DETAILED ACTION


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2. This office correspondence is in response to the application filed on 9/13/2021.
3. Claims 1-18 are cancelled.
4. Claims 19-35 are pending.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 19- 35 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-16 of U.S. Patent No 11,121,905 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because Claims 19 and 27 of instant application teaches all the limitations of the current limitation, except for the limitation “identifying a state of the modified deterministic finite automaton without computed followers”. However, it would been obvious to implement the current subject matter so that each follower of the original state, a new vector of original states can be computed, where the original state has been replaced by its follower.

Instant Application
Patent No: US 11,121,905 B2
Claim 19. A method for migrating a data schema, comprising:
combining a first deterministic finite automaton configured for use in firewall processing of network data with a second 

deterministic finite automaton configured for use in firewall processing of network data using a processor operating under algorithmic control to generate a modified deterministic finite automation;



computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state using the processor to migrate data from the first deterministic finite automaton to the second deterministic finite automaton for use in firewall processing of network data; and
merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state.
Claim 1. A method for migrating a data schema, comprising: 
combining a first deterministic finite automaton configured for use in firewall processing of network data at a first network firewall with a second deterministic finite automaton configured for use in firewall processing of network data at a second network firewall to generate a modified deterministic finite automation;
 identifying a state of the modified deterministic finite automaton without computed followers; and 
computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state to migrate data from the first deterministic finite automaton to the second deterministic finite automaton for use in firewall processing; and

merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state.
Claim 27. A system for migrating a data schema, comprising:
one or more processors with memory configured to execute one or more algorithms that perform the steps of:
combining a first deterministic finite automaton configured for use by a first network firewall with a second deterministic finite automaton configured for use by a second network firewall to generate a modified deterministic finite automation
computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state to migrate data from the first deterministic finite automaton to the second 




deterministic finite automaton for use in firewall processing of network data; and
merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state.


Claim 9. A system for migrating a data schema, comprising:
one or more processors with memory configured to execute one or more algorithms that perform the steps of: combining a first deterministic finite automaton configured for use in firewall processing of network data at a first network firewall with a second deterministic finite automaton configured for use in firewall processing of network data at a second network firewall to generate a modified deterministic finite automation identifying a state of the modified deterministic finite automaton without computed followers; and computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state to migrate data from the first deterministic finite automaton to the second deterministic finite automaton for use in firewall processing of network data; and merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 19-35 are rejected under 35 U.S.C. 103 as being unpatentable over Pandya (Pub No: US 2006/0136570 A1) in view of Ganesh et al. (Pub No: US 2019/0007374 A1) .

Regarding claim 19. Pandya teaches a method for migrating a data schema (Pandya [0175] , Fig 1 ), comprising:
combining a first deterministic finite automaton configured for use in firewall processing of network data with a second deterministic finite automaton configured for use in firewall processing of network data using a processor operating under algorithmic control to generate a modified deterministic finite automation (Pandya [0439] and [0447] combination of NFAs and DFAs interpreted first deterministic finite automaton and second deterministic finite automaton as to evaluate a set of regular expressions composite DFA that may be implemented on the content search/rule processing engines, 7106 to add another search processor for firewall interpreted as in firewall processing under algorithmic control to generate a modified deterministic finite automation);
computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state using the processor to migrate data from the first deterministic finite automaton to the second deterministic finite automaton for use in firewall processing of network data (Pandya [0440] and [0441] and [0447] DFA context controller, 8200, provides the context and the pointer of the instruction, where vector(s) to be evaluated by the DFA operations engine, 8204 interpreted as new vector of original states for each state of the modified deterministic finite automaton , the DFA operation would represent the evaluation of transitions from a state of the DFA. would typically be the one for the state that the DFA transitions supported as a composite DFA that may be implemented on the content search/rule processing engines for firewall interpreted as deterministic finite automaton for use in firewall processing of network data) .
Pandya does not teach computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state using the processor to migrate data from the first deterministic finite automaton to the second deterministic finite automaton for use in firewall processing of network data.
However Ganesh teaches merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state (Ganesh [0024] , [0029] and [0030] next generation firewalls control applications, content—not just ports, IP addresses, and packets where function specific processing that is tightly integrated interpreted as merging firewall-specific metadata using a deterministic finite automaton (e.g., application identification (App ID) applied to flow state matching) interpreted as second deterministic finite automaton for each state of the modified deterministic finite automaton performing a reduced deterministic finite automaton lookup using a lookup key, interpreted as modified deterministic finite automaton corresponding to the identified state ).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Pandya by incorporating the teachings of Ganesh.
Doing so a firewall can filter inbound traffic by applying a set of rules or policies to prevent unwanted outside traffic from reaching protected devices. A firewall can also filter outbound traffic by applying a set of rules or policies (e.g., allow, block, monitor, notify or log, and/or other actions can be specified in firewall rules or firewall policies, which can be triggered based on various criteria, such as described herein).

Regarding claim 20. Pandya and Ganesh teach the method of claim 19 and Pandya further teaches comprising:
determining whether the merged metadata is an error state associated with an unsupported feature (Pandya [0411] state look-up performed in parallel is used to identify if the retrieved state is a terminating state or an error state or a continuing or accepting state. The content search state machine, block 7404 effectively iterates through steps as outlined above until an error is found or a match is found or the packet interpreted as an error state associated with an unsupported feature ); and
generating a user direction on a user interface device identifying the error state associated with the unsupported feature if the merged metadata is the error state associated with the unsupported feature (Pandya [0441] and [0442] error state in which case the DFA may be restarted at the initial or the start state interpreted as identifying the error state associated with the unsupported feature ).

Regarding claim 21. Pandya and Ganesh teach the method of claim 20 and Pandya further teaches comprising adding the merged metadata to a combined deterministic finite automaton if the merged metadata is not the error state associated with the unsupported feature (Pandya [0441] and [0442] error state in which case the DFA may be restarted at the initial or the start state interpreted as merged metadata is not the error state associated with the unsupported feature) .

Regarding claim 22. Pandya and Ganesh teach the method of claim 21 and Pandya further teaches comprising generating a transition from the state of the modified deterministic finite automaton to a new state that omits a transition to the error state associated with the unsupported feature (Pandya [0418], [0441] and [0442] FSA is constructed the markings are removed interpreted as new state that omits a transition to the error state in error state in which case the DFA may be restarted at the initial or the start state interpreted as merged metadata is not the error state associated with the unsupported feature).

Regarding claim 23. Pandya and Ganesh teach the method of claim 20 and Pandya further teaches wherein determining whether the merged metadata is the error state comprises determining whether the merged metadata includes an unresolvable conflict ( Pandya [0408] , [0441] and [0442] error state in which case the DFA connection include ID is created and resolved in case of a hash conflict interpreted as unresolvable conflict ).

Regarding claim 24. Pandya and Ganesh teach the method of claim 20 and Pandya further teaches wherein determining whether the merged metadata is the error state comprises determining whether the new vector includes an error state (Pandya [0440] and [0441] and [0447] DFA context controller, 8200, provides the context and the pointer of the instruction, where vector(s) to be evaluated by the DFA operations engine, 8204 interpreted whether the new vector includes an error state).

Regarding claim 25. Pandya and Ganesh teach the method of claim 19 and Pandya further teaches wherein the first deterministic finite automaton is associated with a schema of a firewall system (Pandya [0439] and [0447] combination of NFAs and DFAs interpreted as deterministic finite automaton to add another search processor for firewall interpreted as deterministic finite automaton is associated with a schema of a firewall system).

Regarding claim 26. Pandya and Ganesh teach the method of claim 19 and Pandya further teaches wherein the first deterministic finite automaton is associated with a schema of a firewall system that includes at least one name and at least one Internet protocol address ( Pandya [0343], [0344] and [0348] firewall comprise of IP addresses for source, destination, L2 addresses for source ).

Regarding claim 27. Pandya teaches a system for migrating a data schema, comprising:
one or more processors with memory configured to execute one or more algorithms that perform the steps (Pandya [0033] and [0034] processors with memory to algorithms ) of:
combining a first deterministic finite automaton configured for use by a first network firewall with a second deterministic finite automaton configured for use by a second network firewall to generate a modified deterministic finite automation (Pandya [0439] and [0447] combination of NFAs and DFAs interpreted first deterministic finite automaton and second deterministic finite automaton as to evaluate a set of regular expressions composite DFA that may be implemented on the content search/rule processing engines, 7106 to add another search processor for firewall interpreted as in firewall processing under algorithmic control to generate a modified deterministic finite automation);
computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state to migrate data from the first deterministic finite automaton to the second deterministic finite automaton for use in firewall processing of network data (Pandya [0440] and [0441] and [0447] DFA context controller, 8200, provides the context and the pointer of the instruction, where vector(s) to be evaluated by the DFA operations engine, 8204 interpreted as new vector of original states for each state of the modified deterministic finite automaton , the DFA operation would represent the evaluation of transitions from a state of the DFA. would typically be the one for the state that the DFA transitions supported as a composite DFA that may be implemented on the content search/rule processing engines for firewall interpreted as deterministic finite automaton for use in firewall processing of network data).
Pandya does not teach merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state.
However Ganesh teaches merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state (Ganesh [0024] , [0029] and [0030] next generation firewalls control applications, content—not just ports, IP addresses, and packets where function specific processing that is tightly integrated interpreted as merging firewall-specific metadata using a deterministic finite automaton (e.g., application identification (App ID) applied to flow state matching) interpreted as second deterministic finite automaton for each state of the modified deterministic finite automaton performing a reduced deterministic finite automaton lookup using a lookup key, interpreted as modified deterministic finite automaton corresponding to the identified state ).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Pandya by incorporating the teachings of Ganesh.
Doing so a firewall can filter inbound traffic by applying a set of rules or policies to prevent unwanted outside traffic from reaching protected devices. A firewall can also filter outbound traffic by applying a set of rules or policies (e.g., allow, block, monitor, notify or log, and/or other actions can be specified in firewall rules or firewall policies, which can be triggered based on various criteria, such as described herein)..

Regarding claim 28. Pandya and Ganesh teach the system of claim 27 and Ganesh further teaches wherein the one or more algorithms are further configured to perform the step of merging firewall-specific metadata from the first deterministic finite automaton with firewall-specific metadata from the second deterministic finite automaton for each state of the modified deterministic finite automaton corresponding to the identified state (Ganesh [0024] , [0029] and [0030] next generation firewalls control applications, content—not just ports, IP addresses, and packets where function specific processing that is tightly integrated interpreted as merging firewall-specific metadata using a deterministic finite automaton (e.g., application identification (App ID) applied to flow state matching) interpreted as second deterministic finite automaton for each state of the modified deterministic finite automaton performing a reduced deterministic finite automaton lookup using a lookup key, interpreted as modified deterministic finite automaton corresponding to the identified state ).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Pandya by incorporating the teachings of Ganesh.
Doing so a firewall can filter inbound traffic by applying a set of rules or policies to prevent unwanted outside traffic from reaching protected devices. A firewall can also filter outbound traffic by applying a set of rules or policies (e.g., allow, block, monitor, notify or log, and/or other actions can be specified in firewall rules or firewall policies, which can be triggered based on various criteria, such as described herein)..

Regarding claim 29. Pandya and Ganesh teach the system of claim 28 and Pandya further teaches wherein the one or more algorithms are further configured to perform the steps of:
determining whether the merged metadata is an error state in a vector (Pandya [0411] state look-up performed in parallel is used to identify if the retrieved state is a terminating state or an error state or a continuing or accepting state. The content search state machine, block 7404 effectively iterates through steps as outlined above until an error is found or a match is found or the packet interpreted as an error state associated with an unsupported feature ); and
generating a user direction on a user interface device identifying the error state if the merged metadata is an error state (Pandya [0441] and [0442] error state in which case the DFA may be restarted at the initial or the start state interpreted as identifying the error state associated with the unsupported feature )..

Regarding claim 30. Pandya and Ganesh teach the system of claim 29 and Pandya further teaches wherein the one or more algorithms are further configured to perform the step of adding the merged metadata to a combined deterministic finite automaton if the merged metadata is not an error state (Pandya [0441] and [0442] error state in which case the DFA may be restarted at the initial or the start state interpreted as merged metadata is not the error state associated with the unsupported feature) .

Regarding claim 31. Pandya and Ganesh teach the system of claim 30 and Pandya further teaches wherein the one or more algorithms are further configured to perform the step of generating a transition from the state of the modified deterministic finite automaton to a new state (Pandya [0418], [0441] and [0442] FSA is constructed the markings are removed interpreted as new state that omits a transition to the error state in error state in which case the DFA may be restarted at the initial or the start state interpreted as merged metadata is not the error state associated with the unsupported feature).

Regarding claim 32. Pandya and Ganesh teach the system of claim 29 and Pandya further teaches wherein the one or more algorithms are further configured to perform the step of determining whether the merged metadata includes an unresolvable conflict ( Pandya [0408] , [0441] and [0442] error state in which case the DFA connection include ID is created and resolved in case of a hash conflict interpreted as unresolvable conflict ).

Regarding claim 33. Pandya and Ganesh teach the system of claim 29 and Pandya further teaches wherein the one or more algorithms are further configured to perform the step of determining whether the new vector includes an error state (Pandya [0440] and [0441] and [0447] DFA context controller, 8200, provides the context and the pointer of the instruction, where vector(s) to be evaluated by the DFA operations engine, 8204 interpreted whether the new vector includes an error state)..

Regarding claim 34. Pandya and Ganesh teach the system of claim 27 and Pandya further teaches wherein the first deterministic finite automaton is associated with a schema of a firewall system (Pandya [0439] and [0447] combination of NFAs and DFAs interpreted as deterministic finite automaton to add another search processor for firewall interpreted as deterministic finite automaton is associated with a schema of a firewall system).

Regarding claim 35. Pandya and Ganesh teach the system of claim 27 and Pandya further teaches wherein the first deterministic finite automaton is associated with a schema of a firewall system that includes at least one name and at least one Internet protocol address ( Pandya [0343], [0344] and [0348] firewall comprise of IP addresses for source, destination, L2 addresses for source )..

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZIA KHURSHID whose telephone number is (571)272-5942. The examiner can normally be reached Monday-Friday 8:45 AM - 5:15 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Z.K/Examiner, Art Unit 2455 

/EMMANUEL L MOISE/Supervisory Patent Examiner, Art Unit 2455