Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on July 21, 2022 has been entered.
 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-2, 4-8, 10 and 14-18 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2, 4-9, 12-14 and 18 of co-pending Application No. 16/664685 in view of Hadden (US 2016/0072836). 
Instant Application #16/664684
Co-pending Application #16/664685
1. (Currently Amended) A method, comprising:
receiving data from nodes of a private network at an external service that is external to the private network,
 wherein the received data 

includes information defining communication sessions but not packet payload information,
 wherein the nodes of the private network comprise edge nodes of the private network 


that collectively form a border of the private network, and wherein the external service is configured to automatically adjust sampling rates of data received from the nodes of the private network via communication with the nodes of the private network or through an associated application programming interface;

analyzing the received data at the external service; and




automatically generating an output from the external service in response to 
analyzing the data that is communicated to at least one or more nodes of the private network and

that facilitates modifying routing by the at least one or more nodes of the private network.


2. (Original) The method of claim 1, wherein the data comprises a data stream.

4. (Original) The method of claim 1, wherein the data comprises flow data.

5. (Original) The method of claim 1, wherein the data comprises log data.

6. (Currently Amended) The method of claim 1, wherein the nodes of the private network comprise edge or border nodes of the private network comprise routers, switches, or both.

7. (Currently Amended) The method of claim 1, wherein edge nodes of the private network comprise one or more of routers, switches, and virtual private cloud services.

8. (Previously Presented) The method of claim 1, wherein the external service provides network and security operations for the private network.

10. (Previously Presented) The method of claim 1, wherein the external service facilitates defending the private network from threats and attacks. Application Serial No. 





14. (Previously Presented) The method of claim 1, wherein the output is generated by a rules engine of the external service that is configured to map a detected event to an action.

15.  (Original) The method of claim 1, wherein the output comprises a routing filter or block list.

16. (Original) The method of claim 1, wherein the output is communicated to the at least one or more nodes of the private network via Border Gateway Protocol (BGP) or FlowSpec.

17. (Previously Presented) The method of claim 1, wherein the output is communicated to the at least one or more nodes of the private network via an application programming interface (API) associated with the external service.

18. (Previously Presented) The method of claim 1, further comprising providing a portal to the external service that is accessible to an operator of the private network.
1. (Currently Amended) A method, comprising:
receiving data from nodes of a private network at an external service that is external to the private network, 
wherein the data comprises 
sampled packet data that includes information defining communication sessions but not packet payload information, 
wherein the nodes of the private network comprise edge nodes of the private network including physical devices and virtual services 
that collectively form a border of the private network, and wherein the external service is configured to automatically adjust sampling rates of data received from the nodes of the private network via communication with the nodes of the private network or through an associated application programming interface;

analyzing the received data at the external service;

detecting from analyzing the data a security event in the private network; and

automatically generating an output from the external service in response to 

detecting the security event 


that facilitates remediating the security event at least at one or more of the nodes of the private network.


2. (Original) The method of claim 1, wherein the data comprises a data stream.

4. (Original) The method of claim 1, wherein the data comprises flow data.

5. (Original) The method of claim 1, wherein the data comprises log data.

6. (Currently Amended) The method of claim 1, wherein the nodes of the private network comprise edge or border nodes of the private network comprise routers, switches, or both.

7. (Currently Amended) The method of claim 1, wherein edge nodes of the private network comprise one or more of routers, switches, and virtual private cloud services. 

8. (Currently Amended) The method of claim 1, wherein the external service provides security operations for the private network.


9. (Currently Amended) The method of claim 1, wherein the external service facilitates defending the private network from threats and attacks.






12.  (Currently Amended) The method of claim 1, wherein the output is generated by a rules engine of the external service that is configured to map the detected security event to an action.

13. (Original) The method of claim 1, wherein the output comprises a routing filter or block list.

14. (Original) The method of claim 1, wherein the output is communicated to the at least one or more nodes of the private network via Border Gateway Protocol (BGP) or FlowSpec.

15.  (Currently Amended) The method of claim 1, wherein the output is communicated to the at least one or more nodes of the private network via an application programming interface (API) associated with the external service.

18. (Currently Amended) The method of claim 1, further comprising providing a portal to the external service that is accessible to an operator of the private network.




As per claim 1 of the instant application, claim 1 of the co-pending application is similar to the instant application, however, fails to teach,  analyzing the data that is communicated to at least one or more nodes of the private network and modifying routing by the at least one or more nodes of the private network.  The teachings of Hadden discloses analyzing the data that is communicated to at least one or more nodes of the private network and modifying routing by the at least one or more nodes of the private network. ([0061]; According to step 430, using the config API 39 of the configuration server 63, the IM 102 instructs reconfiguration of network devices within the client's enterprise network 131, e.g., send a message over the network cloud 26 to the configuration server 63 via the firewall 36, where the message includes instructions to block the bad IP addresses on the router 34 of the enterprise network 131; The config API 39 receives the message and forwards the message to the router 34 for execution on the router 34 in step 432. Fig. 5; items 430, 432)
It would have been obvious for the co-pending to be modified so that the analyzing of security events analyzed the data that is communicated to at least one or more nodes of the private network and the remediation process to modify routing by the at least one or more nodes of the private network as taught by the instant application.
This would have been beneficial because to protect proprietary data and confidential client records and avoid disruptions to business operations.  (Hadden, [0003])
As shown above, these claims of the co-pending application 16/664685 are obvious variants and are not patentably distinct. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4, 6-7, 10-15, 17 and 19-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hadden et al. – hereinafter Hadden (US 2016/0072836) in view of Scherman et al. – hereinafter Scherman (US 10,581,915) / Tagore (US 9,246,828) 

As per claim 1, Hadden discloses a method, comprising: 
receiving data from nodes of a private network at an external service that is external to the private network; ([0032]; The network cloud 26 can be a private network; [0053]; In step 406, a data security incident is detected, e.g., a data networking device such as a router 34 or firewall 36 in ACME Company's corporate network 70 detects data associated with a significant increase in download activity for a specific file, and sends data associated with the incident in messages to the ACME IM 102-1. Fig. 4: item 406)
analyzing the received data at the external service: and  ([0056] In step 412, the ACME IM 102 detects creation of the incident object 121 and optionally creation of IAs 120 associated with the incident, and parses their contents to identify any included data resources (e.g. IP addresses and the md5 hash for the downloaded file) within the incident object 121, and creates IAs 120 for the data resources identified within the incident object 121… Then, in step 414, the ACME IM 102-1 issues queries to first level TIS(s) 20 configured in the TIS configuration repository 128, to determine whether the IAs 120 (e.g. md5 hash for downloaded file and/or IP addresses of downloaded packets) for the incident object 121 are identified as known threats. Fig. 4: items 412, 414)
automatically generating an output from the external service in response to analyzing the data that is communicated to at least one or more nodes of the private network and that facilitates modifying routing by the at least one or more nodes of the private network. ([0061]; According to step 430, using the config API 39 of the configuration server 63, the IM 102 instructs reconfiguration of network devices within the client's enterprise network 131, e.g., send a message over the network cloud 26 to the configuration server 63 via the firewall 36, where the message includes instructions to block the bad IP addresses on the router 34 of the enterprise network 131; The config API 39 receives the message and forwards the message to the router 34 for execution on the router 34 in step 432. Fig. 5; items 430, 432)
Hadden fails to disclose wherein the received data includes information defining communication session but not packet payload information. Scherman discloses wherein data includes information defining communication session but not packet payload information. (Col 2 lines 27-39;  Data related to IP flows are collected from one or more logs from active servers and honeypots in a cloud environment to develop attack models. The attack models are created in various aspects according to a reinforcement learning model, and are trained against IP flows known to have been malicious access attempts and IP flows that are believed to be benign; Col 2 lines 40-49; network administrator can detect malicious network traffic directed to computer devices in the administered network without requiring access to those devices or their logs.)

It would have been obvious for the teachings of Hadden to be modified before the effective filing date so that the incident data that is sent to the ACME only contains the IP flow session data and not the data in the payload which relate to the device or log data as taught by Scherman.  It would have been beneficial to transmit only the IP flow data to the ACME to improve the security of the network while preserving the privacy of its legitimate users. (Col 2 lines 40-49)
The combined teachings of Hadden / Scherman fail to disclose wherein the external service is configured to automatically adjust sampling rates of data received from the nodes of the private network via communication with the nodes of the private network or through an associated application programming interface;
Tagore teaches wherein the external service is configured to automatically adjust sampling rates of data received from the nodes of the network via communication with the nodes of the network or through an associated application programming interface. ( Col 2 lines 5-17; the method further comprises processing, with a flow controller within the service card of the network device, the subset of the inbound packets to generate flow records. In response to a change in the current packet rate at which the inbound packets are received at the interface, the flow controller adjusts the current sampling rate at which the forwarding circuit samples the inbound packets received at the interface. Col 2 lines 37-46; system 10 having a number of network elements (“E” in FIG. 1) 14A-14E, hereafter network elements 14. As shown in FIG. 1, each network element 14 generates traffic flow records and transmits the traffic flow records to flow collector 16. Network elements 14 may comprise dedicated computers, specialized devices, or virtual machines providing network services, such as network routers, gateways, switches, firewalls, hubs, servers, VPN appliances or other network devices that forward or otherwise provide services to traffic flows.; Col 2 lines 47-58; Network 6 may represent any type of packet-switched network, such as a service provider network, a customer network, an access network, a local area network (LAN))

It would have been obvious before the effective filing date of the invention for the combined teachings of  Hadden / Scherman to be modified so that the ACME IM adjust the sampling rates by configuring the edge nodes by adjusting the sampling rate of the edge nodes, such as routers, gateways firewalls, and switches, in the private company ACME Company's corporate as taught by Tagore.  This would have been beneficial to improve the efficiencies and reduce the  resources usages of the nodes in the private network.  

As per claim 4, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the data comprises flow data. ([0053];ACME Company's corporate network 70 detects data associated with a significant increase in download activity for a specific file, and sends data associated with the incident in messages to the ACME IM 102-1.)
As per claim 6, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the nodes of the private network comprise edge or border nodes of the private network. ([0032]; The enterprise network 131 of each organization includes a number of devices. These include computing devices, database systems, and data networking devices such as routers 34 firewalls 36 and configuration servers 63, in examples)

As per claim 7, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the nodes of the private network comprise one or more of routers, switches, and cloud services. ([0032]; The enterprise network 131 of each organization includes a number of devices. These include computing devices, database systems, and data networking devices such as routers 34 firewalls 36 and configuration servers 63, in examples)

As per claim 10, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the external service facilitates defending the private network from threats and attacks.  ([0055], [0061]-[0062]; Fig. 4: items 414, 416; Fig. 5: items 428, 430, 432, 434)

As per claim 11, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses further comprising tagging the data at the external service. ([0045]; The IM 102 parses the incident object 121, identifies IP address 1.1.1.1 as a data resource, and creates an IA 120 for the identified IP address data resource (e.g. 1.1.1.1) and saves the IA 120 to the incident database 122.)

As per claim 12, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses further comprising storing the data at the external service. ([0045]; The IM 102 parses the incident object 121, identifies IP address 1.1.1.1 as a data resource, and creates an IA 120 for the identified IP address data resource (e.g. 1.1.1.1) and saves the IA 120 to the incident database 122.)

As per claim 13, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein analyzing the received data at the external service comprises detecting a network performance or security event. ([0056]; Fig. 4: item 414)

As per claim 14, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the output is generated by a rules engine of the external service that is configured to map a detected event to an action. ([0057]; step 418, the IM 102 indicates this condition to the users of the IM 102 and optionally executes rules 180 in the rules engine 178 associated with the known threats to provide an incident response to the data security incident.)

As per claim 15, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the output comprises a routing filter or block list. ([0061]; According to step 430, using the config API 39 of the configuration server 63, the IM 102 instructs reconfiguration of network devices within the client's enterprise network 131, e.g., send a message over the network cloud 26 to the configuration server 63 via the firewall 36, where the message includes instructions to block the bad IP addresses on the router 34 of the enterprise network 131.)

As per claim 17, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the output is communicated to the at least one or more nodes of the private network via an application programming interface (API) associated with the external service. ([0061]; According to step 430, using the config API 39 of the configuration server 63, the IM 102 instructs reconfiguration of network devices within the client's enterprise network 131, e.g., send a message over the network cloud 26 to the configuration server 63 via the firewall 36, where the message includes instructions to block the bad IP addresses on the router 34 of the enterprise network 131.)

As per cams 19-20, please see the discussion under claim 1 as similar logic applies.

Claims 2 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Hadden (US 2016/0072836) / Scherman  (US 10,581,915) / Tagore (US 9,246,828)  further in view of Doron et al. – hereinafter Doron (US 2019/0182291) – provisional 62/597215.

As per claim 2, Hadden / Scherman / Tagore disclose the method of claim 1.  The combined teachings of Hadden / Scherman /Shi fail to disclose wherein the data comprises a data stream.  Doron discloses wherein the data comprises a data stream. (Provisional: 62/597215;  [0039] The data may be collected as data streams, as pooled sets of data, as bulk or batch data, or a combination thereof)
It would have been obvious for the teachings of Hadden / Scherman / Tagore to be modified before the effective filing date of the invention so that the IP flow session data that is sent to the ACME is sent a data stream as taught by Doron.  The motivation would have been to allow for uniform processing of comparable data from different sources. (Doron, provisional 62/597215; [0039])

As per claim 5, Hadden / Scherman / Tagore discloses the method of claim 1.  The combined teaching of Hadden / Scherman / Shi fail to disclose wherein the data comprises log data. Doron discloses wherein the data comprises log data. (provisional 62/597215; [0056] Batch processing includes processing high volumes of data including groups of data each collected over a period of time.)
It would have been obvious for the teachings of Hadden / Scherman / Tagore to be modified before the effective filing date of the invention so that the IP flow session data that is sent to the ACME is sent as a batched data which is logged or collected over a period of time as taught by Doron.  The motivation would have been to allow for uniform processing of comparable data from different sources. (Doron, provisional 62/597215; [0039])

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Hadden (US 2016/0072836) / Scherman (US 10,581,915) / Tagore (US 9,246,828) further in view of Stub et al. – hereinafter Strub (US 9,794,272).

As per claim 3, Hadden / Scherman / Tagore disclose the method of claim 1.  The combined teachings of Hadden / Scherman / Tagore fail to disclose wherein the data comprises sampled data. Strub discloses wherein the data comprises sampled data. (Col 2 line 47 – Col 3 line 5; In some embodiments, the method comprises performing the monitoring using a first criteria, and, if the determining step determines that data in the traffic is indicative of a malicious threat, performing the monitoring according to a second criteria, different from the first criteria. The first and second criteria may include first and second rates at which received data traffic is sampled to produce the information, where the second sampling rate is higher than the first sampling rate.)
	It would have been obvious for the teachings of Hadden / Scherman / Tagore to be modified before the effective filing date of the invention so that the IP flow session data that is sent to the ACME as sampled data because this would have allowed the ACME system to make sure that the data traffic is not indicative of a malicious threat and reduce the internal memory and processing cycles at the router to monitor, collect and export the required amount of data at the ISP router to make that determination of the threat. (Strub, Col 2 lines 16-28)

Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Hadden (US 2016/0072836) / Scherman (US 10,581,915) / Tagore (US 9,246,828) further in view of Nat Smith, An overview of Fortinet’s Integrated NOC_SOC Solutions, April 16, 2018, Business and Technology, Pages 1-8. – hereinafter Smith.

As per claim 8, Hadden / Scherman / Tagore disclose the method of claim 1.  Hadden discloses wherein the external service provides security operations for the private network. ([0061]; According to step 430, using the config API 39 of the configuration server 63, the IM 102 instructs reconfiguration of network devices within the client's enterprise network 131, e.g., send a message over the network cloud 26 to the configuration server 63 via the firewall 36, where the message includes instructions to block the bad IP addresses on the router 34 of the enterprise network 131; Fig. 5: item 430)  The combined teachings of Hadden/ Scherman / Tagore fail to disclose providing network operation for the private network.  Hadden fails to disclose providing network operation for the private network.
Smith discloses providing network operation. (Page 3: Fortinet’s new NOC-SOC solution combines the latest capabilities of FortiManager, FortiAnalyzer, and FortiSIEM solutions, coalescing the operational context of the NOC – such as appliance status, network performance, and application availability – with the security insights of the SOC - which identifies and remediates such things as breaches, data exfiltration, and compromised hosts.) 
	It would have been obvious before the effective filing date of the invention for the teachings of Hadden / Scherman / Tagore to be modified so that the security network operation center is integrated in a combined NOC/ SOC as taught by Smith to provide the network operation for the private network.  The motivation would have been to shorten the time necessary to understand and scope the problem and prioritize the right response, mitigate resource constraints, adapt to network changes and automatically respond to events at digital speeds. (Smith, Page 4)

As per claim 9, Hadden / Scherman / Tagore disclose the method of claim 1.  Smith wherein the external service facilitates managing and optimizing the private network. ([0061; According to step 430, using the config API 39 of the configuration server 63, the IM 102 instructs reconfiguration of network devices within the client's enterprise network 131, e.g., send a message over the network cloud 26 to the configuration server 63 via the firewall 36, where the message includes instructions to block the bad IP addresses on the router 34 of the enterprise network 131.)

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Hadden (US 2016/0072836) / Scherman (US 10,581,915) / Tagore (US 9,246,828) further in view of Marck et al. – hereinafter Marck (US 2018/0054458)

As per claim 16, Hadden / Scherman / Tagore disclose the method of claim 1.   The combined teachings of Hadden / Scherman / Tagore fail to disclose wherein the output is communicated to the at least one or more nodes of the private network via Border Gateway Protocol (BGP) or FlowSpec.  Marck discloses wherein the output is communicated to the at least one or more nodes of the private network via Border Gateway Protocol (BGP).  ([0045]; BGP speaker 460 provides network response 356 to routing network 305 to modify the routing operations of the routing network to minimize or eliminate the threat posed by the identified DDoS attack.)
It would have been obvious before the effective filing date of the invention for the teachings of Hadden / Scherman / Tagore to be modified so that the output of the incident management data is communicated via a Border gateway protocol as taught by Marck.  The combination of teachings would have result in the benefits of protecting the private network from malicious traffic.  

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Hadden (US 2016/0072836) / Scherman (US 10,581,915) / Tagore (US 9,246,828) further in view of Phillips (US 2018/0026944).

As per claim 18, Hadden / Scherman /  Tagore disclose the method of claim 1.  The combined teachings of Hadden / Scherman / Tagore fail to disclose further comprising Phillips discloses providing a portal to the external service that is accessible to an operator of the private network. ([0037]; The virtualization layer 210 provides an abstraction layer from which the virtual entities may be provided, including but not limited to: virtual servers 211, virtual storage 212, virtual networks 213 (e.g., including virtual private networks), virtual machines 214, and virtual clients 215.The user portal 223 can provide users and administrators access to the cloud service provider network 102 via an application program interface (API), website, dashboard, etc., provided by the service provider network 102.)
It would have been obvious before the effective filing date of the invention for the teachings of Hadden / Scherman / Tagore to be modified so that the personnel team who accesses the incident management via a browser is presented a portal as taught by Phillips.  The motivation would have yielded benefits of permitting the personnel team to take immediate mitigation actions to further secure the private network.



Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

	Applicants argue, “However, none of Hadden, Scherman, and Shi, either separately or combined, describes an external service for analyzing data received from edge nodes of a private network that collectively form a border of the private network and facilitating modification of routing of at least some edge nodes of the private network and that is configured to automatically adjust sampling rates of data received from the edge nodes of the private network that collectively form the border of the private network via communication with the edge nodes or through an associated application programming interface as described by each of independent claims 1, 19, and 20. Thus, each of independent claims 1, 19, and 20 is believed to be allowable. Claims 2-18 each depend from independent claim 1 and are therefore believed to be allowable for the same reasons as independent claim 1.”
	Examiner points out that Hadden discloses edge nodes such as routers and firewall are edge devices and part of the enterprise network of ACME per [0032] and [0053].  
([0032]; The network cloud 26 can be a private network; [0053]; In step 406, a data security incident is detected, e.g., a data networking device such as a router 34 or firewall 36 in ACME Company's corporate network 70 detects data associated with a significant increase in download activity for a specific file, and sends data associated with the incident in messages to the ACME IM 102-1)
([0061]; According to step 430, using the config API 39 of the configuration server 63, the IM 102 instructs reconfiguration of network devices within the client's enterprise network 131, e.g., send a message over the network cloud 26 to the configuration server 63 via the firewall 36, where the message includes instructions to block the bad IP addresses on the router 34 of the enterprise network 131; The config API 39 receives the message and forwards the message to the router 34 for execution on the router 34 in step 432. Fig. 5; items 430, 432).

With respect to the applicants arguments that the prior art fails to teach, “automatically adjust sampling rates of data received from the edge nodes of the private network that collectively form the border of the private network via communication with the edge nodes or through an associated application programming interface”, examiner points out it is the combination of teachings as applied above that teach the recited limitations as the teachings of Haggan’s ACME IM would utilize the flow controller of Tagore to adjust the sampling rate of data of the edge nodes in the private ACME Company’s network, which include routers, gateways, firewalls, and switches. 

Conclusion
Any inquiry concerning this communication or earlier communications from theexaminer should be directed to Chirag R Patel whose telephone number is (571)272-7966. The examiner can normally be reached on Monday to Friday from 8:00AM to 4:30PM. If attempts to reach the examiner by telephone are unsuccessful, theexaminer's supervisor, Glenton Burgess, can be reached on 571-272-3949. The fax phone number for the organization where this application or proceedingis assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status informationfor published applications may be obtained from either Private PAIR or PublicPAIR. Status information for unpublished applications is available throughPrivate PAIR only. For more information about the PAIR system, seehttp://pairdirect.uspto.gov. Should you have questions on access to the PrivatePAIR system, contact the Electronic Business Center (EBC) at 866-217-9197(toll free). 

/Chirag R Patel/
Primary Examiner, Art Unit 2454