DETAILED ACTION
Introduction
Claims 1, 7-8, 14-15, and 21-32 are pending. Claims 2-6, 9-13, and 16-20 are cancelled. Claims 1, 8, 15, 21, 25, and 29 are amended. This Office action is in response to Applicant’s request for continued examination (RCE) filed on 8/29/2025.
Response to Arguments
Examiner discusses the arguments of Applicant’s representative below.
Rejection of claims 1, 8, and 15 under 35 U.S.C. 102
Applicant’s representative has amended claims 1, 8, and 15 and now argues that Hooda does not anticipate the system of claims 1, 8, and 15, as amended. Examiner agrees and therefore withdraws the rejection. Nonetheless, the combination of Ramanathan and Juniper teaches the system of amended claims 1, 8, and 15, as discussed in the rejected below.
Claim Rejections: 35 U.S.C. 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 7-8, 14-15, and 21-32 are rejected under 35 U.S.C. 102(a)(1) because they are anticipated by Ramanathan (US 2023/0080537) in view of the non-patent literature entitled “Security Basics Guide for Security Devices” (hereinafter, “Juniper”).
Regarding claims 1, 8, and 15, Ramanathan teaches a border router comprising one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and including instructions that, when executed by the one or more processors, cause the border router to perform operations comprising: receiving traffic within a hierarchical software-defined wide area network (SD-WAN) network (An SD-WAN edge 108 receives traffic from a source region such as a site 106, cloud 114, hub 112, or service 116. See par. 43); identifying a destination Internet Protocol (IP) address associated with the traffic (The SD-WAN edge determines a destination layer 3 address (i.e., IP address) to which the traffic is to be routed. See par. 46); determining, based at least in part on the destination IP address, a destination region of the traffic (SD-WAN edge uses the destination IP address to determine a destination region in the form of another site 106, hub 112, cloud 114, or service 116 to which to route the traffic and forwards the traffic to the SD-WAN edge connected to the destination region. See par. 28, 43), wherein: the destination region is within the hierarchical SD-WAN network (The destination region is within a hierarchical SD-WAN 101. See par. 20; fig. 1); the destination region is selected from an access region, a core region, and a service region (The destination region may be another site (i.e., access region) or a service (i.e., service region). See par. 28); and the border router resides at a boundary of the core region and the access region, the core region representing a core network and the access region representing a local network (The SD-WAN edge resides at the border of the site and the transport network (i.e., core region). See fig par. 28; fig. 1).
However, Ramanathan does not teach applying a policy to the traffic in accordance with the determined destination region (The SD-WAN edge does apply policies, but the policies are not selected based on a destination region. See par. 44-45). Nonetheless, Juniper teaches a security device situated at the border between a first security zone and a second security zone, whereby the security device receives traffic, determines a destination interface (i.e., IP address. See pg. 8, “Understanding Security Zone Interfaces) associated with the traffic, determines a destination zone based on the destination interface, selects a policy based on the destination zone, and applies the selected policy to the traffic. See pg. 8-9, “Understanding Security Zones.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Ramanathan so that the SD-WAN edge applies a policy to the traffic based on the determined destination region, because doing so allows the system to apply region-specific policies to traffic.
Regarding claims 7 and 14, Ramanathan teaches the network node of Claim 1, wherein the destination region of the traffic is determined based on an Internet Protocol (IP) destination address associated with the traffic (SD-WAN edge uses the destination IP address to determine a destination region in the form of another site 106, hub 112, cloud 114, or service 116 to which to route the traffic and forwards the traffic to the SD-WAN edge connected to the destination region. See par. 28, 43. Juniper also teaches using a destination IP address to determine a to-zone associated with traffic. See pg. 8-9, “Understanding Security Zones.”).
Regarding claims 21, 25, and 29, Ramanathan teaches the border router of Claim 1, wherein the border router provides inter-region connectivity by connecting the first access region and another access region to a common backbone overlay (The SD-WAN edge connects a first site to another site via the transport network (i.e., core region). See par. 33; fig. 1).
Regarding claims 22, 26, and 30, Ramanathan teaches the border router of Claim 1, wherein the border router configures secure tunnels to other routers and encrypts packets that traverse the secure tunnels to the other routers (The SD-WAN edge encrypts the traffic using an IPSec tunnel. See par. 26, 34).
Regarding claims 23, 27, and 31, Ramanathan teaches the border router of Claim 1, wherein the border router uses virtual private network (VPN) forwarding tables to route traffic flows between tunnel interfaces that provide connectivity to the core region and second tunnel interfaces that provide connectivity to the access region (The SD-WAN edge performs VPN forwarding using site-to-site VPNs through the transport network. See par. 41).
Regarding claims 24, 28, and 32, Ramanathan teaches the border router of Claim 1, wherein the border router sends and receives data to other border routers within the hierarchical SD-WAN network (The SD-WAN edge sends traffic to other SD-WAN edge devices. See par. 33).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Andrew Georgandellis whose telephone number is 571-270-3991. The examiner can normally be reached on Monday through Friday, 7:30-5:00 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger, can be reached on 571-272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANDREW C GEORGANDELLIS/Primary Examiner, Art Unit 2459