DETAILED ACTION
Claims 1, 10, 11, 12, and 13 have been amended. 
Claims 7, 8, and 9 have been cancelled.
Claims 1-6, and 10-13 are pending
Drawing objections have been overcome based on applicant’s filed amendments
112(b) rejections have been overcome based on applicant’s filed amendments
101 rejection for claim 12 has been overcome based on applicant’s filed amendments

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments filed on 09/08/2022 have been fully considered but they are not persuasive. 
With respect to the argument of claims 1 and 13, examiner respectfully disagrees. 
Applicant has argued that ABDELFADEEL fails to teach “performing a security operation”. Applicant has argued that “sending a special ID meaning the packet is not compressed” is not a security operation. Examiner respectfully disagrees, sending a special ID is being interpreted as a means to notify the receiver that the packet is not compressed. Therefore, it is a security operation.
As for the argument of ABDELFADEEL fails to teach the amended portion of the independent claims 1 and 13, regarding emitting a security alert message, cancelling the transmission, and adding or removing a rule. The office action is not relying on ABDELFADEEL to teach this feature but on NENOV.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, 12, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over
ABDELFADEEL (“LSCHC: Layered static context header compression for lpwans”), in view of NENOV (US-9692784-B1), hereinafter ABDELFADEEL-NENOV. 
Regarding claim 1, ABDELFADEEL teaches “A method of processing a data message, wherein there are defined a one or more rules, each said rule comprising one or more field instruction lines, each said field instruction line comprising a target value and a processing instruction;” ([ABDELFADEEL, FIG. 2 and 3, Page 15 left col. Para. 4] “The context, as shown in Figure 2, consists of rules that are lists of fields. A rule targets a header or more to be compressed, e.g., a rule for the IPv6 header, IPv6/UDP/CoAP headers, or IPv6/ICMP headers and so on. Each rule is defined using a rule ID. The rule ID is sent to the other end followed by the information resulting from the compression of the header fields. A field corresponds to a segment in the potential header to be compressed, describing the action used to compress/decompress this field. A field in a rule contains several entries: Field ID, which is a unique value to define the field; Field Position, which indicates which instance is targeted in case several instances of the field exist; Direction Indicator, which specifies the direction of the packet that could be upstream, downstream or bidirectional; Target Value, which is the value compared with the packet header value; Matching operator, which is the operator used to make the comparison between the target value and the packet header value; and C/D action, which describes the process of compression and decompression of this field.” ) said method comprising the steps of parsing said data message, determining for a said field instruction line whether a respective specified region of said data message corresponds to said target value in a respective prescribed manner ([ABDELFADEEL, Page 15 right col. Para. 1] “The SCHC draft [8] defines a set of basic matching operators such as equal, which means the packet header value equals the target value, and ignore, which means no check is done between the packet header value and the target value. The C/D action has a different meaning at the C/D and depends on the used matching operator. The not-sent action is usually used with the equal matching operator. The compressor does not send the packet header value and the decompressor uses the value stored in the context.”) and in a case where said respective specified region corresponds to said target value in said respective prescribed manner for each field instruction line in a respective said rule, applying the processing instruction of each field instruction in said corresponding rule with regard to the respective specified region, ([ABDELFADEEL, Page 15 right col. Para. 2] “An example of composing a rule to target a specific IPv6/UDP flow is shown in Figure 3. The example shows the different fields of each header and the target value, matching operator, C/D action that are used in each field. Compression is performed when a packet’s header(s) matches one of the rules in the context. Then, the compressor uses the compression actions of the matched rule to compress the header(s) and sends the rule ID to the decompressor. Subsequently, the decompressor uses the sent rule ID to identify the used rule and applies the decompression actions to the received packet.”) and in a case where no said rule is found to correspond, performing a further step of performing a security operation. ([ABDELFADEEL, Page 17 left col. Lines 31-33] “If such a rule is found, the packet is processed using the corresponding C/D actions to this rule. Otherwise the packet is sent without compression. However, this is not accurate because the decompressor always expects a rule ID in the packet. Therefore, if there is no matching, the compressor side must send a special ID meaning the packet is not compressed. Furthermore, selecting the first matching rule with the header(s) may not be the best matching approach because there could be more than one rule that matches with the header(s). To get the best solution, the compressor should test all available rules and then select the rule that achieves the best compression factor.”).
However, ABDELFADEEL does not teach “performing a security operation comprising one or more of emitting a security alert message, cancelling the transmission of some or all of the data packet and modifying, adding or removing a rule.”.
In analogous teaching, NENOV teaches “performing a security operation comprising one or more of emitting a security alert message, cancelling the transmission of some or all of the data packet and modifying, adding or removing a rule” ([NENOV, Col. 13 lines 44-53] “At step 318, the security device may send a notification. As discussed above in connection with step 312, sending a notification may comprise transmitting a notification to a computing device of an administrator on the local or external network (e.g. a smart phone, a desktop computer, a management service, etc.); recording a notification in a log of the security device; outputting a visible and/or audible alert via an output device of the security device, such as a speaker, indicator light, or display screen; or any combination of these or other notifications.”).
Thus, given the teaching of NENOV, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of security operation comprising of a security event as taught by NENOV into the teaching of a method of processing data message as taught by ABDELFADEEL. One of ordinary skill in the art would have been motivated to do so because NENOV recognizes the benefits of analyzing packets based on rules to either filter or forward packets to improve network security. ([NENOV, Col. 4 lines 14-15] “For example, parameters of an incoming packet may be compared to the MBR data using spatial algorithms, such as a coordinate search within an R-tree data structure.”) ([NENOV, Col. 4 lines 27-32] “Thus, the identified MBRs within the tree may be used to apply corresponding filtering and/or forwarding rules to the packet. This may significantly accelerate rule searching and matching algorithms, reducing delays and computing resource requirements and accelerating network security processing.”).

Regarding claim 5, ABDELFADEEL-NENOV teaches all limitations of claim 1. However, ABDELFADEEL does not teach “wherein said security operation comprises logging a security event.”.
In analogous teaching, NENOV teaches “wherein said security operation comprises logging a security event.” ([NENOV, Col. 10 lines 35-38] “In some implementations, a security device 100 may maintain a log 220. Log 220 may comprise a database, flat file, or other type and form of data structure for recording packet parameters and applied filter actions.”) ([NENOV, Col. 13 lines 32-38] “If the packet is determined to be part of an attack attempt or represents an attack, then at step 316, the packet may be blocked. Blocking the packet may comprise buffering the packet, discarding the packet, logging the packet, forwarding the packet to another device for quarantine and/or inspection (e.g. an analyzer device, a maintenance server, a sandboxed or quarantined virtual machine, etc.).”).
The same motivation to modify ABDELFADEEL with NENOV as in the rejection of claim 1, applies. 


Regarding claim 12, this claim recites a non-transitory computer readable medium having stored a computer program comprising instructions relating to claim 1. Therefore, claim 12 is rejected in a similar manner as in the rejection of claim 1. ABDELFADEEL further teaches a computer program comprising instructions ([ABDELFADEEL, Page 13 right col. Para. 2] “Therefore, an efficient header compression scheme is crucial in order to adapt the IoT stack to LPWANs, taking advantage of the unique characteristics of LPWANs such as the star-topology and that the data flows are known in advance due to pre-programmed applications.”).

Regarding claim 13, this claim recites a data message processor comprising storage to implement the features of claim 1. Therefore, claim 13 is rejected in a similar manner as in the rejection of claim 1. ABDELFADEEL further teaches a data message processor comprising storage ([ABDELFADEEL, Page 17 right col. Para. 4] “In order to evaluate SCHC/LSCHC, we implemented the SCHC/LSCHC scheme in the Contiki-3.0 as mentioned above and emulated it in the Cooja emulator, using the Sky motes, which use Texas Instruments MSP430 microcontroller featuring 16-bit CPU, 8 MHz processor with 10KB of RAM, and 48KB of Flash memory.”).


Claims 2 and 3 are rejected under 35 U.S.C. 103 as being unpatentable over  ABDELFADEEL-NENOV in view of BALAKRISHNAN (US-7784094-B2).
Regarding claim 2, ABDELFADEEL-NENOV teaches all limitations of claim 1. However, ABDELFADEEL-NENOV does not teach “wherein said target value is obtained from an external service.”.
In analogous teaching, BALAKRISHNAN teaches “wherein said target value is obtained from an external service” ([BALAKRISHNAN, Col. 6 lines 7-8, 16-18] “As a packet enters the system, it is first verified for protocol conformance, …… The target actions are encoded in the packet metadata as they are matched. Thus, a packet can have more than one target action associated with it.”). [Examiner’s Note: A packet containing the target value entering the system, also means that the target value is coming from some external service.]
Thus, given the teaching of BALAKRISHNAN, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of obtaining a target value from an external service as taught by BALAKRISHNAN into the teaching of a method of processing data message as taught by ABDELFADEEL-NENOV. One of ordinary skill in the art would have been motivated to do so because BALAKRISHNAN recognizes the need to improve security and  packet inspection through the use of security operations like a firewall ([BALAKRISHNAN, Col. 2 lines 22-27] “In constructing next-generation networking platforms, it is desirable that robust firewall functionality be added without requiring the addition of specialized firewall components, instead utilizing network processor technology and adding firewall functionality to NPU code in a reusable, scale able fashion.”).

Regarding claim 3, ABDELFADEEL-NENOV teaches all limitations of claim 1. However, ABDELFADEEL-NENOV does not teach “wherein said target value defined on the basis of information extracted from one or more said data messages.”.
In analogous teaching, BALAKRISHNAN teaches “wherein said target value defined on the basis of information extracted from one or more said data messages.” ([BALAKRISHNAN, Col. 6 lines 7-22] “As a packet enters the system, it is first verified for protocol conformance, checksum etc., by input verification block 216. Once this sanity check is performed, the flow validation block 218 verifies whether the packet belongs to a known (e.g., existing) flow or requires a new flow. If the packet does not belong to any known flow, a new entry is added to flow table 212, and the packet metadata (e.g., header data) is passed to rules matching block 220. This block will iterate through a set of match structures, evaluating conditions for every match. The target actions are encoded in the packet metadata as they are matched. Thus, a packet can have more than one target action associated with it. For example, it might be required to log the packet as well as forward it. Once the packet is matched against the rules, it is passed to the target handler block 210 for further processing. This block performs the actions associated with the packet metadata.”).
The same motivation to modify ABDELFADEEL-NENOV with BALAKRISHNAN as in the rejection of claim 2 applies.
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over  ABDELFADEEL-NENOV in view of NURMELA (US-7386525-B2).
Regarding claim 4, ABDELFADEEL-NENOV teaches all limitations of claim 1. However, ABDELFADEEL does not teach “wherein one or more of said field instruction lines are security instruction lines, and wherein one or more of said security instruction lines specify a security operation to be executed in said case where said respective specified region corresponds to said target value in said respective prescribed manner for each field instruction line in a respective said rule.”.
In  analogous teaching, NURMELA teaches “wherein one or more of said field instruction lines are security instruction lines, and wherein one or more of said security instruction lines specify a security operation to be executed in said case where said respective specified region corresponds to said target value in said respective prescribed manner for each field instruction line in a respective said rule.” ([NURMELA, Col. 1 lines 54-64, Col. 2 lines 4-10] “The data packet filtering is usually done by means of a rule base comprising a set of rules. Each rule comprises certain parameters of data packets (e.g. source address, destination address and protocol) and an action (i.e. information about how to handle the data packet corresponding to the parameters of the rule). In a firewall, the action is typically ‘drop’ or ‘accept’, which means the data packet is discarded or allowed to proceed, correspondingly. Such a set of rules is usually sequentially ordered and each received data packet is compared with the rules linearly, one by one, until a match is found ……  A data packet, whose parameters do not match any rule, may be for example discarded. FIG. 2 illustrates as an example a rule base, having a first rule Rule1, a second rule Rule2, and so forth. Each rule has two parameter fields, field1 and field2, and an action field. In many practical applications, there are more than two parameter fields, though.”) ….. ([NURMELA, Col. 5 lines 49-56] “As discussed in connection with prior art data packet filtering involves finding, in a rule base, a (first) rule matching the data packet. A data packet comprises parameter fields for identifying the data packet, the rule base comprises a plurality of sequentially labelled (e.g. numbered) rules, each rule comprises one or more parameter fields, and a matching rule is a rule, whose all parameter field values correspond to the parameter field values of said data packet.”)
Thus, given the teaching of NURMELA, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of security instruction lines as taught by NURMELA into the teaching of a method of processing data message as taught by ABDELFADEEL-NENOV. One of ordinary skill in the art would have been motivated to do so because NURMELA recognizes the benefits of optimizing rule base traversal to increase the efficiency of a firewall. ([NURMELA, Col. 4 lines 61-67, Col. 5 lines 1-3] “The methods according to the invention optimize the rule base traversal in a firewall (or similar network element) so that the performance of the firewall improves especially with very large rule bases. The method is fast because the rules are not matched linearly; the method can directly skip a number of successive rules whenever they cannot match to a parameter field value in the data packet. Furthermore, there is no need to translate the high level rules into low level rules, which is important, if there are complex expressions defining the sets in the rules.”).

34.	Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over ABDELFADEEL-NENOV, in view of SHELEST (US-20060048209-A1), hereinafter ABDELFADEEL-NENOV-SHELEST.
35.	Regarding claim 6, ABDELFADEEL-NENOV teaches all limitations of claim 5. However, ABDELFADEEL-NENOV does not teach “wherein in a case where a predetermined threshold of security events logged in a predetermined period is exceeded, a further security operation is performed.”.
36.	In analogous teaching, SHELEST teaches “wherein in a case where a predetermined threshold of security events logged in a predetermined period is exceeded, a further security operation is performed.” ([SHELEST, Para. 0022] “] In one embodiment, the detection system takes various actions depending on whether a rating for a security event that matches a security policy exceeds a rating threshold. The detection system calculates an overall rating for a security event that matches a security policy. An administrator can then set a threshold rating that the detection system uses when determining whether to take an action of a security policy. For example, if the rating of a security event/policy combination is 75 (within a range of 0-100) and the threshold is 80, then the detection system will not take the action. In contrast, if the threshold is 50, then the detection system will take the action. The detection system may also allow an administrator to set multiple thresholds and additional actions to be taken when a security event/policy combination exceeds a threshold. For example, an administrator may set a low threshold at 40 and indicate that the security event is to be logged, but the action of the security policy is not to be taken. The administrator may also set a high threshold at 80 and indicate that the security event is to be logged and the action of the security policy is to be taken. Thus, when the rating of a security event/policy combination exceeds the low threshold, but not the high threshold, the security event is simply logged. If the rating is below the low threshold, then no action is taken.”).
37.	Thus, given the teaching of SHELEST, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of predetermined threshold of security events as taught by SHELEST into the teaching of a method of processing data message and performing a security operation as taught by ABDELFADEEL-NENOV. One of ordinary skill in the art would have been motivated to do so because SHELEST recognizes the benefits of using thresholds to increase security. ([SHELEST, Para. 0023] “By using thresholds that apply to multiple security policies, an administrator can avoid having to define multiple versions of a security policy for various attributes of a security event and multiple actions to be taken depending on severity and confidence of a security policy.”).

40.	Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over  ABDELFADEEL-NENOV in view of MILLER (US-6873627-B1).
41.	Regarding claim 10, ABDELFADEEL-NENOV teaches all limitations of claim 1. However, ABDELFADEEL-NENOV does not teach “wherein said data message is transmitted via a plurality of devices, and wherein said steps are repeated at each said device of said plurality of devices.”.
42.	In analogous teaching, MILLER teaches “wherein said data packet is transmitted via a plurality of devices, and wherein said steps are repeated at each said device.” ([MILLER, Col. 5 lines 12-17] “In addition, after the converted packet is received at a destination address, steps (a) through (d) can be repeated at each destination address. This enables a packet to pass through different network segments and get converted at each one so that receivers at each segment can receive the packet.”).
43.	Thus, given the teaching of MILLER, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of repeating steps at each device that received the packet as taught by MILLER into the teaching of a method of processing data message as taught by ABDELFADEEL-NENOV. One of ordinary skill in the art would have been motivated to do so because MILLER recognizes the importance of transmitting data packets to multiple devices efficiently. ([MILLER, Col. 2 lines 5-7] “Multicast is a one to many type of data transmission that permits a sender to transmit a message to multiple recipients at the same time.”) ([MILLER, Col.2 lines 27-35] “Multicast networking and the applications providing one to many services using multicast are becoming important because multicast networks enable applications to scale; that is, multicast enables the applications to service many users without overloading network and sender resources. Widespread usage of applications servicing many users generally is not possible without the scaling provided by efficient network services such as those provided by multicast.”).


44.	Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over  ABDELFADEEL-NENOV in view of SWANDER (US-20050022011-A1).
45.	Regarding claim 11, ABDELFADEEL-NENOV teaches all limitations of claim 1. However, ABDELFADEEL-NENOV does not teach “wherein said data message is transmitted in accordance with telecommunications system defining a plurality of abstraction layers, and wherein said steps are repeated at each abstraction layer.”.
46.	In analogous teaching, SWANDER teaches “wherein said data message is transmitted in accordance with telecommunications system defining a plurality of abstraction layers, and wherein said steps are repeated at each abstraction layer.” ([SWANDER, Para. 0219] “In step 514, the requesting layer passes the packet, processed according to the layer protocol, along with the modified packet context to a next layer. If the packet is an inbound packet, the next layer is a higher layer in the network stack. If the packet is an outbound packet, the next layer is a lower layer in the network stack. The process 500 is repeated by each layer in the network stack and continues until the packet traverses all layers in the network stack or until the packet is dropped by one of the layers in the network stack.”).
47.	Thus, given the teaching of SWANDER, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of repeating steps at each layer of a network as taught by SWANDER into the teaching of a method of processing data message as taught by ABDELFADEEL-NENOV. One of ordinary skill in the art would have been motivated to do so because SWANDER recognizes the importance to analyze and filter packets at all layers of a network stack. ([SWANDER, Para. 0055] “The method provides the ability to subject packets to filters at all layers of a network stack. The method provides central management capabilities that allow filters to be added and deleted and for filter conflicts to be identified and resolved. The firewall architecture is extensible in that filter layers are added and deleted as needed and is expanded to include specialized functionality beyond permit and block actions. Although the invention is described with specific reference to firewalls and firewall filters, the method is also used to facilitate and manage other filters and policies. As specific examples, the present invention is suitable for facilitating and managing filters used with Quality of Service (QOS), Internet Protocol Security (IPSec) suite, as well as other encrypting, authenticating, and key management protocols.”).


Conclusion
48.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

49. 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AFAQ ALI/Examiner, Art Unit 2434            

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434