPO) is the abstract that will be used by the USPTO. See MPEP § 1893.03(e).
(m) SEQUENCE LISTING: See 37 CFR 1.821 - 1.825 and MPEP §§ 2421 - 2431. The requirement for a sequence listing applies to all sequences disclosed in a given application, whether the sequences are claimed or not. See MPEP § 2422.01.

The following guidelines illustrate the preferred layout for the specification of a utility application. These guidelines are suggested for the applicant’s use.
Arrangement of the Specification
As provided in 37 CFR 1.77(b), the specification of a utility application should include the following sections in order. Each of the lettered items should appear in upper case, without underlining or bold type, as a section heading. If no text follows the section heading, the phrase “Not Applicable” should follow the section heading:
(a) TITLE OF THE INVENTION.
(b) CROSS-REFERENCE TO RELATED APPLICATIONS.
(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT.
(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT.
(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A READ-ONLY OPTICAL DISC OR AS A TEXT FILE VIA THE OFFICE ELECTRONIC FILING SYSTEM.
(f) STATEMENT REGARDING PRIOR DISCLOSURES BY THE INVENTOR OR A JOINT INVENTOR.
(g) BACKGROUND OF THE INVENTION.
(1) Field of the Invention.
(2) Description of Related Art including information disclosed under 37 CFR 1.97 and 1.98.
(h) BRIEF SUMMARY OF THE INVENTION.
(i) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S).
(j) DETAILED DESCRIPTION OF THE INVENTION.
(k) CLAIM OR CLAIMS (commencing on a separate sheet).
(l) ABSTRACT OF THE DISCLOSURE (commencing on a separate sheet).
(m) SEQUENCE LISTING. (See MPEP § 2422.03 and 37 CFR 1.821 - 1.825). A “Sequence Listing” is required on paper if the application discloses a nucleotide or amino acid sequence as defined in 37 CFR 1.821(a) and if the required “Sequence Listing” is not submitted as an electronic document either on read-only optical disc or as a text file via the Office electronic filing system.)

--The disclosure does not have an “Brief Summary of Invention” section, the applicant is reminded to add this missing section without invoking new matter rejection under 35 USC 132(a). The specifications is thus far not satisfactory.

--The disclosure titles of section that is not consistent with acceptable titles see sample labels/titles above.

Drawings
The drawings are objected to under 37 CFR 1.83(a).  The drawings must show every feature of the invention specified in the claims.  Therefore, the newly amended claims mentions the identifying the potential obfuscated login credential; applying heuristics to determine an pattern of capital letter, small letter, symbol; and using predetermined threshold must be shown or the feature(s) canceled from the claim(s).  No new matter should be entered. The applicant reminded that adding new matter that was not already present would invoke 35 USC 132(a). The drawings are thus far not satisfactory.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim  10 is  rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, as based on a disclosure which is not enabling.  The disclosure does not enable one of ordinary skill in the art to practice the invention without the scheduler to create scheduled task to periodically send the KLF and the captured network traffic traces, which is/are critical or essential to the practice of the invention but not included in the claim(s). See In re Mayhew, 527 F.2d 1229, 188 USPQ 356 (CCPA 1976). The specifications does not provide details how and who sets the scheduled task, is it done automatically? Or does the user set the times for the scheduled task? This claim is thus far not satisfactory.


The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


The term “periodically” in claim 1-4, 6-20 is a relative term which renders the claim indefinite. The term “periodically” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. The periodically is an broad term it could mean at the end of each session, at the end of day, at the end of month? And who sets the period, administrator or an client? The disclosure does not specifically provide specific time or how that time is determined, the closest mention is a scheduled task being send to  KLF periodically see Spec. Par. 0064-0065. And there is no disclosure how and who sets the period set by the scheduler a mentioned in claim 10. The claims or specification does not provide enough details, thus far it is not satisfactory.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-4, 6-14, 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent 10051001 to Ashley in view of US Patent 2005/0091540 to Dick.

Regarding claim 1, 11,  Ashley discloses A system for information extraction from network traffic traces that are both encrypted and non-encrypted, the system comprising: a client computer configured to set a session key log file environment variable, such that when the client computer launches a supported browser, a session key log file (KLF) is created, capture the computer network traffic traces by retrieving data from encrypted traffic, and periodically transfer the KLF and captured traffic traces to a remote server(Fig. 11 item 1102 & 1104, the credentials are stored at network device) & Col 14 Ln 39-62; and a remote computer performing traffic mining to analyze the captured traffic traces and extract sensitive pieces of information, wherein the performing traffic mining includes analyzing the captured traffic traces and identifying potential login credentials using heuristics, wherein the heuristics include a pattern of capital letter, small letter, digit, and symbol,(Fig. 11 item 1106, the network traffic is analyzed for credentials & Col 6 LN 4-24 & Col 14 Ln 39-62)  and wherein the identifying includes determining whether a parameter for a login credential exceeds a predetermined threshold based on the heuristics(Col 7 Ln 4-41, the match of the password to blacklist or compare against policy for weak password is similar to determining exceeding threshold) .

But Ashley does not disclose the obfuscated login credentials for network traffic.

In the same field of endeavor as the claimed invention, Dick discloses the obfuscated login credentials being identified see Par. 008-0010 & Fig. 5 & Fig. 7.

It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify  Ashley invention to incorporate having an obfuscated login credential for the advantage of  SSL/TLS traffic being analyzed as taught in Dick see Par. 0067 & Par. 0069.


Regarding claim 2, 12, the combined method/system of Ashley  and Dick, Ashley  discloses wherein the session key log file environment is SSLKEYLOGFILE and the session KLF is a Transport Layer Security (TLS) session KLF, wherein the client computer is configured to retrieve data from TLS encrypted traffic as the captured computer network traffic traces and periodically transfer the KLF and the captured traffic traces to the remote server(Fig. 11 item 1104, the credentials being stored & Col 8 Ln 51-61, the credentials stored for credentials enforcement).  

Regarding claim 3, 13, the combined method/system of Ashley  and Dick, Ashley  discloses wherein the performing traffic mining includes analyzing the captured traffic traces and extracting sensitive pieces of information, including sequence visited Universal Resource Locators (URLs), 

Regarding claim 4, 14, the combined method/system of Ashley  and Dick, Ashley  The system of claim 3, wherein the performing traffic mining includes extracting pieces of information including a sequence of visited links by a specific client using a specific browser without the client being idle for more than a predetermined period of time(Col 6 Ln 54-Col 7 Ln 2, the specific website or cloud service require specific protocols being used determine if username and passwords are being communicated)

Regarding claim 6, 16,  , the combined method/system of Ashley  and Dick, Ashley  The system of claim 3, wherein the performing traffic mining includes extracting session cookies from set-cookie headers(Fig. 11 item 1106, the network traffic is monitored includes cookies & Par. 0062, the HTTP traffic includes cookies).  

Regarding claim 7, 17, the combined method/system of Ashley  and Dick, Ashley  discloses wherein the performing traffic mining includes extracting packets with activities from Hypertext Transfer Protocol (HTTP) requests, comments, reactions, posts creation, post modification, and post deletion(Col 10 Ln 54-63, the traffic being initiated being analyzed including DNS requests). 
 
Regarding claim 8, 18,  the combined method/system of Ashley  and Dick, Ashley  discloses wherein the identifying credentials include: detecting a login request by filtering for Post methods, Content-type headers including URL-encoded forms and JSON, and the target URL of the login Col 6 Ln 54-Col 7 Ln 2, the specific website or cloud service require specific protocols being used determine if username and passwords are being communicated); extracting parameters, including username and password parameters, by searching for parameter names that match keywords Col 6 Ln 54-Col 7 Ln 2, the specific website or cloud service require specific protocols being used determine if username and passwords are being communicated); if the parameter name does not match a keyword, the parameter name will be passed to a heuristic engine to determine how related the parameter is to the respective credential 3Application No. 15/981,431 Reply to Office Action of April 7, 2020 (username or password) and decide whether the parameter is a username, password, or should be ignored Col 6 Ln 54-Col 7 Ln 2, the specific website or cloud service require specific protocols being used determine if username and passwords are being communicated).  

Regarding claim 9, 19,  the combined method/system of Ashley  and Dick, Ashley  discloses wherein the client computer obtains a session key based on user-level privileges(Par. 0063, the encrypted traffic is decrypted using trusted-man-in-middle techniques using self-singed certificate & Par. 0074, the firewall fingerprint is captured with session key).  

Regarding claim 10. , 20,  the combined method/system of Ashley  and Dick, Ashley  discloses wherein the client computer includes: an infection vector configured to handle the environment variable and close supported browsers(Fig. 12 item 1202, 1204, the collecting of credentials); a scheduler configured to create a scheduled task to periodically send the KLF and the captured network traffic traces(Fig. 12 item 1206, the storage at  the network device based periodic schedule & Col 14 Ln 39-62); a transmitter configured to transmit the KLF and the captured traffic traces to the remote server(Fig. 12 item 1206, send the network traffic) ; and a sniffer configured to sniff the client's network traffic(Fig. 10 item 1004, the monitor of network traffic).

	Conclusion	

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

US Patent Pub 2018/0309795 to Ithal which discloses the conformance of HTTP and HTTPS traffic.

Digital Forensics For Eucalyptus to Zafurullah, which discloses the logs being analyzed for digital forsenics.

Development of Host Based Intrusion Detection System for Log Files  to Ali, which discloses the logs being used for intrusion detection.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool, i.e. Microsoft Teams. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at https://www.uspto.gov/interviewpractice.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- . If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.go