DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/20/2021, 04/13/2022, 09/01/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 9, and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 8 of U.S. Patent No. 111285564 (hereinafter “the ‘564 patent”).  Although the claims at issue are not identical, they are not patentably distinct from each other because the patented claims are narrower in scope and thus read on the instant claims as detailed below.

Regarding claim 1, the ‘564 patent discloses a method comprising:
identifying, by a server, first and second signatures from different network environments, the first and second signatures identifying different applications at different addresses (Claim 1, Lines 3-9); 
determining, by the server, that the first signature is valid responsive to the first signature being the same as the second signature (Claim 1, Lines 10-14 and 20-22); and 
providing, by the server, the first signature to first and second devices to route network traffic between the different applications (Claim 1, Lines 24-27).

Regarding claim 9, the ‘564 patent discloses a system comprising:
	a server (Claim 8, Lines 3-4) configured to: 
identifying, by a server, first and second signatures from different network environments, the first and second signatures identifying different applications at different addresses (Claim 8, Lines 6-12); 
determining, by the server, that the first signature is valid responsive to the first signature being the same as the second signature (Claim 8, Lines 13-17 and 23-25); and 
providing, by the server, the first signature to first and second devices to route network traffic between the different applications (Claim 8, Lines 26-29).

Regarding claim 17, the ‘564 patent discloses a system comprising:
one or more processors, coupled to memory (Claim 8, Lines 3-4) and configured to:
identify first and second signatures from different network environments, the first and second signatures identifying different applications at different addresses (Claim 8, Lines 6-12);
increment a value for the first signature responsive to the first signature being the same as the second signature (Claim 8, Lines 18-22); and 
provide, responsive to the value for the first signature exceeding a threshold, the first signature to first and second devices to use for routing network traffic between the different applications (Claim 8, Lines 26-29).

Claims 2-8, 10-16, and 18-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 9, and 17 U.S. Patent No. 111285564 (hereinafter “the ‘564 patent”) in view of Pasupathy et al. (U.S. Patent Application Publication No. 2017/0288987, hereinafter “Pasupathy”). 

Regarding claims 2 and 10, the ’564 patent discloses the method as recited in claim 1 and the system as recited in claim 9. 

The ’564 patent does not appear to disclose wherein the server is further configured to increment a value for the first signature responsive to the first signature being the same as the second signature. 

Pasupathy discloses wherein the server is further configured to increment a value for the first signature responsive to the first signature being the same as the second signature (§ 0069, Lines 5-11; The threshold, for an entry in context database 220, may be a hit count (e.g., a number of sessions to the same server with matching contextual information), a hit rate (e.g., a frequency of sessions to the same server with matching contextual information), a number of different source-destination pairs associated with the hits, a new session establishment rate, or the like). 

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claims 3 and 11, the ’564 patent discloses the method as recited in claims 1-2 and the system as recited in claim 9-10. 

The ‘564 patent does not appear to disclose wherein the server is further configured to determine that the value exceeds a threshold. 

Pasupathy discloses wherein the server is further configured to determine that the value exceeds a threshold (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claims 4 and 12, the ’564 patent discloses the method as recited in claims 1-3 and the system as recited in claim 9-11.

The ‘564 patent does not appear to disclose wherein the server is further configured to determine that the first signature is valid responsive to the value exceeding the threshold. 

Pasupathy discloses wherein the server is further configured to determine that the first signature is valid responsive to the value exceeding the threshold (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claims 5 and 13, the ’564 patent discloses the method as recited in claim 1 and the system as recited in claim 9. 

The ‘564 patent does not appear to disclose wherein the network environment comprises one of an internal network or an external network. 

Pasupathy discloses wherein the network environment comprises one of an internal network or an external network (Fig. 2, Element 270).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claims 6 and 14, the ’564 patent discloses the method as recited in claim 1 and the system as recited in claim 9. 

The ‘564 patent does not appear to disclose wherein the server is further configured to identify a network environment of the first signature from an identifier of the first device providing the first signature. 

Pasupathy discloses wherein the server is further configured to identify a network environment of the first signature from an identifier of the first device providing the first signature (§ 0066, Lines 3-10; Context database may include metadata such as, among other things, a virtual local area network (VLAN) identifier and a virtual extensible local area network (VXLAN) identifier) (§ 0066, Lines 11-12; The metadata may be used to assist with looking up the obtained contextual information in context database 220).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claims 7 and 15, the ’564 patent discloses the method as recited in claim 1 and the system as recited in claim 9. 

The ‘564 patent does not appear to disclose wherein the server is further configured to identify a network environment of the second signature from an identifier of the second device providing the second signature. 

Pasupathy discloses wherein the server is further configured to identify a network environment of the second signature from an identifier of the second device providing the second signature (§ 0066, Lines 3-10; Context database may include metadata such as, among other things, a virtual local area network (VLAN) identifier and a virtual extensible local area network (VXLAN) identifier) (§ 0066, Lines 11-12; The metadata may be used to assist with looking up the obtained contextual information in context database 220).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claims 8 and 16, the ’564 patent discloses the method as recited in claim 1 and the system as recited in claim 9. 

The ‘564 patent does not appear to disclose wherein one of the first signature or the second signature is generated from application layer information of a packet for a connection. 

Pasupathy discloses wherein one of the first signature or the second signature is generated from application layer information of a packet for a connection (§ 0063, Lines 11-18; Entries in context database 220 may include an assigned name, various protocols being used for the network traffic (e.g., the network layer, transport layer, and application layer protocols), the items of contextual information that were obtained from the network traffic, a threshold for creation of an application signature, and threshold information).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claim 18, the ’564 patent discloses the system as recited in claim 17. 

The ‘564 patent does not appear to disclose wherein the one or more processors are further configured to determine that the first signature is valid responsive to the first signature being the same as the second signature. 

Pasupathy discloses wherein the one or more processors are further configured to determine that the first signature is valid responsive to the first signature being the same as the second signature (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)) from a different network environment (§ 0031, Lines 3-6; There may be additional devices and/or networks, different devices and/or networks, or differently arranged devices and/or networks than those shown in Fig. 2) (§ 0064, Lines 6-9; Normalizing the stored contextual information may support comparison of contextual information that was obtained, from network traffic, by different devices (e.g., network device 210 and peer device 240))

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claim 19, the ’564 patent discloses the system as recited in claim 17. 

The ‘564 patent does not appear to disclose wherein the one or more processors are further configured to determine that the first signature is valid responsive to the value exceeding the threshold. 

Pasupathy discloses wherein the one or more processors are further configured to determine that the first signature is valid responsive to the value exceeding the threshold (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Regarding claim 20, the ’564 patent discloses the system as recited in claim 17. 

The ‘564 patent does not appear to disclose wherein the one or more processors are further configured to identify a network environment of the second signature is different from the network environment of the first signature based at least on an identifier of one of the first device providing the first signature or the second device providing the second signature. 

Pasupathy discloses wherein the one or more processors are further configured to identify a network environment of the second signature is different from the network environment of the first signature based at least on an identifier of one of the first device providing the first signature or the second device providing the second signature (§ 0066, Lines 3-10; Context database may include metadata such as, among other things, a virtual local area network (VLAN) identifier and a virtual extensible local area network (VXLAN) identifier).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify the ‘564 patent by integrating the features of Pasupathy in order to determine when an application signature should be generated. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(2) as being anticipated by Pasupathy et al. (U.S. Patent Application Publication No. 2017/0288987, hereinafter “Pasupathy”).

Claims 1 and 9:
Pasupathy discloses a system comprising:
a server (§ 0032, Lines 1-3) configured to: 
identify first and second signatures from different network environments, the first and second signatures identifying different applications at different addresses (§ 0031, Lines 3-6; There may be additional devices and/or networks, different devices and/or networks, or differently arranged devices and/or networks than those shown in Fig. 2) (§ 0064, Lines 6-9; Normalizing the stored contextual information may support comparison of contextual information that was obtained, from network traffic, by different devices (e.g., network device 210 and peer device 240)); 
determining that the first signature is valid responsive to the first signature being the same as the second signature (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)); and 
providing the first signature to first and second devices to route network traffic between the different applications (§ 0074, Lines 1-3; If the threshold is met, process 400 may include generating an application signature based on the contextual information) (§ 0082, Lines 1-3; Process 400 may include adding the normalized generated application signature to a local application signature database) (§ 0083, Lines 1-4; Process 400 may include sending the normalized generated application signature to the peer device and, if public, to a signature provider device) (§ 0084, Lines 16-19; Sending the normalized generated application signature to peer devices may support consistent application identification amongst security devices associated with network 270).

The method of claim 1 is implemented by the system of claim 9 and is therefore rejected with the same rationale.

Claims 2 and 10:
Pasupathy further discloses wherein the server is further configured to increment a value for the first signature responsive to the first signature being the same as the second signature (§ 0069, Lines 5-11; The threshold, for an entry in context database 220, may be a hit count (e.g., a number of sessions to the same server with matching contextual information), a hit rate (e.g., a frequency of sessions to the same server with matching contextual information), a number of different source-destination pairs associated with the hits, a new session establishment rate, or the like).

Claims 3 and 11:
Pasupathy further discloses wherein the server is further configured to determine that the value exceeds a threshold (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)). 

Claims 4 and 12:
Pasupathy further discloses wherein the server is further configured to determine that the first signature is valid responsive to the value exceeding the threshold (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)).

Claims 5 and 13:
Pasupathy further discloses wherein the network environment comprises one of an internal network or an external network (Fig. 2, Element 270).

Claims 6 and 14:
Pasupathy further discloses wherein the server is further configured to identify a network environment of the first signature from an identifier of the first device providing the first signature (§ 0066, Lines 3-10; Context database may include metadata such as, among other things, a virtual local area network (VLAN) identifier and a virtual extensible local area network (VXLAN) identifier) (§ 0066, Lines 11-12; The metadata may be used to assist with looking up the obtained contextual information in context database 220).

Claims 7 and 15:
Pasupathy further discloses wherein the server is further configured to identify a network environment of the second signature from an identifier of the second device providing the second signature (§ 0066, Lines 3-10; Context database may include metadata such as, among other things, a virtual local area network (VLAN) identifier and a virtual extensible local area network (VXLAN) identifier) (§ 0066, Lines 11-12; The metadata may be used to assist with looking up the obtained contextual information in context database 220).

Claims 8 and 16:
Pasupathy further discloses wherein one of the first signature or the second signature is generated from application layer information of a packet for a connection (§ 0063, Lines 11-18; Entries in context database 220 may include an assigned name, various protocols being used for the network traffic (e.g., the network layer, transport layer, and application layer protocols), the items of contextual information that were obtained from the network traffic, a threshold for creation of an application signature, and threshold information).

Claim 17:
Pasupathy discloses a system comprising:
one or more processors (§ 0036, Lines 1-2), coupled to memory (§ 0037, Lines 1-2) and configured to:
identify first and second signatures from different network environments, the first and second signatures identifying different applications at different addresses (§ 0031, Lines 3-6; There may be additional devices and/or networks, different devices and/or networks, or differently arranged devices and/or networks than those shown in Fig. 2) (§ 0064, Lines 6-9; Normalizing the stored contextual information may support comparison of contextual information that was obtained, from network traffic, by different devices (e.g., network device 210 and peer device 240));
increment a value for the first signature responsive to the first signature being the same as the second signature (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)); and 
provide, responsive to the value for the first signature exceeding a threshold, the first signature to first and second devices to use for routing network traffic between the different applications (§ 0074, Lines 1-3; If the threshold is met, process 400 may include generating an application signature based on the contextual information) (§ 0082, Lines 1-3; Process 400 may include adding the normalized generated application signature to a local application signature database) (§ 0083, Lines 1-4; Process 400 may include sending the normalized generated application signature to the peer device and, if public, to a signature provider device) (§ 0084, Lines 16-19; Sending the normalized generated application signature to peer devices may support consistent application identification amongst security devices associated with network 270).

Claim 18:
Pasupathy further discloses wherein the one or more processors are further configured to determine that the first signature is valid responsive to the first signature being the same as the second signature (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)) from a different network environment (§ 0031, Lines 3-6; There may be additional devices and/or networks, different devices and/or networks, or differently arranged devices and/or networks than those shown in Fig. 2) (§ 0064, Lines 6-9; Normalizing the stored contextual information may support comparison of contextual information that was obtained, from network traffic, by different devices (e.g., network device 210 and peer device 240)).

Claim 19:
Pasupathy further discloses wherein the one or more processors are further configured to determine that the first signature is valid responsive to the value exceeding the threshold (§ 0070, Lines 1-5; The threshold may be used to determine when an application signature should be generated (e.g., after a finite number of matches, such as where multiple users may be accessing an application that may be becoming a well-known application)).

Claim 20:
Pasupathy further discloses wherein the one or more processors are further configured to identify a network environment of the second signature is different from the network environment of the first signature based at least on an identifier of one of the first device providing the first signature or the second device providing the second signature (§ 0066, Lines 3-10; Context database may include metadata such as, among other things, a virtual local area network (VLAN) identifier and a virtual extensible local area network (VXLAN) identifier).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Applicant is directed to the pertinent prior art referenced in parent application 16/196799. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NAM T TRAN whose telephone number is (408)918-7553. The examiner can normally be reached Monday-Friday 7AM-3PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NAM T TRAN/Primary Examiner, Art Unit 2452