Remarks
Claims 1, 3, and 5-7 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/1/2022 has been entered.
 
Response to Arguments
Applicant's arguments filed 6/1/2022 have been fully considered but they are not persuasive.
Applicant cites the final limitation of claim 1, a portion of the rejection thereof, 1 paragraph of Nakae, and alleges “Neither such a description nor any other part of Nakae teaches or suggests identifying, as a variable to be converted in the request, a variable for which a degree of value change at every access or communication to the server is equal to or higher than a predetermined nonzero threshold from among the extracted variables.”  Nakae is not cited as disclosing the entirety of this limitation.  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  
Nakae discloses extracting variables included in the request from a past access log or a communication packet to the server, identifying a variable for which a degree of value change at every access or communication to the server is equal to or higher than a predetermined nonzero threshold from among the extracted variables, and setting the identified variable as the conversion information in Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 202-209, 219, 237-242, 329,  527-534, and associated figures in Nakae’s disclosure of using historical data from previous communications, confidence goes up with good communications, for example.  It is noted that, based on the degree of change being “equal to or higher than a predetermined nonzero threshold”, this threshold may be the smallest possible value, smaller than any possible change, or may even been seen as the value 1, as another example, where any change results in the binary value of 1.  
Applicant then alleges “Terry would not have cured that deficiency of Nakae.  The Office Action alleges,” copies in a previous argument, and alleges “That argument does not apply to a claim recitation of a nonzero threshold.”  To the contrary, as noted above, based on Applicant’s use of the phrase “equal to or higher than a predetermined nonzero threshold”, this nonzero threshold may be any value that is slightly above zero or even below zero.  Clearly, any change has a change ratio greater than or equal to -1.  

Information Disclosure Statement
The information disclosure statement filed 6/3/2022 fails to comply with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because of the reasons set forth below.  It has been placed in the application file, but the information referred to therein has not been considered as to the merits.  Applicant is advised that the date of any re-submission of any item of information contained in this information disclosure statement or the submission of any missing element(s) will be the date of submission for purposes of determining compliance with the requirements based on the time of filing the statement, including all certification requirements for statements under 37 CFR 1.97(e).  See MPEP § 609.05(a).
The information disclosure statement filed 6/3/2022 fails to comply with 37 CFR 1.97(c) because it lacks the fee set forth in 37 CFR 1.17(p).  It has been placed in the application file, but the information referred to therein has not been considered.  
The Examiner notes that Applicant filed this IDS in response to the IDS objection in the non-final office action dated 11/10/2021.  It is not appropriate to wait until after an RCE is filed to file an IDS in response to a non-final office action’s objection to a previous IDS.  
Additional issues are present, such as Applicant having crossed out multiple NPL citations and providing incorrect information on these crossed out citations, such as retrieval dates (e.g., NPL 7), authors (e.g., NPL 6), and page numbers (e.g., NPL 5).  
Applicant is required, in direct response to this office action, to file an IDS with all correct information that corrects the previously noted objections, noted in the original non-final office action dated 11/10/2021 as well as those noted above.  Failure to do so may result in a notice that the next response is non-responsive to the instant office action.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, and 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Nakae (U.S. Patent Application Publication 2004/0172557) in view of Terry (U.S. Patent Application Publication 2017/0201543).
Regarding Claim 1,
Nakae discloses a request control device comprising:
A memory (Exemplary Citations: for example, Abstract, Paragraphs 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, and associated figures; memory on which data, programs, and such are stored, for example.  This is seen in many additional areas, such as figure 31, as one example); and
A processor coupled to the memory and programmed to execute a process comprising (Exemplary Citations: for example, Abstract, Paragraphs 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, and associated figures; processor of any kind, for example.  This is seen in many additional areas, such as figure 31, as one example);
Receiving a request issued from a terminal device to a server, causing a sandbox in which an environment of the server is reproduced to execute the received request, determining whether an execution result of the request in the sandbox indicates detection of an attack, transferring the request to the server in response to a determination that the execution result in the sandbox does not indicate detection of an attack, and not transferring the request to the server in response to a determination that the execution result of the request indicates detection of an attack (Exemplary Citations: for example, Abstract, Paragraphs 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, and associated figures; receive request, send to decoy, transmit if good, and drop if bad, for example);
Storing in a memory, for each of variables included in the request, information indicating a value of the variable, the value of the variable being processible in an application in the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, 527-534, and associated figures; variables, such as addresses, ports, or the like, as examples);
Receiving a request issued from the terminal device and, sending a variable in the request into the value of the variable that is processible in the application in the sandbox, and transferring the request to the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, 527-534, and associated figures); and
Extracting variables included in the request from a past access log or a communication packet to the server, identifying a variable for which a degree of value change at every access or communication to the server is equal to or higher than a predetermined nonzero threshold from among the extracted variables, and setting the identified variable as the conversion information (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 202-209, 219, 237-242, 329,  527-534, and associated figures; using historical data from previous communications, confidence goes up with good communications, for example);
But does not explicitly disclose converting the variable.  
Terry, however, discloses storing in a memory, for each of variables included in the request, conversion information indicating a value of the variable, the value of the variable being processible in an application in the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-84, 87, and associated figures; conversion information, such as benign conversions, hexadecimal, etc., for example);
Receiving a request issued from the terminal device and, converting a variable in the request into the value of the variable that is processible in the application in the sandbox, and transferring the request to the sandbox (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-84, 87, and associated figures; converting to benign format, hexadecimal, etc., for example); and
Extracting variables included in the request from a past access log or a communication packet to the server, identifying, as a variable to be converted in the request, a variable for which a degree of value change at every access or communication to the server is equal to or higher than a predetermined nonzero threshold from among the extracted variables, and setting the identified variable as the conversion information (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-84, 87, and associated figures; frequencies based on previous communications, going up as more malicious traffic is sent, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the malicious activity detection techniques of Terry into the attack defending system of Nakae in order to allow the system to detect additional forms of malicious activity, to prioritize which communications to drop, to allow for further analysis, to provide benign formats of data for analysis so that attacks are less likely, and/or to increase security in the system.  
Regarding Claim 6,
Claim 6 is a method claim that corresponds to device claim 1 and is rejected for the same reasons.  
Regarding Claim 7,
Claim 7 is a medium claim that corresponds to device claim 1 and is rejected for the same reasons.  
Regarding Claim 3,
Nakae as modified by Terry discloses the device of claim 1, in addition, Nakae discloses that a variable to be converted among the variables included in the request is at least one of a session ID, a nonce, a user ID, a password, and a content ID of dynamic content that are included in the request (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 219, 237-242, 329,  527-534, and associated figures; at least user ID is found in IP address, for example); and
Terry discloses that a variable to be converted among the variables included in the request is at least one of a session ID, a nonce, a user ID, a password, and a content ID of dynamic content that are included in the request (Exemplary Citations: for example, Abstract, Paragraphs 42-50, 56, 62-64, 66, 68, 70-84, 87, and associated figures; all data can be converted to hexadecimal, for example).  
Regarding Claim 5,
Nakae discloses that the processor is further programmed to execute:
Obtaining identification information on the request by using at least one of an IP address of the request, a port number, a reception time, and a hash value of the request, and storing, in a memory, inspected request information in which the identification information on the request and an execution result of the request in the sandbox are associated with each other (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 202-209, 219, 237-242, 329,  527-534, and associated figures; creating new rules based on the above information, for example); and
When receiving a request from the terminal device, obtaining the identification information on the received request from the inspected request information, causing the sandbox to execute the received request if a request corresponding to the identification information has not been inspected, and transferring the received request to the server if a request corresponding to the identification information has been inspected and an inspection result of the request does not indicate detection of an attack in the inspected request information (Exemplary Citations: for example, Abstract, Paragraphs 7, 104, 108, 109, 111-116, 120-139, 145-164, 193-195, 202-209, 219, 237-242, 329,  527-534, and associated figures; allowing traffic if a rule says to, and sending traffic to the decoy unit if no rule is set, for example).  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432