DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-12 have been examined and are pending.
Allowable Subject Matter
Claims 3-6 and 9-12 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and all intervening claims.
Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/16/2021 and 02/15/2022 were filed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-2 and 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Jalan et al., hereinafter (“Jalan”), US PG Publication (20140325588 A1), in view of Wang et al, hereinafter (“Wang”), Chinese Patent Application (CN107547507 A), was submitted 08/16/2021 IDS and translated via ESPACENET.
Regarding claims 1 and 7, Jalan teaches a method of counting synchronization (SYN) packets to identify a SYN attack, which is applicable to a network device; and a network device for counting SYN packets to identify a SYN attack, comprising:  [Jalan ¶¶0002, 0021, 0025 0040-0041: SYN packet analysis on large amounts of SYN packets communicated to servers/ Application Delivery Controllers (ADCs) 115 to facilitate network access control and prevent malicious attacks/Dos]
 wherein the network device comprises a field programmable gate array (FPGA) for counting a total number of received SYN packets and a high-speed hardware memory connected to the FPGA;  [Jalan ¶0018: FPGA; ¶¶0002, 0021, 0025 0040-0041: SYN packet analysis on servers/ADCs 115 provides health monitor (i.e. track, count, and use), store, and update a whitelist and blacklist on a lookup table stored on a computer readable medium on a network device] and 
the high-speed hardware memory is stored with a plurality of count entries corresponding to respective source internet protocol (IP) addresses in the received SYN packets, each of the count entries comprising a creation time when the count entry is created, a source IP address corresponding to the count entry, and a cumulative number of a part of the received SYN packets corresponding to the source IP address, [Jalan ¶¶0023 0027 and 0031: SYN packet/flag sent by one device/client to server to establish connection comprises: "source IP address" (maybe a spoofed IP address), "SYN cookie" is an initial sequence number carefully constructed that include: slowly incrementing timestamp, maximum segment size value, cryptographic hash function computed over network device's IP address and port, client's IP address and port number, "timestamp" and/or combination]
obtaining a first number of SYN packets by cumulating the cumulative number in each of one or more of the count entries which is traversed in a current traversal period and for which the time difference between the current time and the creation time does not reach the preset aging time interval, and obtaining a second number of SYN packets by cumulating a value added to the cumulative number in each of the count entries during and after traversing the count entries in the current traversal period;  [Jalan ¶0031: SYN cookies; ¶¶0039-0040: ADC 115 receives SYN packet. The composition of the SYN packet may be composition of characteristics such as a sequence number, an IP address, a MAC address, IMEI, SSID, a source port, or any other identifying characteristic that can be used to identify a device on a network. ¶0043: SYN/ACK message with a SYN-cookie (a first number of SYN packets by cumulating the cumulative number) the comprises a sequence number. ¶0044: This SYN/ACK message comprises the client's sequence number (as found in the original SYN packet) plus one (a second number of SYN packets by cumulating a value added), and a sequence number that identifies the network device. An ACK packet/message is subsequently returned by the client device 130A in step 220 to confirm the connection.] and 
updating the total number of the received SYN packets counted by the FPGA with a sum of the first number of SYN packets and the second number of SYN packets. [Jalan ¶0041: whitelists/blacklists are periodically update untrusted and trusted devices of stored lookup table in a database or other data structure]
While Jalan teaches the count entries in the high-speed hardware memory, and aging any one of the traversed count entries for which a time difference between a current time and the creation time reaches a preset aging time interval;  [Jalan ¶0030: When a server receives a SYN packet while operating in a stateless mode, it can discard the SYN queue entry. ¶¶0040, 0051, 0053 and 0061: Stateless mode, network device does not retain a record of previous interactions. Despite being on a whitelist for trusted sources, querying checks of the rate/limit; where the network device has a preset rate limit. Examiner interprets the rate to be a number of packets per period of time (i.e. seconds, etc.)]
the method comprising: 
periodically traversing the count entries stored in the high-speed hardware memory, and aging any one of the traversed count entries for which a time difference between a current time and the creation time reaches a preset aging time interval;  [Wang Abstract: aging the anti-attack table entries when the rate of receiving the attack messages currently is smaller than the preset strength threshold.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Systems and methods for network access control of Jalan before him or her by including the teachings of Anti-attack method and device, router device, and machine readable memory medium of Wang. The motivation/suggestion would have been obvious to try to modify the network access control system with ADC performing SYN packet analysis as taught by Jalan by adding the aging function as taught by Wang to clear anti-attack table when a preset strength is reached [Wang, Abstract].  

Regarding claims 2 and 8, the combination of Jalan and Wang teach claim 1 as described above.
wherein obtaining the first number of SYN packets comprises: for each of the traversed count entries, determining whether the time difference between the current time and the creation time in the count entry reaches the preset aging time interval and, in response to the time difference between the current time and the creation time in the count entry not reaching the preset aging time interval, recording the cumulative number in the count entry;  [Wang, p. 4, ¶6: number of times of accumulated packets at first time until a preset time T where a first number at first time is recorded as Count 1 to the attack defense entry] and 
obtaining the first number of SYN packets by accumulating the recorded cumulative number.  [See Wang, p. 4 ¶6]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Systems and methods for network access control of Jalan before him or her by including the teachings of Anti-attack method and device, router device, and machine readable memory medium of Wang. The motivation/suggestion would have been obvious to try to modify the network access control system with ADC performing SYN packet analysis as taught by Jalan by adding the aging function as taught by Wang to clear anti-attack table when a preset strength is reached [Wang, Abstract].  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Anghel et al (20190188065 A1) discloses computerized high-speed anomaly detection.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682. The examiner can normally be reached Monday-Friday, 9:30-2:30, 7-10.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Sakinah White Taylor/           Primary Examiner, Art Unit 2497