Notice of Pre-AIA  or AIA  Status
Claims 1-20 remain for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 7/21/22 have been fully considered but they are not persuasive. Applicant argues:
The Examiner states that “Purusothaman and Agarwal are silent regarding configuring the administrative settings of the WAF cluster including IP addresses to be blocked. However, Huawei discloses a known prior art WAF product comprising inter alia the ability for an administrator to manually configure a blacklist of IP addresses for the WAF to block traffic from (pages 39-40, "5.4 Configuring Blacklist and Whitelist Rules").” See Office Action page 4.

Huawei may provide for “an administrator to manually configure a blacklist of IP addresses for the WAF.” This manual act performed by an administrator and merely adds IP addresses to a blacklist which blocks traffic from such IP addresses; however, Huawei fails to teach or suggest “configuring an infrastructure that includes administrative settings ...[that] includes IP addresses to be blocked” as recited by claims 1, 8, and 15.

Examiner disagrees.  First, a person of ordinary skill in the art would recognize that a web application firewall (and firewalls in general) are understood to be network infrastructure under the broadest reasonable interpretation of the term.  The primary Purusothaman reference even alludes to this by disclosing that one of the problems solved by that invention is “the need in enterprise IT infrastructure for vendor agnostic way of managing configuration (view, add, modify, delete objects and migrate configurations), multi firewall and Multiple devices from L2-L7 across security management platforms and L1-L7 capable security devices with granular and smart search capability to retrieve information and automate tasks using application perspective, there by simplifying the operations by time and effort, with logs and secured with role-based access restrictions that all providing an application perspective for management” (Purusothaman, paragraph 0060).  Thus, the ability to configure a web application firewall is necessarily “configuring an infrastructure...” as per the claims.  Second, the fact that the Huawei reference teaches manually configuring the blacklist by adding IP addresses to be blocked does not change the fact that it is a computer-implemented method that uses computer code to present a user interface to allow a human operator to make the desired changes, and additionally comprises further computer code to implement the commands given to it by the human operator.  There is no requirement in the claims that the invention be fully automated with no human intervention allowed.  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).


Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-3, 5-10, 12-17, 19, & 20 are rejected under 35 U.S.C. 103 as being unpatentable over Purusothaman (U.S. Patent Publication 2019/0364072) in view of Agarwal (U.S. Patent Publication 2017/0180322) in view of “Web Application Firewall User Guide” (hereinafter, “Huawei”).


Regarding claims 1, 8, & 15:
Purusothaman discloses a computer-implementable method, system, and non-transitory computer readable storage medium for management of a distributed web application firewall (WAF) cluster comprising: configuring an infrastructure of the WAF cluster that includes one or more WAFs, for one or more protected applications (general overview of the invention as an all-purpose configuration tool at e.g. paragraph 0060; specific use cases for configuring one or more WAFs beginning at paragraph 0061 et al.) wherein the configuring includes a ruleset for the WAF cluster directed to one or more security rules (e.g. paragraphs 0005, 0015, 0022, & 0061-0064); validating the configured infrastructure of the WAF cluster (paragraphs 0021 & 0097); and implementing the validated WAF cluster as a route service for the one or more applications (e.g. paragraphs 0062-0063). Further regarding claim 8, Purusothaman additionally discloses a processor, data bus, and memory (paragraphs 0104-0106).
Given that the primary focus of the Purusothaman invention is directed toward configuring the WAF ruleset, Purusothaman says little regarding the actual function of the “one or more security rules” that one can configure within the WAF.  However, Agarwal explicitly teaches in the disclosure of a related invention for configuring WAFs that the ruleset of a WAF can be directed toward the access of requestors to the protected applications, and that the WAF validates requests to the protected applications based on the ruleset (Agarwal, paragraph 0013).  It would have been immediately obvious prior to the filing date of the instant application for the one or more security rules in Purusothaman’s WAF to validate requests to protected resources, including but not limited to the advantage that such security rules can be used to block harmful requests such as SQL injections, session hijackings, buffer overflow attacks, etc. (Agarwal, Ibid).
	Purusothaman and Agarwal are silent regarding configuring the administrative settings of the WAF cluster including IP addresses to be blocked.  However, Huawei discloses a known prior art WAF product comprising inter alia the ability for an administrator to manually configure a blacklist of IP addresses for the WAF to block traffic from (pages 39-40, “5.4 Configuring Blacklist and Whitelist Rules”).  It would have been immediately obvious prior to the effective filing date of the instant invention for one to use a known WAF product that allows one to configure IP address blacklists as the basis for the modified WAF disclosed by Purusothaman and/or Agrawal, as this was clearly a known option within the grasp of a person of ordinary skill in the art.  If using a Huawei WAF would lead to success, it would be the result not of innovation but of ordinary skill and common sense.

Regarding claims 2, 9, & 16:	The combination further discloses wherein the configuring is performed by provisioning, binding, updating, and/or deleting the infrastructure of the WAF cluster (Purusothaman: e.g. paragraphs 0062-0063). 

Regarding claims 3, 10, & 17:	The combination further discloses wherein the configuring is performed at a software deployment platform (Purusothaman: paragraph 0012). 

Regarding claims 5, 12, & 19:	The combination further discloses wherein the configuring is through a WAF management user interface accessible by a user of the WAF cluster and a security administrator (Purusothaman: paragraphs 0061 [particularly the last sentence] and 0062; see also Figures 3-30C for illustrations of the user interface). 
Regarding claims 6 and 13:
	The combination further discloses wherein WAF management user interface provides for alerts as to suspicious addresses of requestors to the protected applications (Huawei, pages 16-18, “3.2 Viewing an Audit Trace”; and pages 59-64, “7.2 Viewing Event Logs”, “7.3 Enabling Alarm Notification”, & “7.4 Handling Misreported Alarms”).

Regarding claims 7, 14, & 20:	The combination further discloses connecting to a logging system that tracks WAF logs (Purusothaman: the firewall device log module of Figure 5 & paragraph 0069; Huawei: Ibid). 

Claims 4, 11, & 18 are rejected under 35 U.S.C. 103 as being unpatentable over Purusothaman in view of Agarwal in view of Huawei as applied to claims 1, 8, & 15 above, and further in view of Lewis (U.S. Patent Publication 2020/0036615).

Regarding claims 4, 11, & 18:	Purusothaman, Huawei, and Agarwal are silent regarding wherein the WAF cluster resides in a container orchestration tool.  However, Lewis discloses a related invention for implementing WAFs (e.g. Lewis, Abstract) comprising this limitation (Lewis, paragraph 0015).  It would have been obvious prior to the effective filing date of the instant application for the WAFs of Purusothaman’s invention to reside in a container orchestration tool as disclosed by Lewis, as doing so allows one to inter alia better manage load balancing and decrease the overall latency of the application during times of heavy workload (Lewis, Ibid).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        9/20/2022




/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436