DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 8/12/2022 have been fully considered but they are not persuasive.  Applicant argues that the prior art of record does not expressly disclose that the prior art of record discloses that the firewall log data is processed in  periodic basis to reduce the size of the firewall log data. The examiner respectfully disagrees. The prior art of record, Bray et al, discloses that a periodic refresh of received firewall data can be performed, see for example [0045]. Since the data is being reduced throughout processing of data (i.e., merging common branches) and the firewall log is refreshed on a periodic schedule, the examiner contends the system is thus reducing firewall log data on a periodic cycle as the data is merged and subsequently refreshed periodically, see for example [0053, 0059].
Applicant's arguments filed 8/12/2022 have been fully considered but they are not persuasive.  Regarding claim 5-8, the argues that the examiner improperly used official notice. The examiner did not use official notice and the explanation of how the art is being used to reject each claim limitation was included in each point (ie., Please note…). This is not a claim of official notice nor citation of inherency, this was the examiner explanation of how the art meets the claim limitations. 
Applicant's arguments filed 8/12/2022 have been fully considered and they are persuasive.  Applicant argues that the prior art of record does not expressly disclose that the prior art of record discloses a transform, extract and load service. The examiner agrees with applicant’s arguments and withdraws rejections to claims 2 and 10. 
Applicant’s arguments, see remarks, filed 8/12/2022, with respect to the rejection(s) of claim(s) 1-16 under 35 U.S.C. 103 have been fully considered. Applicant remarks that the rejection is unclear as the claim heading(s) are incorrect. Examiner recognizes the typographical errors and is issuing a second non-final rejection to correct the typographical errors such that the applicant can respond to correct rejections accordingly. Please find the correct rejection(s) listed below.   
Examiner’s Note: The applicant has made amendments to overcome U.S.C. 112(f) interpretation(s) and one of the 35 U.S.C. 101 rejection(s). It is noted that the applicant has filed to participate in the DSMER Pilot Program.
Allowable Subject Matter
Claim 2, 10 and  18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  the prior art, either alone or in combination does not expressly disclose an extract, transform and load service operating on a third processor and configured to extract two or more subsets of data from the firewall log data, to transform the extracted firewall log data into a metadata schema and to load the metadata schema into a data processing system configured to analyze the firewall log data using the metadata schema. Examiner’s Note: The examiner believes if applicant amends independent claims to include subject matter of claims 2, 10 and 18, the outstanding 101 rejection would become moot. 
Claims 3-4, 11-12, and 19-20 are objected to for being dependent on an already objected to claim. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 1, 5-9, 13-17 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Regarding claim 1, 9 and 17, the claim recites receiving firewall log data and processing it and processing reduced firewall log data and generating a report . The limitation of recites Receiving firewall log data and processing it , as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by a processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by a processor” language, “Receiving firewall log data and processing it ” in the context of this claim encompasses the user manually receiving and analyzing log data. Similarly, the limitation of Processing reduced firewall log data and generating a report, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, but for the “by a processor” language, “Processing reduced firewall log data and generating a report ” in the context of this claim encompasses the user receiving the remainder of the data, analyzing it and writing out a report to be shared with other users.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a processor fir Receiving firewall log data and processing it, and Processing reduced firewall log data and generating a report. The processor in the steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of analyzing log data) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform Receiving firewall log data and processing it and Processing reduced firewall log data and generating a report amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Dependent claims 2-8 and 10-16 are rejected under the same rationale as they do not cure the deficiencies of the independent claim.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 17 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Regarding claim 17, the applicant recites “process[ing] the firewall log data on a periodic basis to reduce the size of the firewall log data without using a trie.” The specification makes no mention of the use or non-use of a trie. There is no support for the requirement to process the log data without a trie. There is absolutely no mention of a “trie” in the specification, therefore a claim cannot be bounded by its use or non-use. Therefore, it cannot be held as a requirement in  the claim language.  Examiner recommends applicant removes this language (“without using a trie”).  For examination  purposes, the examiner is not giving patentable weight to this claim limitation (“without using a trie”). 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 5-9,  and 13-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rohner (US 2009/0198707) in view of Bray et al (US 2014/0164595). 
Regarding claims 1 (currently amended), 9 (original), and 17 (new), Rohner discloses a system and method for firewall data log processing, comprising: 
a firewall logging system operating on a first processor being a hardware processor and having a memory configured to execute components of the hardware processor to cause the first processor (or one or more first algorithms) to receive firewall log data and to process the firewall log data to reduce the size of the firewall log data (without using a trie) [0017, 0029, 0032, fig 4];
Please note that in this example the firewall record manager may include a firewall record filter that may reduce or thin out the firewall log data into a smaller set.  
a firewall reporting system operating on a second processor (or a second algorithm) and configured to process the reduced size firewall log data to generate a report on a user interface that includes one or more analytics from the reduced size firewall data [0034-0039, fig 4];
Please note that in this example the firewall record manager may also include a firewall log record formatter that analyzes the reduced data and outputs an image display of the analyzed data. 
However, Rohner does not expressly disclose but Bray et al discloses reducing firewall data on a periodic basis [0045, 0053, 0059].
Please note that in this example a periodic reduction of firewall log data may be performed. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Rohner by periodically reducing, for the purpose of reducing content on a regular basis, based upon the beneficial teachings provided by Bray et al, see for example [0045].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claims 5 and 13 (both original), Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for selecting a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039]. 
Regarding claims 6 and 14 (both original), Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for relocating a display for a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039].
Regarding claims 7 and 15 (both original), Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for relocating a display of firewall statistics for a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039].
Regarding claims 8 (original) and 16 (currently amended), Rohner and Bray et al disclose all the limitations of claims 1 and 9. Rohner further discloses wherein the firewall reporting system comprising a window reporting system operating on the second processor and configured to generate a window user interface display for relocating a display of firewall statistics for a predetermined user for a predetermined period of time [0021, 0027, 0030, 0036, 0032, 0042, 0034];
Please note that in this example a specified time period according to a timestamp can be output. Also note that a choice of visual representations can be made, see for example [0036-0039].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Zerkane et al (Software Defined Networking Reactive Stateful Firewall) discloses that Network security is a crucial issue of Software Defined Networking (SDN). It is probably, one of the key features for the success and the future pervasion of the SDN technology. In this perspective, we propose a SDN reactive stateful firewall. Our solution is integrated into the SDN architecture. The application filters TCP communications according to the network security policies. It records and processes the different states of connections and interprets their possible transitions into OpenFlow (OF) rules. The proposition uses a reactive behavior in order to reduce the number of OpenFlow rules in the data plane devices and to mitigate some Denial of Service (DoS) attacks like SYN Flooding. The firewall processes the Finite State Machine of network protocols so as to withdraw useless traffic not corresponding to their transitions’ conditions.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 8am-5pm(EST) and Friday 8am-12pm(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/KENDALL DOLLY/Primary Examiner, Art Unit 2436