Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 1-5, 7, 11-15 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rothstein et al. (US 2014/0280908) in view of Zill et al. (US 2008/0201109).

Regarding claim 1, Rothstein discloses a method comprising: 
receiving, from a plurality of sensors in a network, data packets of a network flow of the network (Rothstein, paragraph [0009], to monitor flows of packets, monitored network traffic may be aggregated from multiple tap points using multiple network taps); 
determining that a first sensor of the plurality of sensors sensed and reported a first data packet of the network flow, wherein the first data packet arrived earliest of the data packets of the network flow (Rothstein, paragraph [0031], Network Monitor Device [NMD] monitors packets in a session; paragraph [0042], enable monitoring and analysis of selected flows that include packets that are determined to be non-duplicative [earliest]; paragraph [0043], disregarding the duplicate packet);
in response to determining that the first sensor received the first data packet, selecting the first sensor from among the plurality of sensors (Rothstein, paragraph [0031], Network Monitor Device [NMD] monitors packets in a session; paragraph [0042], enable monitoring and analysis of selected flows that include packets that are determined to be non-duplicative [earliest]; paragraph [0043], disregarding the duplicate packet); 
preserving ones of the data packets sensed and reported from the first sensor for analysis of the network (Rothstein, paragraph [0005], network monitor employed to monitor and record [preserve] packets of data communicated over a network; paragraph [0009], to monitor flows of packets, monitored network traffic may be aggregated from multiple tap points using multiple network taps; paragraph [0042], enable monitoring and analysis [preserve] of selected flows that include packets that are determined to be non-duplicative); 
determining duplicative ones of the data packets sensed and reported (Rothstein, paragraph [0042], detect each received packet that is a duplicate; paragraph [0043], disregarding the duplicate packet) from at least one second sensor of the plurality of sensors based upon the data packets reported from the specific sensor (Rothstein, paragraph [0009], to monitor flows of packets, monitored network traffic may be aggregated from multiple tap points using multiple network taps); 
discarding the duplicative ones of the data packets (Rothstein, paragraph [0042], enable monitoring and analysis of selected flows that include packets that are determined to be non-duplicative; paragraph [0043], disregarding the duplicate packet); and 
analyzing the network flow based on the ones of the data packets and non-duplicative ones of the data packets reported from the at least one second sensor (Rothstein, paragraph [0005], analysis of monitored and recorded packets; paragraph [0009], to monitor flows of packets, monitored network traffic may be aggregated from multiple tap points using multiple network taps; paragraph [0042], enable monitoring and analysis of selected flows that include packets that are determined to be non-duplicative).  
Rothstein does not explicitly disclose determining a first sensor of the plurality of sensors with the highest packet count.
Zill discloses determining a first sensor from among the plurality of sensors determining a first sensor of the plurality of sensors and a timestamp of the received data packets, and in response to determining that the sensor received more data packets than other sensors of the plurality of sensors, selecting the first sensor from among the plurality of sensors (Zill, paragraph [0010], select the monitor with highest packet count of packets transmitted; paragraph [0048], record the start and end timestamp of the packets; paragraph [0065], select monitors that had the highest confidence, overheard the most packets; paragraph [0049], aggregate the start and end timestamps of the packets). 
 It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to store the timestamps of the data packets and to determine a specific monitor/sensor with the highest packet count, as in Zill, use the timestamps to determine an earliest one of the data packets and determine a sensor based on a determination that the first sensor sensed an earliest one of the data packets, as in the invention of Rothstein.  The motivation to combine the references would have been to identify and select a best monitor for network analysis.

Regarding claim 2, Rothstein in view of Zill discloses the method of claim 1, further comprising: analyzing the data packets from the plurality of sensors to determine a number of data packets sensed by each of the plurality of sensors (Zill, paragraph [0010], monitors store the packet count of packets transmitted; paragraph [0065]),
wherein the first sensor has sensed the most of the number of the data packets among the plurality of sensors (Zill, paragraph [0010], monitor with highest confidence has the highest packet count; paragraph [0065]).  It would have been obvious to a person of ordinary skill in the art, at the time of the invention, to determine a specific monitor with the highest packet count in the invention of Rothstein.  The motivation to combine the references would have been to determine a monitor with the highest confidence.

Regarding claim 3, Rothstein in view of Zill discloses the method of claim 1, wherein the receiving, from the plurality of sensors, the data packets of the network flow (Rothstein, paragraph [0009], monitor flows of packets) comprises: 
receiving, from the plurality of sensors, the data packets for a predetermined time period (Zill, paragraph [0047], number of packets received in a given time period), 
wherein the first sensor is determined based on the data packets of the network flow sensed during the predetermined time period (Zill, paragraph [0047], number of packets received in a given time period).  It would have been obvious to a person of ordinary skill in the art, at the time of the invention, to determine a specific monitor with the highest packet count in a time period in the invention of Rothstein.  The motivation to combine the references would have been to determine a monitor with the highest confidence.

Regarding claim 4, Rothstein in view of Zill discloses the method of claim 1, wherein the receiving, from the plurality of sensors, the data packets of the network flow further comprises: 
sampling the data packets of the network flow received from the plurality of sensors to yield sample data packets (Zill, paragraph [0047], number of packets received in a given time period), 31Attorney Docket No.: 085115-544752(999638-US.01) 
wherein the first sensor is determined based on the sampled data packets (Zill, paragraph [0010], monitor with highest confidence has the highest packet count; paragraph [0047], number of packets received in a given time period). 
It would have been obvious to a person of ordinary skill in the art, at the time of the invention, to determine a specific monitor with the highest packet count in a time period [sampling] in the invention of Rothstein.  The motivation to combine the references would have been to determine a monitor with the highest confidence.

Regarding claim 5, Rothstein in view of Zill discloses the method of claim 1, further comprising: 
reconciling the data packets (Rothstein, paragraph [0048], flows may be identified for monitoring that correspond to a selected node or network device); and 
determining a number of the non-duplicative ones of the data packets (Rothstein, paragraph [0042], enable monitoring and analysis of selected flows that include packets that are determined to be non-duplicative; paragraph [0043], disregarding the duplicate packet), 
wherein the first sensor has sensed most the number of the non-duplicative ones of the data packets among the plurality of sensors (Zill, paragraph [0010], monitor with highest confidence has the highest packet count; paragraph [0065]).  

Regarding claim 7, Rothstein in view of Zill discloses the method of claim 1, further comprising: 
analyzing the data packets to determine the timestamp for each of the data packets (Zill, paragraph [0048], start timestamp), 
wherein the determination is that the first sensor is an optimal sensor from among the plurality of sensors because the first sensor sensed and reported the first data packets (Rothstein, paragraph [0009], to monitor flows of packets, monitored network traffic may be aggregated from multiple tap points using multiple network taps, paragraph [0042], enable monitoring and analysis of selected flows that include packets that are determined to be non-duplicative; paragraph [0043], disregarding the duplicate packet).  

Claims 11-15 are rejected under substantially the same rationale as claims 1-5, respectively.  Rothstein further discloses a processor; and a computer-readable storage medium storing instructions which, when executed by the processor (Rothstein, paragraph [0062]).

Claims 18-19 are rejected under substantially the same rationale as claims 1-2, respectively.


Claim 6, 16 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rothstein in view of Zill, and further in view of Ahn et al. (US 2016/0234083).

Regarding claim 6, Rothstein in view of Zill discloses the method of claim 1, wherein the data packets of the network flow comprise a set of information to uniquely identify the network flow, the set of information including a source address, a destination address, a protocol timestamp (Rothstein, paragraph [0114], protocol, IP addresses), a starting timestamp (Zill, paragraph [0048], start timestamp). 
Ahn discloses wherein the data packets of the network flow comprise a set of information to uniquely identify the network flow, the set of information including a source address, a destination address, a source port, destination port, a protocol, a user identification (ID), and the timestamp (Ahn, paragraph [0041], protocol type, network addresses, authentication information, ports, timestamp).  It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to store the flow information of Ahn in the invention of Rothstein in view of Zill.  The motivation to combine the references would have been to store the information about the flows.

Claim 16 is rejected under substantially the same rationale as claims 6-7.

Claim 20 is rejected under substantially the same rationale as claims 6-7.


Claim 8-10 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rothstein in view of Zill, and further in view of Copeland, III et al. (US 2007/0180526).

Regarding claim 8, Rothstein in view of Zill discloses the method of claim 1, wherein the network flow is a first user datagram protocol (UDP) network flow (Rothstein, paragraph [0027], UDP), further comprising: 
using a new flow start-time (Zill, paragraph [0048], start timestamp) to distinguish a second UDP network flow from the first UDP network flow (Rothstein, paragraph [0027], UDP).  
Copeland, III discloses determining the first UDP network flow is inactive for a predetermined time period (Copeland, III, paragraph [0114], flows inactive for a certain time period).  It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to determining that the first UDP network flow has being inactive for a predetermined time period in the invention of Rothstein in view of Zill.  The motivation to combine the references would have been to determine when a flow is finished.

Regarding claim 9, Rothstein in view of Zill discloses the method of claim 1, wherein the network flow is a transmission control protocol (TCP) network flow (Rothstein, paragraph [0028], TCP), further comprising: 
Copeland, III discloses determining a start of the TCP network flow based on a three-way hand-shake (Copeland, III, Fig. 3; paragraphs [0071]-[0073], three-way handshake: SYN – SYN-ACK - ACK, flows inactive for a certain time period).  It would have been obvious to a person of ordinary skill in the art, at the time of the invention, to use a three-way handshake in the invention of Rothstein in view of Zill.  The motivation to combine the references would have been to synchronize the communication.

32Attorney Docket No.: 085115-544752(999638-US.01)Regarding claim 10, Rothstein in view of Zill, and further in view of Copeland, III discloses the method of claim 9, further comprising: determining an end of the TCP network flow based on a four-way hand-shake (Copeland, III, Fig. 3; paragraphs [0075]-[0077], FIN-ACK – ACK – FIN-ACK - ACK).  

Claim 17 is rejected under substantially the same rationale as claims 9-10.


Response to Arguments
Applicant's arguments filed October 10, 2022 have been fully considered but they are not persuasive.
Applicant asserts that “The notion that one data packet of an entire flow of data packets not being a duplicate data packet and is therefore somehow the earliest data packet in the entire flow is incorrect.”  However, this statement does not reflect the claim language or any interpretation made by the Examiner.  
Applicant further asserts that determining if a packet is duplicative is irrelevant to determining an earliest data packet.  However, this is incorrect.  A duplicative data packet is necessarily later in time than the earlier packet of which is was duplicative.   That earlier packet is the first/earliest packet of a flow beginning with that packet.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LOUIS LINDENBAUM whose telephone number is (571)270-3858. The examiner can normally be reached Monday through Friday 9:00 AM to 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Faruk Hamza can be reached on (571) 272-7969. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALAN L LINDENBAUM/Examiner, Art Unit 2466                                                                                                                                                                                                        
/CHRISTOPHER M CRUTCHFIELD/Primary Examiner, Art Unit 2466