DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received on 12/18/2025.
Terminal Disclaimer
The terminal disclaimer filed on 10/30/2025 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Patent No. 11979746 and/or any patent granted on Application Number 18/225022 has been reviewed and is accepted. The terminal disclaimer has been recorded.
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 08/18/2025, 11/13/2025 and 01/14/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Response to Amendment
Claim 10 has been cancelled.
Claims 1, 4, 5, 16, 19, and 20 have been amended.
Claims 1-9 and 11-20 have been examined.
The objections to claims 4, 5, and 19 are withdrawn in light of the applicant’s amendments to the claims.
The double patenting rejections are withdrawn in light of the terminal disclaimer.
Applicant’s arguments with respect to claims 1, 16 and 20 regarding the new limitations: “wherein the meta information includes a Radio Access Technology (RAT) type, wherein the RAT type includes one or more of the following: a satellite access type and/or a wireless access type, wherein the satellite access type includes one or more of the following: NRLEO satellite access type, NR MEO satellite access type, NR GEO satellite access type, and/or NR OTHER SAT satellite access type, and wherein the wireless access type includes one or more of the following: untrusted wireless LAN (IEEE 802.11) access and/or trusted wireless LAN (IEEE 802.11) access” have been considered but are moot in view of the new ground of rejection presented in the current office action.
Claim Objections
Claim 11 is objected to because of the following informalities: claim 11 recites: “radio access technology radio access technology (RAT)” (“radio access technology” is recited twice). Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-3, 7, 9, 11, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20200287871 to Verma et al (hereinafter Verma), prior art of record US 20230188551 to Woodworth et al (hereinafter Woodworth) and US 20250113240 to Shen (hereinafter Shen).
As per claims 1, 16, and 20, Verma teaches:
A system, comprising: a processor configured to:
monitor network traffic in a core mobile network using a Smart Network Interface Card (NIC) of a network element in the core mobile network to identify a new session that attached to the core mobile network for mobile network communications (Verma: [0041]: the security platform is configured to monitor traffic in the mobile core/service provider's core network to perform packet content inspection security monitoring techniques that can be utilized for applying security policies based on information extracted from signaling messages and/or user session traffic. [0169]: Network processor 706 is configured to monitor packets from the mobile device, and provide the packets to data plane 704 for processing. Flow 708 identifies the packets as being part of a new session and creates a new session flow. Also, [0078]);
extract meta information associated with the new session using the Smart NIC of the network element in the core mobile network (Verma: [0043]. [0069]: In one embodiment, the security platform monitors GTP-C messages in the mobile core to extract certain information (meta information) included within GTP-C messages based on a security policy), wherein the meta information includes a Radio Access Technology (RAT) type (Verma: [0079]: For example, the security platform can monitor GTP-C messages and extract the location, hardware identity (e.g., IMEI), subscriber identity (e.g., IMSI), and/or radio access technology (RAT) from the Create Session Request message); and
apply selective intelligent enforcement and/or selective intelligent offloading using the Smart NIC of the network element if the extracted meta information associated with the new session matches a selective intelligent enforcement policy and/or a selective intelligent offload policy (Verma: [0044]: the security platform is configured to apply a security policy using one or more parameters extracted from the GTP-C messages and based on the user session traffic monitored by the security platform during the GTP session. [0046]: In one embodiment, a security platform is configured to use existing 3GPP to dynamically apply security policies (e.g., granular security policies, which can be applied per subscriber (e.g., IMSI)/IP in real-time, per mobile device (e.g., IMEI)/IP in real-time, per subscriber location/IP in real-time, per RAT/IP in real-time, and/or any combinations thereof) as data calls are set-up and/or modified/updated using the disclosed techniques. [0178] At 808, enforcing the security policy using the security platform is performed. For example, various enforcement actions (e.g., allow/pass, block/drop, alert, tag, monitor, log, throttle, restrict access, and/or other enforcement actions) can be performed using the security platform); and
a memory coupled to the processor and configured to provide the processor with instructions (Verma: [0026]: a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor).
Verma does not teach: monitor network traffic using a Smart Network Interface Card (NIC) of a network element. Also, Verma teaches extracting RAT type information but does not teach: wherein the RAT type includes one or more of the following: a satellite access type and/or a wireless access type, wherein the satellite access type includes one or more of the following: NRLEO satellite access type, NR MEO satellite access type, NR GEO satellite access type, and/or NR OTHER SAT satellite access type, and wherein the wireless access type includes one or more of the following: untrusted wireless LAN (IEEE 802.11) access and/or trusted wireless LAN (IEEE 802.11) access. However, Woodworth teaches:
monitor network traffic using a Smart Network Interface Card (NIC) of a network element (Woodworth: [0022] Local computing systems L1-L4 may also include a collector, such as collectors 124, 126, 128, 130. As an illustrative example, collector 124 may comprise a system to inspect, log, and/or sample any messages received by computing system L1, including server(s) 116. [0023]: servers 116-122 and/or collectors 124-130 may comprise or be operatively connected to elements, such as smart network interface cards (NICs), that can analyze traffic being received at servers 116-122 and determine that some portion of the traffic may comprise a threat. [0024]: portions of threat intelligence system 140 may be instantiated within local computing systems L1-L4, such as in a smart NIC).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Woodworth in the invention of Verma to include the above limitations. The motivation to do so would be to identify threats (Woodworth: [0025]).
Verma in view of Woodworth does not teach the rest of the limitations. However, Shen teaches:
wherein the RAT type includes one or more of the following: a satellite access type and/or a wireless access type, wherein the satellite access type includes one or more of the following: NRLEO satellite access type, NR MEO satellite access type, NR GEO satellite access type, and/or NR OTHER SAT satellite access type, and wherein the wireless access type includes one or more of the following: untrusted wireless LAN (IEEE 802.11) access and/or trusted wireless LAN (IEEE 802.11) access (Shen: [0058] In some embodiments, the access type information indicates at least one of: [0059] the access type, including a 3rd Generation Partnership Project (3GPP) type and/or a non-3GPP type; [0060] a radio access type. [0066] The radio access type includes at least one of: [0067] …, a Wireless Local Area Network (WLAN) access type, a Virtual Network (VIRTUAL) access type, …, a Trusted non-3GPP (TRUSTED_N3GA type) access type, a Trusted Wireless LAN (TRUSTED_WLAN) access type, …, a New Radio Low Earth Orbit (NR_LEO) satellite access type, a New Radio Medium Earth Orbit (NR_MEO) access type, a New Radio Geostationary Earth Orbit (NR_GEO) access type, or New Radio Other Satellite (NR_OTHER_SA) access type).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Shen in the invention of Verma in view of Woodworth to include the above limitations. The motivation to do so would be to report a slice event based on an access type (Shen: [0004]).
As per claims 2 and 17, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein a security platform is executed on a host entity in the core mobile network (Verma: Fig. 1, [0061]: a security platform(s) can similarly be provided in various other locations within the network architecture (e.g., an inline, pass-through NGFW, such as shown by FW 102, and/or implemented as agents or virtual machines (VM) instances, which can be executed on existing devices in the service provider's network).
As per claims 3 and 18, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein a security platform is a virtual firewall executed on a host entity in the core mobile network (Verma: Fig. 1, [0061]: a security platform(s) can similarly be provided in various other locations within the network architecture (e.g., an inline, pass-through NGFW, such as shown by FW 102, and/or implemented as agents or virtual machines (VM) instances, which can be executed on existing devices in the service provider's network. [0063]: the traffic is monitored/filtered using a security platform 156E (e.g., a (virtual) device/appliance that includes a firewall (FW))).
As per claim 7, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein the meta information includes subscriber identity and/or equipment identity information (Verma: [0079]: For example, the security platform can monitor GTP-C messages and extract the location, hardware identity (e.g., IMEI), subscriber identity (e.g., IMSI), and/or radio access technology (RAT) from the Create Session Request message).
As per claim 9, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein the meta information includes location information (Verma: [0079]: For example, the security platform can monitor GTP-C messages and extract the location, hardware identity (e.g., IMEI), subscriber identity (e.g., IMSI), and/or radio access technology (RAT) from the Create Session Request message).
As per claim 11, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein a security platform is configured with a plurality of security policies to apply network slice based security, subscriber identity based security, equipment identity based security, access point name (APN) based security, data network name (DNN) based security, location based security, and/or radio access technology radio access technology (RAT) based security in the core mobile network (Verma: [0083]: As described above, the location information/parameters, hardware identity (e.g., IMEI), subscriber identity (e.g., IMSI), and/or radio access technology (RAT) can be extracted from the Create Session Request message by the security platform, which can be stored (e.g., cached as associated with the IP flow) for use in applying a security policy based on this extracted information).
Claims 4, 5, 13-15, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Verma in view of Woodworth and Shen as applied to claims 1 and 16 above, and further in view of prior art of record US 20220353240 to McDowall et al (hereinafter McDowall).
As per claims 4 and 19, Verma in view of Woodworth and Shen does not teach the limitations of claims 4 and 19. However, McDowall teaches:
wherein the offloading of the new session to bypass inspection by a security platform if the extracted meta information associated with the new session does not match the selective intelligent enforcement policy is performed by offloading the new session to the smart network interface card of the network element (McDowall: [0033]: receiving a flow at a firewall of a security service (e.g., a cloud-based security service); inspecting the flow at the firewall to determine meta information associated with the flow; and offloading the flow to an offload entity (e.g., a SmartNIC, software executed on a Network Interface Card (NIC), and/or a network device, such as a network router or network switch) based on the meta information associated with the flow (e.g., an application identification associated with the flow determined using deep packet inspection) and based on a policy (e.g., an offload policy, such as further described below). [0053]: The new flow is processed by the firewall and a session is created. The firewall uses different heuristics and its security engine to identify a session to be offloaded. [0087]-[0088]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of McDowall in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to substantially increase the capacity of security devices (McDowall: [0035]).
As per claim 5, Verma in view of Woodworth and Shen does not teach the limitations of claim 5. However, McDowall teaches:
wherein the offloading of the new session to bypass inspection by a security platform if the extracted meta information associated with the new session does not match the selective intelligent enforcement policy is performed by offloading the new session to the smart network interface card (NIC) of the network element, and wherein the smart NIC includes a data processing unit (McDowall: [0053]: The new flow is processed by the firewall and a session is created. The firewall uses different heuristics and its security engine to identify a session to be offloaded. [0087] At 504, inspecting the flow to determine meta information associated with the flow is performed. For example, the flow can be determined to be a new flow at the firewall of the security service, and an APP-ID can be determined for the new flow using deep packet inspection (DPI) as similarly described above. [0088] At 506, offloading the flow to an offload entity based on the meta information associated with the flow and based on a policy (e.g., an offload policy) is performed. For example, the flow (e.g., an elephant flow or another type of flow to be offloaded based on the offload policy) can be offloaded to a SmartNIC. [0070] In this example implementation, SmartNIC 310 is implemented using a commercially available SmartNIC, such as an Nvidia® Mellanox® BlueField®-2 (which has a DPU)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of McDowall in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to substantially increase the capacity of security devices (McDowall: [0035]).
As per claim 13, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein the processor is further configured to: selectively apply application control to the network traffic of subscribers in the core mobile network if the meta information associated with the network traffic matches the selective intelligent enforcement policy (Verma: [0046] In one embodiment, a security platform (e.g., a firewall, a network sensor acting on behalf of the firewall, or another device/component that can implement security policies) is configured to use existing 3GPP to dynamically apply security policies (e.g., granular security policies, which can be applied per subscriber (e.g., IMSI)/IP in real-time, per mobile device (e.g., IMEI)/IP in real-time, per subscriber location/IP in real-time, per RAT/IP in real-time, and/or any combinations thereof) as data calls are set-up and/or modified/updated using the disclosed techniques. [0083]: As described above, the location information/parameters, hardware identity (e.g., IMEI), subscriber identity (e.g., IMSI), and/or radio access technology (RAT) can be extracted from the Create Session Request message by the security platform, which can be stored (e.g., cached as associated with the IP flow) for use in applying a security policy based on this extracted information);
Verma in view of Woodworth and Shen does not teach: offload the rest of the network traffic in the core mobile network if the meta information associated with the network traffic does not match the selective intelligent enforcement policy. However, McDowall teaches:
offload the rest of the network traffic in the core mobile network if the meta information associated with the network traffic does not match the selective intelligent enforcement policy (McDowall: [0053]: The new flow is processed by the firewall and a session is created. The firewall uses different heuristics and its security engine to identify a session to be offloaded. [0087] At 504, inspecting the flow to determine meta information associated with the flow is performed. For example, the flow can be determined to be a new flow at the firewall of the security service, and an APP-ID can be determined for the new flow using deep packet inspection (DPI) as similarly described above. [0088] At 506, offloading the flow to an offload entity based on the meta information associated with the flow and based on a policy (e.g., an offload policy) is performed. For example, the flow (e.g., an elephant flow or another type of flow to be offloaded based on the offload policy) can be offloaded to a SmartNIC).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of McDowall in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to substantially increase the capacity of security devices (McDowall: [0035]).
As per claim 14, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein the processor is further configured to: selectively apply URL filtering to the network traffic of subscribers in the core mobile network if the meta information associated with the network traffic matches the selective intelligent enforcement policy (Verma: [0044]: the security platform is configured to apply a security policy using one or more parameters extracted from the GTP-C messages and based on the user session traffic monitored by the security platform during the GTP session (e.g., Application ID, Content ID, URL filtering, and/or other stateful packet inspection extracted from the user traffic during the GTP session) as further described below. Also, [0074]);
Verma in view of Woodworth and Shen does not teach: offload the rest of the network traffic in the core mobile network if the meta information associated with the network traffic does not match the selective intelligent enforcement policy. However, McDowall teaches:
offload the rest of the network traffic in the core mobile network if the meta information associated with the network traffic does not match the selective intelligent enforcement policy (McDowall: [0053]: The new flow is processed by the firewall and a session is created. The firewall uses different heuristics and its security engine to identify a session to be offloaded. [0087] At 504, inspecting the flow to determine meta information associated with the flow is performed. For example, the flow can be determined to be a new flow at the firewall of the security service, and an APP-ID can be determined for the new flow using deep packet inspection (DPI) as similarly described above. [0088] At 506, offloading the flow to an offload entity based on the meta information associated with the flow and based on a policy (e.g., an offload policy) is performed. For example, the flow (e.g., an elephant flow or another type of flow to be offloaded based on the offload policy) can be offloaded to a SmartNIC).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of McDowall in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to substantially increase the capacity of security devices (McDowall: [0035]).
As per claim 15, Verma in view of Woodworth and Shen teaches:
The system recited in claim 1, wherein the processor is further configured to: selectively apply known and/or unknown threat identification and/or prevention to the network traffic of subscribers in the core mobile network if the meta information associated with the network traffic matches the selective intelligent enforcement policy (Verma: [0095]: As another example, mobile service providers can apply the disclosed techniques to provide a transport layer signaling based threat detection service (e.g., a transport layer signaling based, basic threat detection service for known threats, a transport layer signaling based, advanced threat detection service for unknown threats, and/or other threat detection services that can utilize transport layer signaling based information to apply security policies). As yet another example, mobile service providers can apply the disclosed techniques to provide a transport layer signaling based threat prevention service for known threats (e.g., a transport layer signaling based, basic threat prevention service for known threats, a transport layer signaling based, advanced threat prevention service for unknown threats, and/or other threat prevention services that can utilize transport layer signaling based information to apply security policies);
Verma in view of Woodworth and Shen does not teach: offload the rest of the network traffic in the core mobile network if the meta information associated with the network traffic does not match the selective intelligent enforcement policy. However, McDowall teaches:
offload the rest of the network traffic in the core mobile network if the meta information associated with the network traffic does not match the selective intelligent enforcement policy (McDowall: [0053]: The new flow is processed by the firewall and a session is created. The firewall uses different heuristics and its security engine to identify a session to be offloaded. [0087] At 504, inspecting the flow to determine meta information associated with the flow is performed. For example, the flow can be determined to be a new flow at the firewall of the security service, and an APP-ID can be determined for the new flow using deep packet inspection (DPI) as similarly described above. [0088] At 506, offloading the flow to an offload entity based on the meta information associated with the flow and based on a policy (e.g., an offload policy) is performed. For example, the flow (e.g., an elephant flow or another type of flow to be offloaded based on the offload policy) can be offloaded to a SmartNIC).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of McDowall in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to substantially increase the capacity of security devices (McDowall: [0035]).
Claims 6 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Verma in view of Woodworth and Shen as applied to claim 1 above, and further in view of prior art of record US 20200128399 to Verma et al (hereinafter Verma’399).
As per claim 6, Verma in view of Woodworth and Shen does not teach the limitations of claim 6. However, Verma’399 teaches:
wherein the meta information includes network slice information (Verma: [0195] At 504, extracting network slice information for user traffic associated with the new session at the security platform is performed).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Verms’399 in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to apply network slice-based security (Verma’399: [0040]).
As per claim 8, Verma in view of Woodworth and Shen does not teach the limitations of claim 8. However, Verma’399 teaches:
wherein the meta information includes access point name (APN) and/or data network name (DNN) information (Verma: [0205] At 704, extracting network name information for user traffic associated with the new session at the security platform is performed. For example, the security platform can parse HTTP/2 messages to extract the network name information, in which the network name information is identified by a Data Network Name (DNN)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Verms’399 in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to apply service-based security per Data Network Name (DNN) (Verma’399: [0088]).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Verma in view of Woodworth and Shen as applied to claim 1 above, and further in view of prior art of record US 10574670 to Verma et al (hereinafter Verma’670).
As per claim 12, Verma in view of Woodworth and Shen does not teach the limitations of claim 12. However, Verma’670 teaches:
wherein the processor is further configured to: extract the meta information associated with the new session using a security platform executed on the network element in the core mobile network by performing inspection of packet forwarding control protocol (PFCP) messages, application programming interfaces (APIs), and/or syslog messages (Verma’670: column 18, lines 1-9: In one embodiment, the security platform parses Packet Forwarding Control Protocol (PFCP) Session Establishment Request and PFCP Session Establishment Response messages to extract the subscription and/or equipment identifier information).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Verma’670 in the invention of Verma in view of Woodworth and Shen to include the above limitations. The motivation to do so would be to provide multi-access distributed edge security on mobile networks, including 5G networks (Verma’670: column 40, lines 56-61).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-4:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached at (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
MADHURI R. HERZOG
Primary Examiner
Art Unit 2438
/MADHURI R HERZOG/Primary Examiner, Art Unit 2438