DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This office action is in response to the communication filed on 09/30/2022.
Claims 1-20 are pending.

Response to Arguments
Applicant’s arguments have been considered but found unpersuasive. The examiner respectfully maintains that Shieh teaches a management controller configured to provide out-of-band management of the information handling system (fig. 1, 4, threat sensors for handling potentially malicious request from an attacker to a managed system (such as Attacker 950 and Workload 1550B in fig. 15, [0157]) , the request can involve management traffics addressed to a managed system via, for example, Simple Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP) in [0158]) (fig. 2, [0029], [0031], threat sensor 210 such as a router or firewall device (management controller) monitors traffics to network element 260 (information handling system) and reports threat data to a centralized threat detection system 242 (management controller) via a dedicated connection (dashed line 222-244), which means the management of threats is out-of-band or separate from traffics of the network element 260).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 4-9, 11-15, 17-20 is/are rejected under AIA  35 U.S.C. 103 as being unpatentable over Shieh et al. (US 2017/0180421, “Shieh”) in view of Martin et al. (US 2018/0004948, “Martin”).

For claim 1, Shieh discloses an information handling system comprising:
a management controller configured to provide out-of-band management of the information handling system (fig. 1, 4, threat sensors for handling potentially malicious request from an attacker to a managed system (such as Attacker 950 and Workload 1550B in fig. 15, [0157]) , the request can involve management traffics addressed to a managed system via, for example, Simple Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP) in [0158]) (fig. 2, [0029], [0031], threat sensor 210 such as a router or firewall device (management controller) monitors traffics to network element 260 (information handling system) and reports threat data to threat detection system 242 (management controller) via a dedicated connection (dashed line 222-244), which means management of threats is out-of-band or separate from traffics/data of the network element 260);
wherein the management controller is configured to:
receive network traffic from a client information handling system, the network traffic relating to management of the information handling system (fig. 4, steps 402, fig. 9, 10, receiving a request from a network element such as attacker 950 in fig. 9, the request can involve management traffics addressed to a managed system via, for example, Simple Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP) in [0158]);
transmit at least a portion of the network traffic to a traffic classifier (fig. 4, steps 404, [0158], classifying network traffic can be read as analyzing the network traffic for to identify predefined attack signatures or classifications), 
wherein the traffic classifier is configured to: determine a protocol associated with the network traffic; compare the network traffic with protocol-specific classification data based on the determined protocol; determine, based on the comparison, that the network traffic is malicious ([0158], determining whether communication is malicious based on comparing protocol-specific parameters such as ICMP, TCP and UDP against predefined attack signatures); and
based on the determining the network traffic is malicious, execute a remedial action with respect to the network traffic (fig. 4, steps 420-422, [0038], When a threat is detected, threat detection system 142 may then notify a network administrator of a corresponding network segment, identify the network element, and/or provide additional identification data to enable the network administrator to take remediative actions to address the identified threat to the network segment).
Shieh does not disclose: determine, based on the comparison, a likelihood that the network traffic is malicious; and based on the determined likelihood exceeding a threshold, execute a remedial action.
Martin discloses determine, based on the comparison, a likelihood that the network traffic is malicious; and based on the determined likelihood exceeding a threshold, execute a remedial action ([0055], fig. 4, compare vector to malicious vector database in S270, the system can discard the new vector or otherwise ignore the new vector in Block S262 if the benign confidence score exceeds the malicious confidence score, or generate an alert if the malicious score exceeds a threshold in block S260).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Martin’s teachings of evaluating malicious score and benign score of attack traffic to Shieh’s teachings in order to simply provide an additional remedial action to the remedial actions of Shieh.

Claims 8, 14 are rejected for the same rationale in claim 1.

For claims 2, 9, 15, Shieh discloses the remedial action includes ignoring the network traffic ([0060], dropping the packets of the network element that initiated the request).

For claims 4, 11, 17, Shieh discloses the remedial action includes notifying an administrator ([0038], [0060]).

For claims 5, 18, Shieh discloses the traffic classifier is configured to execute in a plurality of containers on a traffic classifier information handling system (fig. 9, 10, containers in a threat detection system).

For claims 6, 13, 19, Shieh discloses the traffic classifier is configured to execute in a plurality of containers on a plurality of traffic classifier information handling systems (fig. 10, 1, containers in each threat detection system).

For claims 7, 12, 20, Shieh discloses the protocol-specific classification data (Shieh, [0158], protocol-specific attack features)
Shieh does not disclose the traffic classifier is further configured to: receive input from an administrator indicating an accuracy of the determined likelihood; and update the protocol-specific classification data based on the input.
Martin discloses the traffic classifier is further configured to: receive input from an administrator indicating an accuracy of the determined likelihood; and update classification data based on the input ([0046], the system can recalculate a risk threshold upon receipt of additional labeled data or other feedback from security personnel on the same network).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Martin’s teachings of admin’s feedback to update classification data to Shieh’s protocol-specific signature data in order to improve accuracy of Shieh by eliminating false negatives and reducing false positives (Martin, [0046]).

Claim(s) 3, 10, 16 is/are rejected under AIA  35 U.S.C. 103 as being unpatentable over Shieh-Martin in view of Mushtaq et al. (US 10,764,313, “Mushtaq”).

For claims 3, 10, 16, for the same rationale in claims 1, 8, 14, Shieh-Martin does not disclose the remedial action includes blocking future network traffic from the client information handling system.
Mushtaq discloses remedial action includes blocking future network traffic from the client information handling system (col. 5, l. 36-39, fig. 5, block all subsequent communication associated with the malicious session)
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Mushtaq’s teachings of blocking future malicious traffic to Shieh-Martin’s teachings in order to simply provide an additional remedial action to the remedial actions of Shieh.

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HIEU T HOANG whose telephone number is (571)270-1253. The examiner can normally be reached Mon-Fri 9 AM -5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HIEU T HOANG/Primary Examiner, Art Unit 2452