Notice of Pre-AIA  or AIA  Status
Claims 1-20 remain for examination.  The amendment filed 11/14/22 amended claims 1, 8, & 15.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/14/22 has been entered.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot in view of the new grounds of rejection.

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim(s) 1-3, 5-10, 12-17, 19, & 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Purusothaman (U.S. Patent Publication 2019/0364072) in view of Agarwal (U.S. Patent Publication 2017/0180322) in view of “Web Application Firewall User Guide” (hereinafter, “Huawei”) in view of Wu (U.S. Patent Publication 2016/0164837).

Regarding claims 1, 8, & 15:
Purusothaman discloses a computer-implementable method, system, and non-transitory computer readable storage medium for management of a distributed web application firewall (WAF) cluster comprising: configuring an infrastructure of the WAF cluster that includes one or more WAFs, for one or more protected applications (general overview of the invention as an all-purpose configuration tool at e.g. paragraph 0060; specific use cases for configuring one or more WAFs beginning at paragraph 0061 et al.) wherein the configuring includes a ruleset for the WAF cluster directed to one or more security rules (e.g. paragraphs 0005, 0015, 0022, & 0061-0064); validating the configured infrastructure of the WAF cluster (paragraphs 0021 & 0097); and implementing the validated WAF cluster as a route service for the one or more applications (e.g. paragraphs 0062-0063). Further regarding claim 8, Purusothaman additionally discloses a processor, data bus, and memory (paragraphs 0104-0106).
Given that the primary focus of the Purusothaman invention is directed toward configuring the WAF ruleset, Purusothaman says little regarding the actual function of the “one or more security rules” that one can configure within the WAF.  However, Agarwal explicitly teaches in the disclosure of a related invention for configuring WAFs that the ruleset of a WAF can be directed toward the access of requestors to the protected applications, and that the WAF validates requests to the protected applications based on the ruleset (Agarwal, paragraph 0013).  It would have been immediately obvious prior to the filing date of the instant application for the one or more security rules in Purusothaman’s WAF to validate requests to protected resources, including but not limited to the advantage that such security rules can be used to block harmful requests such as SQL injections, session hijackings, buffer overflow attacks, etc. (Agarwal, Ibid).
	Purusothaman and Agarwal are silent regarding configuring the administrative settings of the WAF cluster including IP addresses to be blocked based on the log entries written to logging repositories by the WAF cluster.  However, Huawei discloses a known prior art WAF product comprising inter alia the ability for an administrator to manually configure a blacklist of IP addresses for the WAF to block traffic from (pages 39-40, “5.4 Configuring Blacklist and Whitelist Rules”; see also pages 72-74 regarding using the event logs as the basis to make changes to the rules).  It would have been immediately obvious prior to the effective filing date of the instant invention for one to use a known WAF product that allows one to configure IP address blacklists as the basis for the modified WAF disclosed by Purusothaman and/or Agrawal, as this was clearly a known option within the grasp of a person of ordinary skill in the art.  If using a Huawei WAF would lead to success, it would be the result not of innovation but of ordinary skill and common sense.
	None of the aforementioned references disclose wherein the WAF cluster is configured and updated as to a tailored suite for a particular user.  However, Wu discloses a related invention pertaining to WAF clusters wherein the ability to customize the WAF for individual users [tenants] was well known (Wu, Abstract, paragraphs 0003-0006, 0018, 0036, etc.)  It would have been immediately obvious prior to the filing date of the instant application to customize the rules for individual tenants, in order to solve the known problems with a single universal ruleset for all (see Wu, paragraph 0004).

Regarding claims 2, 9, & 16:	The combination further discloses wherein the configuring is performed by provisioning, binding, updating, and/or deleting the infrastructure of the WAF cluster (Purusothaman: e.g. paragraphs 0062-0063). 

Regarding claims 3, 10, & 17:	The combination further discloses wherein the configuring is performed at a software deployment platform (Purusothaman: paragraph 0012). 

Regarding claims 5, 12, & 19:	The combination further discloses wherein the configuring is through a WAF management user interface accessible by a user of the WAF cluster and a security administrator (Purusothaman: paragraphs 0061 [particularly the last sentence] and 0062; see also Figures 3-30C for illustrations of the user interface). 

Regarding claims 6 and 13:
	The combination further discloses wherein WAF management user interface provides for alerts as to suspicious addresses of requestors to the protected applications (Huawei, pages 16-18, “3.2 Viewing an Audit Trace”; and pages 59-64, “7.2 Viewing Event Logs”, “7.3 Enabling Alarm Notification”, & “7.4 Handling Misreported Alarms”).

Regarding claims 7, 14, & 20:	The combination further discloses connecting to a logging system that tracks WAF logs (Purusothaman: the firewall device log module of Figure 5 & paragraph 0069; Huawei: Ibid). 
Claims 4, 11, & 18 are rejected under 35 U.S.C. 103 as being unpatentable over Purusothaman in view of Agarwal in view of Huawei in view of Wu as applied to claims 1, 8, & 15 above, and further in view of Lewis (U.S. Patent Publication 2020/0036615).

Regarding claims 4, 11, & 18:	Purusothaman, Huawei, Wu, and Agarwal are silent regarding wherein the WAF cluster resides in a container orchestration tool.  However, Lewis discloses a related invention for implementing WAFs (e.g. Lewis, Abstract) comprising this limitation (Lewis, paragraph 0015).  It would have been obvious prior to the effective filing date of the instant application for the WAFs of Purusothaman’s invention to reside in a container orchestration tool as disclosed by Lewis, as doing so allows one to inter alia better manage load balancing and decrease the overall latency of the application during times of heavy workload (Lewis, Ibid).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: U.S. Patent Publication 2015/0264011 (Liang) (paragraph 0037).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        11/17/2022