Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.        Claims 1 - 20 are pending.  Claims 1, 17, 19 are independent.   File date on 3-3-2022.  

Claim Objections
2.        Claims 13, 14, 15 appear to be lined out.   For this Office Action, the Examiner is processing claims 13, 14, 15.   Appropriate correction is required.

Double Patenting
3.         The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s).  See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

4.        Initially it should be noted that the present application is a continuation application of application 16/730037, now Patent No. 11,310,053, having the same inventive entity.  The Assignee in both applications is the same.  The entire disclosures of the instant application and the patent are identical. 
           Claims 1 - 20 are rejected under the judicially created doctrine of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1 - 22 of U.S. Patent No. 11,310,053.  Although the conflicting claims are not identical, they are not patentably distinct from each other.
          Claims 1, 17, 19 of the instant application (17/686280) are almost the same as Patent (11,310,053) Claims 1, 15, 21.  Claim 1 of the 11,310,053 Patent as shown in the table below contains every element of Claim 1 of the instant application and as such the difference is not enough to distinguish the two claims.  Claims 1, 17, 19 of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting.   A later patent/application claim is not patentably distinct from an earlier claim, if the later claim is unpatentable over the earlier claim.  

Application 17/686280
Claim 1

Patent (11,310,053)
Claim 1
“receiving a client data packet from network traffic with a client device”
“receiving a client data packet from network traffic with a client device”
“extracting a set of packet components from the client data packet”
“extracting a set of packet components from the client data packet”
“generating a multiple tiered client fingerprint with an overall client fingerprint based on an encoding of a collection of the set of packet components and a set of sub-fingerprints based on individually encoded packet components from the set of packet components”
“generating a multiple tiered client fingerprint with an overall client fingerprint from the hash of the set of hashed packet components and a set of sub-fingerprints from the set of hashed packet components”
“assigning a client type to the network traffic using the multiple tiered client fingerprint”
“assigning a client type to the network traffic using the multiple tiered client fingerprint”



Claim Rejections - 35 USC § 103  
5.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

6.        Claims 1 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Althouse et al. (US PGPUB No. 20180324153) in view of Kuperman et al. (US PGPUB No. 20170223049).     	
 
Regarding claim 1, Althouse discloses a method comprising: 
a)  receiving a client data packet from network traffic with a client device; (Althouse ¶ 051, ll 1-8: monitoring packet data traffic over a network; network packet analyzer; detecting a client hello packet received from a client seeking to begin a session; (network traffic analogous to sequence of data packets))       
b)  extracting a set of packet components from the client data packet; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string) and 
d)  assigning a client type to the network traffic using the client fingerprint. (Althouse ¶ 026, ll 10-19: hierarchical role model used; users at one permission level may have access to applications, data, and database information accessible by a lower permission level user, but may not have access to applications, data, and database information accessible to a user at a higher permission level; different users have different capabilities with regard to accessing and modifying application and database information depending on respective security or permission levels)           

Furthermore, Althouse discloses for c): generating a client fingerprint with an overall client fingerprint based on an encoding of a collection of the set of packet components and a set of sub-fingerprints based on individually encoded packet components from the set of packet components. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters), 32 characters long)

Althouse does not explicitly disclose for c): generating a multiple tiered client fingerprint, and for d): multi-tiered client fingerprint. 
However, Kuperman discloses: 
c)  generating a multiple tiered client fingerprint; and d): multi-tiered client fingerprint.  (Kuperman ¶ 081, ll 1-15: determine fingerprint of a client based on one or more attributes; combination of these client attributes, which may be represented as Boolean (true/false) values, whole values, or character value make up the fingerprint of the client; the values are hashed, in which case the fingerprint of the client may be a hash value of the client attributes; (fingerprint generated based on multiple client attributes, combined fingerprint)) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Althouse for c): generating a multiple tiered client fingerprint, and for d): multi-tiered client fingerprint as taught by Kuperman.  One of ordinary skill in the art would have been motivated to employ the teachings of Kuperman for the benefits achieved from a system that enables the generation of a client fingerprint utilizing multiple attributes. (Kuperman ¶ 081, ll 1-15)  

Regarding claim 2, Althouse-Kuperman discloses the method of claim 1, wherein the client data packet is a client hello message received during negotiation during a cryptographic protocol.  (Althouse ¶ 051, ll 1-8: fingerprint a client based on a TLS (i.e. cryptographic protocol); monitoring packet data traffic over a network; network packet analyzer; detecting a client hello packet received from a client seeking to begin a session; (network traffic analogous to sequence of data packets); ¶ 043, ll 1-4: TLS is a security technology or protocol for establishing an encrypted link (i.e. cryptographic protocol) between web server and client)     

Regarding claim 3, Althouse-Kuperman discloses the method of claim 2, wherein the cryptographic protocol is a transport layer security (TLS) protocol. (Althouse ¶ 051, ll 1-8: fingerprint a client based on a TLS (i.e. cryptographic protocol); monitoring packet data traffic over a network; network packet analyzer; detecting a client hello packet received from a client seeking to begin a session; (network traffic analogous to sequence of data packets); ¶ 043, ll 1-4: TLS is a security technology or protocol for establishing an encrypted link (i.e. cryptographic protocol) between web server and client)    

Regarding claim 4, Althouse-Kuperman discloses he method of claim 2, further comprising filtering the network traffic of the client device based at least in part on the client type. (Althouse ¶ 026, ll 10-19: hierarchical role model used; users at one permission level may have access to applications, data, and database information accessible by a lower permission level user, but may not have access to applications, data, and database information accessible to a user at a higher permission level; different users have different capabilities with regard to accessing and modifying application and database information depending on respective security or permission levels)    

Regarding claim 5, Althouse-Kuperman discloses the method of claim 4, wherein assigning the client type to the network traffic using the client fingerprint comprises selecting the client type from a database mapping client fingerprints to a classification of client type. (Althouse ¶ 026, ll 10-19: hierarchical role model used; users at one permission level may have access to applications, data, and database information accessible by a lower permission level user, but may not have access to applications, data, and database information accessible to a user at a higher permission level; different users have different capabilities with regard to accessing and modifying application and database information depending on respective security or permission levels)  
  
Kuperman discloses a multiple tiered client fingerprint (Kuperman ¶ 081, ll 1-15: determine fingerprint of a client based on one or more attributes; combination of these client attributes, which may be represented as Boolean (true/false) values, whole values, or character value make up the fingerprint of the client; the values are hashed, in which case the fingerprint of the client may be a hash value of the client attributes) as stated above.  

Regarding claim 6, Althouse-Kuperman discloses the method of claim 4, wherein the encoding of the collection of the set of packet components is a hash of the collection of the set of packet components; and wherein the individually encoded packet components from the set of packet components are individually hashed packet components from the set of packet components. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters) 32 characters long)    

Regarding claim 7, Althouse-Kuperman discloses the system of claim 6, further comprising individually applying a hash operation to each of the set of packet components to generate the individually hashed packet components from the set of packet components; and applying a second hash operation to the collection of the set of packet components. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters) 32 characters long)  

Regarding claim 8, Althouse-Kuperman discloses the method of claim 7, 
a)  wherein extracting the set of packet components comprises extracting identifying data from a client cipher suite list and a list of compression methods from the client hello message; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string; ¶ 044, l 4: client hello sends attributes to server; ¶ 048, ll 1-5: includes a list of compression algorithms supported by client) and 
b)  wherein generating the client fingerprint comprises encoding the set of packet components into the client fingerprint as a character representation, (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters) 32 characters long; ¶ 044, l 4: client hello sends attributes to server; ¶ 048, ll 1-5: includes a list of compression algorithms supported by client)     
c)  wherein individually applying the hash operation to each of the set of packet components to generate the individually hashed packet components comprises hashing the client cipher suite list and hashing the list of compression methods. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters) 32 characters long; ¶ 044, l 4: client hello sends attributes to server; ¶ 048, ll 1-5: includes a list of compression algorithms supported by client)   
Kuperman discloses a multiple tiered client fingerprint (Kuperman ¶ 081, ll 1-15: determine fingerprint of a client based on one or more attributes; combination of these client attributes, which may be represented as Boolean (true/false) values, whole values, or character value make up the fingerprint of the client; the values are hashed, in which case the fingerprint of the client may be a hash value of the client attributes) as stated above.   

Regarding claim 9, Althouse-Kuperman discloses the method of claim 4, wherein filtering the network traffic further comprises limiting network traffic from a client because of the client type. (Althouse ¶ 026, ll 10-19: hierarchical role model used; users at one permission level may have access to applications, data, and database information accessible by a lower permission level user, but may not have access to applications, data, and database information accessible to a user at a higher permission level; different users have different capabilities with regard to accessing and modifying application and database information depending on respective security or permission levels; (client parameters utilized to control or limit network traffic))    

Regarding claim 10, Althouse-Kuperman discloses the method of claim 2, wherein generating the client fingerprint further comprises encoding the set of packet components into the client fingerprint as a character representation. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters), 32 characters long) 

Kuperman discloses a multiple tiered client fingerprint (Kuperman ¶ 081, ll 1-15: determine fingerprint of a client based on one or more attributes; combination of these client attributes, which may be represented as Boolean (true/false) values, whole values, or character value make up the fingerprint of the client; the values are hashed, in which case the fingerprint of the client may be a hash value of the client attributes) as stated above.      

Regarding claim 11, Althouse-Kuperman discloses the method of claim 10, wherein encoding the set of packet components into the client fingerprint as a character representation of the encoding of the collection of the set of packet components and the set of sub-fingerprints based on the individually encoded packet components from the set of packet components. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters), 32 characters long)    

Kuperman discloses a multiple tiered client fingerprint (Kuperman ¶ 081, ll 1-15: determine fingerprint of a client based on one or more attributes; combination of these client attributes, which may be represented as Boolean (true/false) values, whole values, or character value make up the fingerprint of the client; the values are hashed, in which case the fingerprint of the client may be a hash value of the client attributes) as stated above.  

Regarding claim 12, Althouse-Kuperman discloses the method of claim 10, wherein extracting the set of packet components further comprises extracting identifying data from a client cipher suite list from the client hello message; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string) and further comprising encoding the client cipher suite list and including in the set of sub-fingerprints. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters) 32 characters long; ¶ 044, l 4: client hello sends attributes to server; ¶ 049, ll 1-8: extensions used to add functionality to TLS; supported functions implemented as TLS extensions)     

Regarding claim 13, Althouse-Kuperman discloses he method of claim 10, wherein extracting the set of packet components further comprises extracting identifying data from a list of compression methods from the client hello message; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string; ¶ 044, l 4: client hello sends attributes to server; ¶ 048, ll 1-5: includes a list of compression algorithms supported by client) and further comprising encoding the list of compression methods and including in the set of sub-fingerprints. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters) 32 characters long; ¶ 044, l 4: client hello sends attributes to server; ¶ 048, ll 1-5: includes a list of compression algorithms supported by client)    

Regarding claim 14, Althouse-Kuperman discloses the method of claim 10, wherein extracting the set of packet components further comprises extracting identifying data from a client point formats from the client hello message; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string) and further comprising encoding the client point formats and including in the set of sub-fingerprints. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters), 32 characters long)    

Regarding claim 15, Althouse-Kuperman discloses the method of claim 10, wherein extracting the set of packet components further comprises extracting identifying data from a list of supported application protocols from the client hello message; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string) and further comprising encoding the list of supported application protocols and including in the set of sub-fingerprints. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters), 32 characters long)    

Regarding claim 16, Althouse-Kuperman discloses the method of claim 10, wherein extracting the set of packet components further comprises extracting identifying data from a list of client-supported extensions from the client hello message; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string) and further comprising encoding the list of client-supported extensions. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters) 32 characters long; ¶ 044, l 4: client hello sends attributes to server; ¶ 049, ll 1-8: extensions used to add functionality to TLS; supported functions implemented as TLS extensions)    

Regarding claim 17, Althouse discloses a non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of a communication platform, cause the communication platform to perform operations comprising:
a)  receiving a client data packet from network traffic with a client device; (Althouse ¶ 051, ll 1-8: monitoring packet data traffic over a network; network packet analyzer; detecting a client hello packet received from a client seeking to begin a session; (network traffic analogous to sequence of data packets)) 
b)  extracting a set of packet components from the client data packet; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string) and 
d)  assigning a client type to the network traffic using the client fingerprint. (Althouse ¶ 026, ll 10-19: hierarchical role model used; users at one permission level may have access to applications, data, and database information accessible by a lower permission level user, but may not have access to applications, data, and database information accessible to a user at a higher permission level; different users have different capabilities with regard to accessing and modifying application and database information depending on respective security or permission levels)     

Furthermore, Althouse discloses for c): generating a client fingerprint with an overall client fingerprint based on an encoding of a collection of the set of packet components and a set of sub-fingerprints based on individually encoded packet components from the set of packet components. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters), 32 characters long)

Althouse does not explicitly disclose for c): generating a multiple tiered client fingerprint, and for d): multi-tiered client fingerprint
However, Kuperman discloses: 
c)  generating a multiple tiered client fingerprint; and for d) multi-tiered client fingerprint.  (Kuperman ¶ 081, ll 1-15: determine fingerprint of a client based on one or more attributes; combination of these client attributes, which may be represented as Boolean (true/false) values, whole values, or character value make up the fingerprint of the client; the values are hashed, in which case the fingerprint of the client may be a hash value of the client attributes) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Althouse for c): generating a multiple tiered client fingerprint, and for d): multi-tiered client fingerprint as taught by Kuperman.  One of ordinary skill in the art would have been motivated to employ the teachings of Kuperman for the benefits achieved from a system that enables the generation of a client fingerprint utilizing multiple attributes. (Kuperman ¶ 081, ll 1-15)  

Regarding claim 18, Althouse-Kuperman discloses the non-transitory computer-readable medium of claim 17, wherein the client data packet is a client hello message received during negotiation during a transport layer security (TLS) protocol. (Althouse ¶ 051, ll 1-8: monitoring packet data traffic over a network; network packet analyzer; detecting a client hello packet received from a client seeking to begin a session; (network traffic analogous to sequence of data packets); ¶ 043, ll 1-4: TLS is a security technology or protocol for establishing an encrypted link (i.e. cryptographic protocol) between web server and client)    

Regarding claim 19, Althouse discloses a system comprising of:
a)  a network traffic data interface with access to client data packet from network traffic with a client device; (Althouse ¶ 051, ll 1-8: monitoring packet data traffic over a network; network packet analyzer; detecting a client hello packet received from a client seeking to begin a session; (network traffic analogous to sequence of data packets)) and 
b)  a data packet analyzer that receives the client data packet from the network traffic data interface and comprises one or more computer-readable mediums storing instructions that, when executed by the one or more computer processors, cause a computing platform to perform operations (Althouse ¶ 063, ll 9-15: implemented as software code executed by one or more processors; software code stored as computer or processor executable instructions or commands on a non-transitory computer-readable medium) comprising: 
c)  extracting a set of packet components from the client data packet; (Althouse ¶ 051, ll 12-15: extracts selected data from the CHP, processes extracted data to form a client ID string) and 
e)  assigning a client type to the network traffic using the client fingerprint. (Althouse ¶ 026, ll 10-19: hierarchical role model used; users at one permission level may have access to applications, data, and database information accessible by a lower permission level user, but may not have access to applications, data, and database information accessible to a user at a higher permission level; different users have different capabilities with regard to accessing and modifying application and database information depending on respective security or permission levels)     

Furthermore, Althouse discloses for d): generating a multiple tiered client fingerprint with an overall client fingerprint based on an encoding of a collection of the set of packet components and a set of sub-fingerprints based on individually encoded packet components from the set of packet components. (Althouse ¶ 051, ll 20-26: apply a hash function to client ID (i.e. extracted component) to form the client fingerprint; hash function returns a fingerprint (a string of characters), 32 characters long)

Althouse does not explicitly disclose for d): generating a multiple tiered client fingerprint, and for e): multi-tiered client fingerprint. 
However, Kuperman discloses: 
d)  generating a multiple tiered client fingerprint; and e) multi-tiered client fingerprint. (Kuperman ¶ 081, ll 1-15: determine fingerprint of a client based on one or more attributes; combination of these client attributes, which may be represented as Boolean (true/false) values, whole values, or character value make up the fingerprint of the client; the values are hashed, in which case the fingerprint of the client may be a hash value of the client attributes)  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Althouse for d): generating a multiple tiered client fingerprint, and for e): multi-tiered client fingerprint as taught by Kuperman.   One of ordinary skill in the art would have been motivated to employ the teachings of Kuperman for the benefits achieved from a system that enables the generation of a client fingerprint utilizing multiple attributes. (Kuperman ¶ 081, ll 1-15)  

Regarding claim 20, Althouse-Kuperman discloses the system of claim 19, wherein the client data packet is a client hello message received during negotiation during a transport layer security (TLS) protocol. (Althouse ¶ 051, ll 1-8: fingerprint a client based on a TLS (i.e. cryptographic protocol); monitoring packet data traffic over a network; network packet analyzer; detecting a client hello packet received from a client seeking to begin a session; (network traffic analogous to sequence of data packets); ¶ 043, ll 1-4: TLS is a security technology or protocol for establishing an encrypted link (i.e. cryptographic protocol) between web server and client)     

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kyung H Shin whose telephone number is (571)272-3920. The examiner can normally be reached M - F: 12pm - 8pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KYUNG H SHIN/                                                                                                               12-8-2022Primary Examiner, Art Unit 2452