Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1, 3-9 and 11 allowed.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Besehanic et al (US 2016/0065635 A1). Hereinafter referred as Degioanni, Avner and Besehanic.
Regarding claim 12, Degioanni teaches a data analytics device of a host, the device for application monitoring (page 2 paragraph (0017)), the device comprising: an application-monitor manager engine (page 2 paragraph (0021)) configured to receive configuration files from a cloud server (page 5 paragraph (0040)) and to generate monitoring rules for the plurality of monitors (page 2 paragraph (0022)); and a data-processing engine coupled (page 9 paragraph (0075)) to the application-monitor manager engine (page 1 paragraph (0003) and page 7 paragraph (0060)) and the plurality of monitors and configured to coordinate activities of the plurality of monitors (page 2 paragraph (0018) and page 3 paragraph (0024)), wherein: the plurality of monitors are embedded in a user space and a kernel of a host (the agent may be configured to receive the set of baseline operation rules and implement rule-based activity monitoring that monitors activity between the kernel and the one or more running applications and containers interacting with the kernel (page 8 paragraph (0065)). Degioanni also teaches a host operating system of the host (page 3 paragraph (0025)).
However, Degioanni is silent in teaching monitoring rules for the plurality of monitors are generated based on the configuration files received from the cloud server. Avner teaches on (page 3 paragraph (0033)) a monitor component may be configured to process the probe runner results reported to the results database and may be configured to generate appropriate alerts based on the results. […] A rule definition database associated with the monitor component may contain the configuration information for the rules such as the entry point and targets within the cloud service. In an example scenario, a rule may be configured to generate an alert if there are two consecutive failures of a probe against a particular monitored database and/or system within the cloud service. Avner further teaches a plurality of monitors (page 2 paragraph (0021)). Avner teaches data analytics comprising a plurality of monitors (page 1 paragraph (0012)).
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s references to include the teachings of Avner for monitoring rules for the plurality of monitors are generated based on the configuration files received from the cloud server before the effective filing date of the claimed invention. A useful combination which yields predictable results in found on Avner (page 1 paragraph (0004)) embodiments are directed to providing a multilevel monitoring system provided for monitoring multiple performance aspects of a cloud service concurrently in order to generate a full and reliable performance analysis of the cloud service.
However, Degioanni and Avner are silent in teaching a plurality of monitors are configured to perform IP stack monitoring by extracting information from a DNS server request and response, a manifest file, and video segments requests. Besehanic teaches on (page 7 paragraph (0051)) message detector detects messages that include adaptive bitrate streaming URLs, such as the example messages originated by the mobile platform. In some examples, the message detector detects the messages by initially filtering messages originated at the mobile platform (e.g., message prepared and to be sent by the mobile platform) to identify those candidate messages likely to include adaptive bitrate streaming URLs, such as HTTP GET messages. For example, the message detector may be configured to monitor a protocol call stack, such as a transmission control protocol/Internet protocol (TCP/IP) protocol stack, implemented on the mobile platform, and/or to monitor one or more network interfaces of the mobile platform, etc., to capture and filter (e.g., identify) candidate messages, such as HTTP GET messages, being prepared for transmission by the mobile platform.
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s and Avner’s references to include the teachings of Besehanic for a plurality of monitors are configured to perform IP stack monitoring by extracting information from a DNS server request and response, a manifest file, and video segments requests before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Besehanic (page 1 paragraph (0001)) this disclosure relates generally to media monitoring and, more particularly, to using messaging associated with adaptive bitrate streaming to perform media monitoring for mobile platforms.

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Besehanic et al (US 2016/0065635 A1) in view of Paliga et al (US 2014/0232863 A1) in view of Klein et al (US 2004/0080615 A1). Hereinafter referred as Degioanni, Avner, Besehanic, Paliga and Klein.
Regarding claim 13, Degioanni, Avner and Besehanic teach the device of claim 12. However, Degioanni, Avner and Besehanic are silent in teaching a video engine wherein video engine monitors are configured to monitor video content analytics data. Paliga teaches on (page 3 paragraph (0043)) a video can be in the form of metadata obtained from embedded analytics created by a camera and stored on a site in a DVR. […] If a company is already streaming video to a location then a filter could be put on this stream which can extract analytics or images on the fly and send them to the centralized location. Paliga also teaches the plurality of monitors are further embedded in a security engine of the host (page 2 paragraph (0021)) and security engine monitors are configured to monitor security analytics data (page 2 paragraph (0028)).
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s and Besehanic’s references to include the teachings of Paliga for a video engine wherein video engine monitors are configured to monitor video content analytics data before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Paliga (page 1 paragraph (0001)) this invention relates to the field of analytics, and more particularly to a video analytics system, useful, for example, fraud detection, and more particularly ATM fraud detection.
However, Degioanni, Avner, Besehanic and Paliga are silent in teaching a host is configured to comprise a video engine and a security engine. Klein teaches on (page 2 paragraph (0018)) the host computer includes software to control recording, interpretation and reaction of the security system to the video input. The control software comprises three main components, and a remote communication module. While the components may be separate software objects, they interact with one another to permit full control over the surveillance system.
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s, Besehanic’s and Paliga’s references to include the teachings of Klein for a host is configured to comprise a video engine and a security engine before the effective filing date of the claimed invention. A useful combination which yields predictable results in found on Klein (page 1 paragraph (0001)) the present invention generally relates to security systems, and specifically to remotely operable video surveillance systems.

Claims 14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Besehanic et al (US 2016/0065635 A1) in view of Paliga et al (US 2014/0232863 A1) in view of Klein et al (US 2004/0080615 A1) in view of Park (US 2017/0316185 A1). Hereinafter referred as Degioanni, Avner, Besehanic, Paliga, Klein and Park.
Regarding claim 14, Degioanni, Avner, Besehanic, Paliga and Park teach the data analytics device of claim 12. Avner teaches at least one processor circuit is further configured to collect data from the plurality of monitors (page 2 paragraph (0021)). However, Degioanni, Avner, Besehanic and Paliga are silent in teaching preprocess the collected data and to detect relevant events including a start and a completion of an active application or a background application, a DNS query or a video streaming session. Park teaches on (page 6 paragraph (0061)) if the requested content is an MPEG video, the content server may include the DRM license and/or the key to decrypt or descramble the video directly in the manifest of the video. Park further teaches the security analytics data comprise traffic pattern information, digital rights management (DRM) attributes and encryption- and/or authentication-key information (page 2 paragraph (0011) and page 2 paragraph (0021)-(0022)). 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s, Besehanic’s and Paliga’s references to include the teachings of Park for preprocess the collected data and to detect relevant events including a start and a completion of an active application or a background application, a DNS query or a video streaming session before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Park (page 1 paragraph (0005)) in one aspect, an authentication server establishes an authenticated session. The authenticated session is employed by a client and referenced by other servers during subsequent processing to obtain digital content.

Regarding claim 17, Degioanni, Avner, Besehanic, Paliga and Park teach the data analytics device of claim 12. Park teaches the plurality of monitors are configured to perform IP stack monitoring by extracting information from a DNS server, a manifest file and video segments requests (page 6 paragraph (0061)). Avner teaches the monitoring rules for the plurality of monitors include rules that identify at least one monitor to take action on one or more applications (page 4 paragraph (0041)).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Besehanic et al (US 2016/0065635 A1) in view of Paliga et al (US 2014/0232863 A1) in view of Klein et al (US 2004/0080615 A1) in view of Park (US 2017/0316185 A1) in view of Wing et al (US 10,375,020). Hereinafter referred as Degioanni, Avner, Besehanic, Paliga, Klein, Park and Wing.
Regarding claim 15, Degioanni, Avner, Besehanic, Paliga and Park teach the data analytics device of claim 14. However, Degioanni, Avner, Besehanic, Paliga and Park are silent in teaching at least one processor circuit is further configured to provide a secure data package to a cloud server to perform a data analysis including analyzing IP sessions, video and security events and dynamic analytic data and to perform DPI and correlation in timeline and traffic patterns. Wing teaches on (column 12 lines 4-14) encryption module may include instructions enabling DNS server to establish a secure communication channel with host device including generating encryption keys to establish an HTTPS session with host device. Encryption module may further include a key store that may store one or more private encryption keys uniquely associated with DNS server. 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s, Besehanic’s, Paliga’s and Park’s references to include the teachings of Wing for at least one processor circuit is further configured to provide a secure data package to a cloud server to perform a data analysis including analyzing IP sessions, video and security events and dynamic analytic data and to perform DPI and correlation in timeline and traffic patterns before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Wing (column 2 lines 9-24) in accordance with one embodiment, a browser operating on a host device receives, from a user, a request to access a web server that includes a URL associated with the web server.  

Claims 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Avner et al (US 2013/0086203 A1) in view of Besehanic et al (US 2016/0065635 A1) in view of Wing et al (US 10,375,020). Hereinafter referred as Degioanni, Avner, Besehanic and Wing.
Regarding claim 16, Degioanni, Avner, Besehanic and Wing teach the data analytics device of claim 12. However, Degioanni, Avner and Besehani are silent in teaching at least one processor circuit is further configured to coordinates activities of the plurality of monitors by triggering a monitoring of HTTP messages with a resolved IP address upon completion of a DNS query. Wing teaches on (column 12 lines 4-14) encryption module may include instructions enabling DNS server to establish a secure communication channel with host device including generating encryption keys to establish an HTTPS session with host device. Encryption module may further include a key store that may store one or more private encryption keys uniquely associated with DNS server. 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Avner’s and Besehanic’s references to include the teachings of Wing for at least one processor circuit is further configured to coordinates activities of the plurality of monitors by triggering a monitoring of HTTP messages with a resolved IP address upon completion of a DNS query before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Wing (column 2 lines 9-24) in accordance with one embodiment, a browser operating on a host device receives, from a user, a request to access a web server that includes a URL associated with the web server.
Regarding claim 18, Degioanni, Avner, Besehanic and Wing teach the data analytics device of claim 12, Wing teaches at least one processor circuit is further configured to correlate video-session information (column 3 lines 14-44) and video-traffic pattern information from video-engine data and security-engine data with corresponding information of a video-program library generated through a machine-learning-based model to identify a specific video program associated with a video segment (column 2 lines 26-45). 

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Ma et al (US 2009/0038010 A1) in view of Katz et al (US 2015/0067859 A1). Hereinafter referred as Degioanni, Ma and Katz.
Regarding claim 19, Degioanni teaches a data analytics device for application monitoring (page 2 paragraph (0017)), the device comprising: an application-monitor manager engine (page 2 paragraph (0021)) configured to receive configuration files from a cloud server (page 5 paragraph (0040)) and to generate monitoring rules for a plurality of monitors (page 2 paragraph (0022)); and a data-processing engine coupled (page 9 paragraph (0075)) to the application-monitor manager engine (page 1 paragraph (0003) and page 7 paragraph (0060)) and the plurality of monitors and configured to coordinate activities of the plurality of monitors (page 2 paragraph (0018) and page 3 paragraph (0024)), wherein: the plurality of monitors are embedded in a user space and a kernel of a host operating system (the agent may be configured to receive the set of baseline operation rules and implement rule-based activity monitoring that monitors activity between the kernel and the one or more running applications and containers interacting with the kernel (page 8 paragraph (0065)).
However, Degioanni is silent in teaching monitoring rules for the plurality of monitors are generated based on the configuration files. Ma teaches on (page 4 paragraph (0039)) the monitoring application can use a number of defined monitors or rule sets according to a type of monitoring preferred for a monitoring session. A configuration file can be used to define a rule set configuration for one or more rule sets. 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s references to include the teachings of Ma for monitoring rules for the plurality of monitors are generated based on the configuration files before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Ma (page 1 paragraph (0004)) in one embodiment, a monitoring application can be used to detect test automation issues. The monitoring application can include a number of rule sets which may be tailored to identify and detect new types of exceptions and other conditions associated with a test automation process or some other process.
However, Degioanni and Ma are silent in teaching a plurality of monitors are embedded in a user space and a kernel of an operating system of the host. Katz teaches on (page 1 paragraph (0015)) a threat monitoring module which monitors, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device and detects, in run time, a first event of the plurality of events, the first event being performed by the first process of the plurality of processes on the computing device. 
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s and Avner’s references to include the teachings of Katz for a plurality of monitors are embedded in a user space and a kernel of an operating system of the host before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Katz (page 1 paragraph (0005)) according to some embodiments of the present invention, there is provided a computerized method of preemptive event handling. The method comprises monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system OS running on a computer.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Degioanni (US 2018/0255100 A1) in view of Ma et al (US 2009/0038010 A1) in view of Katz et al (US 2015/0067859 A1) in view of Wing et al (US 10,375,020). Hereinafter referred as Degioanni, Ma, Katz and Wing.
Regarding claim 20, Degioanni, Ma and Katz teach the data analytics system of claim 19, Ma teaches the plurality of monitors are embedded in a user space and a kernel of a host operating system as well as in a video engine and a security engine (page 4 paragraph (0041)). However, Degioanni, Ma and Katz are silent in teaching video-engine monitors are configured to monitor video content analytics data and security-engine monitors. Wing teaches on (column 2 lines 26-45) the current intrusion prevention systems (IPS), next generation firewalls (NGFWs) and Cloud Web Security (CWS) servers act as Transport Layer Security (TLS) proxies that inspect loads and block malicious content from reaching user devices attached to the enterprise network. Wing further teaches the monitors are configured to monitor security analytics data, and wherein the data provided by the data analytics device comprises a secure data package, and the cloud-based analytics portal is configured to analyze IP sessions, video and security events and dynamic analytic data and to perform DPI and correlation in timeline and traffic patterns (column 2 lines 9-24).
Therefore, it would be reasonable to one of ordinary skill in the art to combine Degioanni‘s, Ma’s and Katz’s references to include the teachings of Wing for video-engine monitors are configured to monitor video content analytics data and security-engine monitors before the effective filing date of the claimed invention. A useful combination which yields predictable results in found in Wing (column 2 lines 9-24) in accordance with one embodiment, a browser operating on a host device receives, from a user, a request to access a web server that includes a URL associated with the web server. 



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANKLIN S ANDRAMUNO whose telephone number is (571)270-3004. The examiner can normally be reached Mon - Fri, 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jefferey Harold can be reached on (571) 272-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FRANKLIN S ANDRAMUNO/Examiner, Art Unit 2424                                                                                                                                                                                                        /JEFFEREY F HAROLD/Supervisory Patent Examiner, Art Unit 2424