DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Preliminary Amendment
Preliminary amendment dated 06/17/2020 to claims, specification, and drawings has been fully considered and is entered. Claims 1-12 are examined.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f):
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitations use a generic placeholder “unit” that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “a packet collection processing unit”, “a legitimate communication determination processing unit”, “a sequence packet identification processing unit”, and “a sequence establishment determination processing unit” in claim 6.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f), applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f).

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-5 and 8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
As to claim 1, use of the word “system” does not inherently mean that the claim is directed to a machine. Only if at least one of the claimed elements of the system is a physical part of a device can the system as claimed constitute part of a device or a combination of devices to be a machine within the meaning of 35 U.S.C. 101.
In the instant case, the claimed system comprises two elements: a business system and a communication monitoring apparatus. Specification fails to define either one of these elements as necessarily requiring hardware. Therefore, the claims are broad enough to be directed to software code alone performing claimed functions where there is no recitation of corresponding non-transitory storage medium having the program embodied therein.
Claims 2-5 fail to provide any hardware and are rejected for the same reasons.

As to claim 8, use of the word “apparatus” does not inherently mean that the claim is directed to a machine. Only if at least one of the claimed elements of the apparatus is a physical part of a device can the apparatus as claimed constitute part of a device or a combination of devices to be a machine within the meaning of 35 U.S.C. 101. In the instant case, no elements of the apparatus have been claimed that could be construed as hardware.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 7 and 10-12 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
As to claim 7, line 6 recites “the process”. It is unclear which one of the plurality of processes recited in claim 6 “the process” refers to.

As to claim 10, line 3 recites “the process”. It is unclear which one of the plurality of processes recited in claim 9 “the process” refers to.

As to claim 11, in the limitation of “identifying” recitation “a communication packet constituting the business sequence” is ambiguous because it is unclear what it means. In particular, claim 9, from which claim 11 depends, states that a communication packet is used for a business sequence, which is clear. However, it is unclear how a packet constitute the business sequence. It is also unclear whether this “a communication packet” is the same packet as recited in claim 9. Claims are examined as best understood.
Dependent claims are rejected for the same reasons as incorporating all the limitations from the claim(s) they depend from.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6 and 8-11 are rejected under 35 U.S.C. 103 as being unpatentable over Higashikado et al. (US 2006/0064598 A1) in view of Kim et al. (US 2017/0257386 A1).
As to claim 1, Higashikado teaches a communication monitoring system (Fig. 1, abstract), comprising: 
a business system that performs communication between a transmission source device and a transmission destination device according to a business sequence (Figs, 1, 8; par. [0045]), and executes a plurality of processes constituting a business defined by the business sequence (par. [0058]); and 
a communication monitoring apparatus that monitors a communication packet used for the communication of the business system (par. [0045], [0061], Fig. 11), 
wherein the communication monitoring apparatus determines whether or not the plurality of processes is executed according to the business sequence (par. [0050]-]0052]).
While Higashikado teaches that log information includes transmission source information and transmission destination information (par. [0049], claim 8), Higashikado does not explicitly state how this information is utilized.
Kim is directed to detecting a denial of service attack (abstract). In particular, Kim teaches determining whether or not there has been a disruption in a normal communication between a source and destination based on transmission source information and transmission destination information included in the communication packet (par. [0018], Fig. 3).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed inventio to modify the method and system of Higashikado by having the communication monitoring apparatus determines whether or not the plurality of processes is executed according to the business sequence based on transmission source information and transmission destination information included in the communication packet in order to determine whether source or destination has been compromised (par. [0011] in Kim).

	As to claim 2, Higashikado teaches that the transmission source information is an IP address of the transmission source device, and the transmission destination information is an IP address of the transmission destination device or a transmission destination port number (par. [0009]).

	As to claim 3, Higashikado teaches that the communication monitoring apparatus determines that the business sequence is not established when the process is not executed according to an order defined by the business sequence, and determines that an abuse using a legitimate communication between the transmission source device and the transmission destination device occurs when the business sequence is not established (par. [0050]-[0052], Fig. 2).

	As to claim 4, Higashikado teaches that, when the business sequence is executed, the communication monitoring apparatus determines that the legitimate communication is abused in a case where the process constituting the business defined by the business sequence is omitted or duplicated (par. [0053]-[0054], [0058]-[0060]).

	As to claim 5, Higashikado in view of Kim teaches that the communication monitoring apparatus determines that an abuse using a legitimate communication between the transmission source device and the transmission destination device occurs when the plurality of processes constituting the business defined by the business sequence is not completed based on the communication between the transmission source device and the transmission destination device designated by the business sequence within an allowable time defined by the business sequence (par. [0045], [0049], [0054]; par. [0018] in Kim).

	As to claim 6, Higashikado teaches that the communication monitoring apparatus includes a packet collection processing unit that collects the communication packet used for the communication of the business system (Figs, 1, 8; par. [0045]), 
	a legitimate communication determination processing unit that determines whether or not the communication packet is a legitimate communication packet based on the transmission source information and the transmission destination information included in the communication packets (par. [0049], claim 8, Fig. 8), 
	a sequence packet identification processing unit that identifies whether or not the legitimate communication packet is a communication packet constituting the business sequence based on the transmission source information and the transmission destination information included in the legitimate communication packet (as discussed per claim 1 above), and 
	a sequence establishment determination processing unit that determines whether or not the plurality of processes constituting the business defined by the business sequence is executed according to an order defined by the business sequence based on the transmission source information and the transmission destination information included in the communication packet constituting the business sequence (par. [0050]-[0052]).

	As to claim 8, Higashikado in view of Kim teaches a communication monitoring apparatus (Fig. 1 in Higashikado) that monitors a communication packet used for a business sequence, and determines whether or not a plurality of processes constituting a business defined by the business sequence is executed according to the business sequence based on transmission source information and transmission destination information included in the communication packet, as discussed per claim 1 above.

	As to claim 9, Higashikado teaches a communication monitoring method comprising: 
	monitoring a communication packet used for a business sequence (par. [0045], [0061], Fig. 11); and 
	determining, by a processor, whether or not a plurality of processes constituting a business defined by the business sequence is executed according to the business sequence (par. [0050]-]0052]).
While Higashikado teaches that log information includes transmission source information and transmission destination information (par. [0049], claim 8), Higashikado does not explicitly state how this information is utilized.
Kim is directed to detecting a denial of service attack (abstract). In particular, Kim teaches determining whether or not there has been a disruption in a normal communication between a source and destination based on transmission source information and transmission destination information included in the communication packet (par. [0018], Fig. 3).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed inventio to modify the method and system of Higashikado by having the communication monitoring apparatus determines whether or not the plurality of processes is executed according to the business sequence based on transmission source information and transmission destination information included in the communication packet in order to determine whether source or destination has been compromised (par. [0011] in Kim).

	As to claim 10, Higashikado teaches determining that the business sequence is established when the process is executed according to an order defined by the business sequence (par. [0050]); 
	determining that the business sequence is not established when the process is not executed according to the order defined by the business sequence (par. [0051]); and 
	determining that an abuse using a legitimate communication between a transmission source device and a transmission destination device occurs when the business sequence is not established (par. [0052]).

	As to claim 11, Higashikado teaches collecting the communication packet from a business system that performs communication between the transmission source device and a transmission destination device according to the business sequence (Figs, 1, 8; par. [0045]); 
	determining whether or not the communication packet is a legitimate communication packet based on the transmission source information and the transmission destination information included in the communication packet (par. [0049], claim 8, Fig. 8); 
	identifying whether or not the legitimate communication packet is a communication packet constituting the business sequence based on the transmission source information and the transmission destination information included in the communication packet used for the legitimate communication (as discussed per claim 1 above); and 
	determining whether or not the plurality of processes constituting the business defined by the business sequence is executed according to an order defined by the business sequence based on the transmission source information and the transmission destination information included in the communication packet used for the business sequence (par. [0050]-[0052]).
	
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG SURVILLO whose telephone number is (571)272-9691. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/OLEG SURVILLO/Primary Examiner, Art Unit 2442