Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsLevel 3 Communications LLC › 18496308
Last updated: April 19, 2026
Application No. 18/496,308

DISTRIBUTED TUNNEL TERMINATION

Final Rejection §102§103
Filed
Oct 27, 2023
Examiner
REVAK, CHRISTOPHER A
Art Unit
2407
Tech Center
2400 — Computer Networks
Assignee
Level 3 Communications LLC
OA Round
2 (Final)
89%
Grant Probability
Favorable
3-4
OA Rounds
2y 9m
To Grant
98%
With Interview

Interview Optional

+8.6% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 1105 resolved cases, 2023–2026

Examiner Intelligence

REVAK, CHRISTOPHER A View full profile →
Grants 89% — above average
89%
Career Allow Rate
987 granted / 1105 resolved
+31.3% vs TC avg
Moderate +9% lift
Without
With
+8.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
17 currently pending
Career history
1122
Total Applications
across all art units

Statute-Specific Performance

§101
12.0%
-28.0% vs TC avg
§103
20.9%
-19.1% vs TC avg
§102
38.0%
-2.0% vs TC avg
§112
7.2%
-32.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1105 resolved cases

Office Action

§102 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed have been fully considered but they are not persuasive. It is argued by the Applicant: “Independent claim 1 of the present application, from which claims 2-7 depend, recites, inter alia, a method that includes "receiving, at the tunnel aggregator device and from a first managed security router of a provider network, a first plurality of packets addressed to a first customer endpoint" and "encapsulating, by the tunnel aggregator device, the first plurality of packets," which is then repeated using a second plurality of packets. Independent claims 8 and 14, from which claims 9-13 and 15-20 depend, respectively, include similar recitations written in different formats. For the reasons discussed below, the Applicant respectfully submits that the cited references fail to disclose or suggest the above recitations. At page 7 of the Office Action, the Office alleges that Smith anticipates the above recitations of the present claims, referring specifically to col. 7, 11. 36-44 and citing to Smith disclosing that the "DS router (i.e., tunnel aggregator device) transmits the traffic thru an MPLS tunnel by encapsulating IP addresses of the traffic" (emphasis added). The cited portion of Smith discloses encapsulating the IP addresses, while the present claims recite encapsulating the packets. Thus, for at least this reason, Smith fails to anticipate the above recitation of the present claims.” The Examiner respectfully disagrees. The Examiner agrees with the Applicant’s remarks that the IP address information is encapsulated in Smith, but finds the Applicant’s arguments to be unpersuasive in regards to encapsulating the packets in Smith. Smith explicitly discloses wherein the DS router 115, which then selects the traffic (i.e., packets) through the MPLS tunnel 125, which encapsulates IP addresses of the traffic and prevents normal routing of the filtered traffic back to the data scrubbers 110, column 7, lines 34-40. The MPLS tunnel by nature encapsulates the traffic (i.e., packets) for secure transmission between the source and recipient, as evidenced in Smith column 7, lines 55-56. Smith addresses the aspect of packet tunnel encapsulation in a previous section, column 5, lines 9-22: “Data exiting the data scrubbers will be placed in a series of traffic tunnels (of which multiprotocol label switching (“MPLS”) tunnels and generic routing encapsulation (“GRE”) tunnels are but two examples; the skilled reader will understand from this disclosure that traffic tunnels can be any type of network tunnel than can provide the functionality described herein, including without limitation any type of IP packet encapsulation tunnel).” Smith adds an additional level of security by encapsulating the IP address in addition to the traffic (i.e., packets) to prevent normal routing of the filtered traffic back to the data scrubbers. The teachings of Smith have been shown to disclose of "encapsulating, by the tunnel aggregator device, the first plurality of packets", and have found the Applicant’s arguments to be non-persuasive. The Examiner hereby maintains the current grounds of the rejection. With respect to the Applicant’s arguments: “Waters is cited by the Office as allegedly disclosing the use of threat mitigation devices. Assuming arguendo that the Office's characterization of Water is accurate, the Applicant respectfully submits that Waters fails to remedy the deficiencies of Smith. Thus, each of the cited references, whether taken alone or in combination, fail to disclose or suggest each of the recitations of the present claims. Accordingly, for at least this reason, the Applicant respectfully submits that the claims of the present application are patentable over the cited references.” Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. Waters is relied upon for disclosing of “providing the first plurality of packets to one or more threat mitigation devices and receiving, at the first managed security router and from the one or more threat mitigation devices, a first plurality of filtered packets associated with the first plurality of packets.” Please refer below for the Examiner’s rejection with regards to the mapping of the claim limitations with respect to Smith in view of Waters. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-7 and 14-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Smith et al, U.S. Patent 9,350,706. As per claim 1, it is taught of a method comprising: causing a first encapsulation tunnel (network tunnel, #125) to be established between a tunnel aggregator device (DS router, #115) and a first customer routing device (server router, #120)(col. 6, line 27-32); receiving, at a tunnel aggregator device (DS router, #115) and from a first managed security router (data scrubber, #110) of a provider network, a first plurality of packets addressed to a first customer endpoint (server router, #120 accepts/sends packets to the server, #105)(traffic is received at an edge router is then routed to the data scrubber (i.e., managed security router) via the DS router (i.e., tunnel aggregator device) to reach the address for a server thru the server router to the server (i.e., customer endpoint), col. 7, lines 27-48); encapsulating, by the tunnel aggregator device (DS router, #115), the first plurality of packets (DS router (i.e., tunnel aggregator device) transmits the traffic thru an MPLS tunnel by encapsulating IP addresses of the traffic, col. 7, lines 27-39); providing the encapsulated first plurality of packets to the first customer routing device using the first encapsulation tunnel (transmitting the traffic thru the MPLS tunnel by encapsulating IP addresses of the traffic that arrive at the server router (i.e., customer routing device), col. 7, lines 36-44); receiving, at a tunnel aggregator device (DS router, #115) and from a second managed security router (data scrubber, #110b) of a provider network, a second plurality of packets addressed to a first customer endpoint (server router, #120)(traffic is received at an edge router is then routed to the data scrubber (i.e., managed security router) via the DS router (i.e., tunnel aggregator device) to reach the address for a server thru the server router (i.e., customer endpoint), col. 7, lines 27-48. It is noted by the Examiner that DS router (i.e., tunnel aggregator device) can receive traffic from any data scrubber (i.e., managed security router) and implements load balancing among the servers 105 (i.e., customer endpoints) by selecting different tunnels or different static routes when routing traffic to the servers (i.e., customer endpoints), col. 7, lines 9-21, which is interpreted by the Examiner as a second plurality of packets addressed to a first customer endpoint); encapsulating, by the tunnel aggregator device (DS router, #115), the second plurality of packets (DS router (i.e., tunnel aggregator device) transmits the traffic thru an MPLS tunnel by encapsulating IP addresses of the traffic, col. 7, lines 27-39); and providing the encapsulated second plurality of packets to the first customer routing device using the first encapsulation tunnel (transmitting the traffic thru the MPLS tunnel by encapsulating IP addresses of the traffic that arrive at the server router (i.e., customer routing device), col. 7, lines 36-44). As per claim 2, it is disclosed wherein the first plurality of packets are received at the tunnel aggregator device (DS router) over a clean return virtual routing (data scrubbed) and forwarding system of the provider network in unencapsulated form (the data scrubber receives the filtered traffic and then selects a server (customer endpoint), the DS router (aggregator device) then transmits the traffic in encapsulated form through a tunnel, col. 7, lines 32-39. Since the DS router handles the encapsulation and tunneling, it is interpreted by the Examiner that the communications between the DS router (i.e., aggregator device) and the data scrubber (i.e., managed security router) is in unencapsulated form since the encapsulation is done by the DS router (i.e., aggregator device) when it is being sent to a server (i.e., customer endpoint). As per claim 3, it is taught wherein the tunnel aggregator device is logically closer to the first customer routing device than either of the first managed security router or the second managed security router (Figure 1A shows DS router, #115a (i.e., tunnel aggregator device) is logically closer to the security router, 120a (i.e., first customer routing device) than either of the data scrubbers, #110a, #110b (i.e., first managed security router or second managed security router)). As per claim 4, it is disclosed of causing a second encapsulation tunnel (network tunnel, #125b) to be established between a tunnel aggregator device (DS router, #115) and a second customer routing device (server router, #120b)(col. 6, line 27-32); receiving, at the tunnel aggregator device (DS router, #115a) and from the first managed security router (data scrubber, #110a) of the provider network, a third plurality of packets addressed to a second customer endpoint (server, #105b)(It is noted by the Examiner that DS router (i.e., tunnel aggregator device) can receive traffic from any data scrubber, #110a, #110b,…#110m (i.e., managed security router) and implements load balancing among the servers 105 (i.e., customer endpoints) by selecting different tunnels or different static routes when routing traffic to the servers (i.e., customer endpoints), col. 7, lines 9-21, which is interpreted by the Examiner as a third plurality of packets addressed to a second customer endpoint); encapsulating, by the tunnel aggregator device (DS router, #115), the third plurality of packets (DS router (i.e., tunnel aggregator device) transmits the traffic thru an MPLS tunnel by encapsulating IP addresses of the traffic, col. 7, lines 9-16 & 27-39); and providing the encapsulated second plurality of packets to the first customer routing device using the first encapsulation tunnel (transmitting the traffic thru the MPLS tunnel by encapsulating IP addresses of the traffic that arrive at the server router (i.e., customer routing device), col. 7, lines 36-44). As per claim 5, it is taught wherein the first plurality of packets and the second plurality of packets are received at the tunnel aggregator device (DS router, #110) through a premise edge router (edge router, #205) co-located with the tunnel aggregator device (DS router, #110)(It is noted by the Examiner that DS router (i.e., tunnel aggregator device) can receive traffic from any data scrubber (i.e., managed security router) and implements load balancing among the servers 105 (i.e., customer endpoints) by selecting different tunnels or different static routes when routing traffic to the servers (i.e., customer endpoints), col. 7, lines 9-21, which is interpreted by the Examiner as a first and second plurality of packets addressed to a first or second customer endpoint, col. 7, lines 9-16, 27-39 & 36-44, and as shown in Figure 2). As per claim 6, it is disclosed wherein the tunnel aggregator device uses Generic Routing Encapsulation (GRE) to provide the first plurality of packets and the second plurality of packets to the first customer endpoint (DS router (i.e., tunnel aggregator device) routes tunnel traffic to the server (i.e. customer endpoint) via the server router (i.e., customer routing device) using GRE as one of the tunneling technologies, col. 6, lines 23-39). As per claim 7, it is taught wherein the tunnel aggregator device uses Internet Protocol Security (IPsec) to provide the first plurality of packets and the second plurality of packets to the first customer endpoint (DS router (i.e., tunnel aggregator device) routes tunnel traffic to the server (i.e. customer endpoint) via the server router (i.e., customer routing device) using IPSec as one of the tunneling technologies, col. 6, lines 23-39). As per claim 14, it is disclosed of a system, comprising: at least one processor (col. 12, lines 1-7); and memory, operatively connected to the at least one processor and storing instructions that, when executed by the at least one processor (col. 12, lines 1-7), cause the system to perform a method comprising: causing a first encapsulation tunnel (network tunnel, #125) to be established between a tunnel aggregator device (DS router, #115) and a first customer routing device (server router, #120)(col. 6, line 27-32); receiving, at a tunnel aggregator device (DS router, #115) and from a first managed security router (data scrubber, #110) of a provider network, a first plurality of packets addressed to a first customer endpoint (server router, #120 accepts/sends packets to the server, #105)(traffic is received at an edge router is then routed to the data scrubber (i.e., managed security router) via the DS router (i.e., tunnel aggregator device) to reach the address for a server thru the server router to the server (i.e., customer endpoint), col. 7, lines 27-48); encapsulating, by the tunnel aggregator device (DS router, #115), the first plurality of packets (DS router (i.e., tunnel aggregator device) transmits the traffic thru an MPLS tunnel by encapsulating IP addresses of the traffic, col. 7, lines 27-39; providing the encapsulated first plurality of packets to the first customer routing device (transmitting the traffic thru the MPLS tunnel by encapsulating IP addresses of the traffic that arrive at the server router (i.e., customer routing device), col. 7, lines 36-44); receiving, at a tunnel aggregator device (DS router, #115) and from a second managed security router (data scrubber, #110b) of a provider network, a second plurality of packets addressed to a first customer endpoint (server router, #120)(traffic is received at an edge router is then routed to the data scrubber (i.e., managed security router) via the DS router (i.e., tunnel aggregator device) to reach the address for a server thru the server router (i.e., customer endpoint), col. 7, lines 27-48. It is noted by the Examiner that DS router (i.e., tunnel aggregator device) can receive traffic from any data scrubber (i.e., managed security router) and implements load balancing among the servers 105 (i.e., customer endpoints) by selecting different tunnels or different static routes when routing traffic to the servers (i.e., customer endpoints), col. 7, lines 9-21, which is interpreted by the Examiner as a second plurality of packets addressed to a first customer endpoint); encapsulating, by the tunnel aggregator device (DS router, #115), the second plurality of packets (DS router (i.e., tunnel aggregator device) transmits the traffic thru an MPLS tunnel by encapsulating IP addresses of the traffic, col. 7, lines 27-39); and providing the encapsulated second plurality of packets to the first customer routing device using the first encapsulation tunnel (transmitting the traffic thru the MPLS tunnel by encapsulating IP addresses of the traffic that arrive at the server router (i.e., customer routing device), col. 7, lines 36-44). As per claim 15, it is taught wherein the first plurality of packets and the second plurality of packets are received at the tunnel aggregator device (DS router) over a clean return virtual routing (data scrubbed) and forwarding system of the provider network in unencapsulated form (the data scrubber receives the filtered traffic and then selects a server (customer endpoint), the DS router (aggregator device) then transmits the traffic in encapsulated form through a tunnel, col. 7, lines 32-39. Since the DS router handles the encapsulation and tunneling, it is interpreted by the Examiner that the communications between the DS router (i.e., aggregator device) and the data scrubber (i.e., managed security router) is in unencapsulated form since the encapsulation is done by the DS router (i.e., aggregator device) when it is being sent to a server (i.e., customer endpoint). As per claim 16, it is disclosed wherein the tunnel aggregator device is logically closer to the first customer routing device than either of the first managed security router or the second managed security router (Figure 1A shows DS router, #115a (i.e., tunnel aggregator device) is logically closer to the security router, 120a (i.e., first customer routing device) than either of the data scrubbers, #110a, #110b (i.e., first managed security router or second managed security router)). As per claim 17, it is taught of further comprising: causing a second encapsulation tunnel (network tunnel, #125b) to be established between a tunnel aggregator device (DS router, #115) to be established between the tunnel aggregator device (DS router, #115) and a second customer routing device (server, #105b)(It is noted by the Examiner that DS router (i.e., tunnel aggregator device) can receive traffic from any data scrubber, #110a, #110b,…#110m (i.e., managed security router) and implements load balancing among the servers 105 (i.e., customer endpoints) by selecting different tunnels or different static routes when routing traffic to the servers (i.e., customer endpoints), col. 7, lines 9-21, which is interpreted by the Examiner as a third plurality of packets addressed to a second customer endpoint); receiving, at the tunnel aggregator device (DS router, #115) and from the first managed security router (data scrubber, #110a) of the provider network, a third plurality of packets addressed to a second customer endpoint (It is noted by the Examiner that DS router (i.e., tunnel aggregator device) can receive traffic from any data scrubber (i.e., managed security router) and implements load balancing among the servers 105 (i.e., customer endpoints) by selecting different tunnels or different static routes when routing traffic to the servers (i.e., customer endpoints), col. 7, lines 9-21, which is interpreted by the Examiner as a third plurality of packets addressed to a second customer endpoint, col. 7, lines 9-16, 27-39 & 36-44); encapsulating, by the tunnel aggregator device (DS router, #115), the third plurality of packets (DS router (i.e., tunnel aggregator device) transmits the traffic thru an MPLS tunnel by encapsulating IP addresses of the traffic, col. 7, lines 9-16 & 27-39); and providing the encapsulated third plurality of packets to the second customer endpoint (transmitting the traffic thru the MPLS tunnel by encapsulating IP addresses of the traffic that arrive at the server router (i.e., customer routing device) and are provided to server 105b (i.e., second customer endpoint), col. 7, lines 9-16, 27-39 & 36-44). As per claim 18, it is disclosed wherein the first plurality of packets and the second plurality of packets are received at the tunnel aggregator device (DS router, #110) through a premise router (edge router, #205) co-located with the tunnel aggregator device (DS router, #110)(It is noted by the Examiner that DS router (i.e., tunnel aggregator device) can receive traffic from any data scrubber (i.e., managed security router) and implements load balancing among the servers 105 (i.e., customer endpoints) by selecting different tunnels or different static routes when routing traffic to the servers (i.e., customer endpoints), col. 7, lines 9-21, which is interpreted by the Examiner as a first and second plurality of packets addressed to a first or second customer endpoint, col. 7, lines 9-16, 27-39 & 36-44, and as shown in Figure 2). As per claim 19, it is taught wherein the tunnel aggregator device uses Generic Routing Encapsulation (GRE) to provide the first plurality of packets and the second plurality of packets to the first customer endpoint (DS router (i.e., tunnel aggregator device) routes tunnel traffic to the server (i.e. customer endpoint) via the server router (i.e., customer routing device) using GRE as one of the tunneling technologies, col. 6, lines 23-39). As per claim 20, it is disclosed wherein a configuration of the first managed security router is at least partially based on customer packet routing instructions (DS routers (i.e., tunnel aggregator device) is configured to unicast IP addresses addressed to each server (i.e., customer endpoint device), col. 7, lines 6-8). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 8-13 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al, U.S. Patent 9,350,706 in view of Waters, Jr. et al, U.S. Patent 10,038,714. As per claim 8, it is disclosed by Smith et al of a method comprising: receiving, at a first managed security router (data scrubber, #110) of a provider network, a first plurality of packets addressed to a first customer endpoint (server router, #120 accepts/sends packets to the server, #105 (i.e., customer endpoint), traffic is received at an edge router is then routed to the data scrubber (i.e., managed security router) via the DS router (i.e., tunnel aggregator device) to reach the address for a server thru the server router to the server (i.e., customer endpoint), col. 7, lines 27-48); providing the first plurality of packets for scrubbing (traffic is received at an edge router is then routed to the data scrubber (i.e., managed security router) via the DS router (i.e., tunnel aggregator device) to reach the address for a server thru the server router to the server (i.e., customer endpoint), col. 7, lines 27-48); receiving, at the first managed security router one or more threat mitigations (data scrubber, #110a (first managed security router) performs mitigations on the data packets by filtering (or blocking) undesirable traffic from a desirable network traffic addressed to servers, #105 (customer endpoint), col. 6, lines 1-19), a first plurality of filtered packets associated with the first plurality of packets (the data scrubber receives the filtered traffic and then selects a server (customer endpoint), the DS router (aggregator device) then transmits the traffic in encapsulated form through a tunnel, col. 7, lines 32-39); and providing, based on a configuration of the first managed security router (data scrubber #115a), the first plurality of filtered packets to a first tunnel aggregator device for transmission to the first customer endpoint (DS router (i.e., aggregator device) contains instructions for the transmission of the filtered traffic thru the MPLS tunnel by encapsulating IP addresses of the traffic that arrive at the server router (i.e., customer routing device), col. 7, lines 15-21 & 36-44). Although the teachings of Smith et al disclose of data scrubbing operations being performed, they fail to disclose of providing the first plurality of packets to one or more threat mitigation devices and receiving, at the first managed security router and from the one or more threat mitigation devices, a first plurality of filtered packets associated with the first plurality of packets. Waters, Jr. et al discloses of providing the first plurality of packets to one or more threat mitigation devices and receiving, at the first managed security router (bunker) and from the one or more threat mitigation devices, a first plurality of filtered packets associated with the first plurality of packets (traffic intended for data centers (i.e., customer endpoints) are routed to the one or more bunkers (i.e., managed security router), col. 6, line 66 through col. 7, line 2; the bunkers (i.e., managed security router) utilize one or more scrubbers (mitigation devices) to clean data packets intended for applications or data centers (i.e., customer endpoints) by identifying packets that are potentially malicious, and remove or otherwise prevent those packets from being transmitted, col. 7, lines 20-26; furthermore the bunkers (i.e., managed security routers) include filters that filter traffic and packets intended for a targeted application or a data center (i.e., customer endpoint), col. 9, lines 1-9; and the scrubbed packets are then transmitted to the identified application’s IP address through a tunnel, col. 7, lines 33-38). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to have been motivated to make modifications enabling various set up configurations for processing the scrubbing of network traffic to prevent from denial of service attacks, or from distributed denial of service attacks. The teachings of Waters, Jr. et al disclose of the diverting of traffic to a bunker (i.e., managed security router) in order to protect traffic from DDOS attacks by spreading out over the distributed network at bunker sites so that no application of a network is overrun by the DDOS attack, col. 7, line 62 through col. 8, line 6. The teachings of Waters, Jr. et al disclose that scrubbers (mitigation devices) operate in association with the bunkers (i.e., managed security routers) (col. 7, lines 20-30), whereby the teachings of Smith et al disclose of the scrubbing and routing being done on the data scrubber, the claim would have been obvious because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time of the invention, namely for scrubbing traffic and routing the cleaned traffic to the originally intended destination over a tunnel to protect the communications from further attacks. As per claim 9, it is taught by Smith et al of receiving, at the first managed security router (data scrubber), customer packet routing instructions, wherein the configuration of the first managed security router is at least partially based on the customer packet routing instructions (DS routers (i.e., tunnel aggregator device) of the data scrubbers (i.e., managed security router) are configured to unicast IP addresses addressed to each server (i.e., customer endpoint device), col. 7, lines 6-8). As per claim 10, it is disclosed by Smith et al wherein the customer packet routing instructions includes an indication that the first plurality of filtered packets should be provided to the first customer endpoint via an encapsulation tunnel (DS router (i.e., aggregator device) contains instructions for transmission of the filtered packets to ensure that they arrive at the designated server (i.e., customer endpoint via the encapsulation tunnel, col. 7, lines 9-21 & 32-42)). As per claim 11, it is taught by Smith et al of further comprising selecting the first tunnel aggregator device (DS router, #115a) from a plurality of tunnel aggregator devices (DS router, #115a, #115b, etc), wherein the first tunnel aggregator device is selected by the first managed security router based at least partially on the customer packet routing instructions (a selected DS router (i.e., aggregator device) contains instructions for transmission of the filtered packets to ensure that they arrive at the designated server (i.e., customer endpoint via the encapsulation tunnel, col. 7, lines 9-21 & 27-44)). As per claim 12, it is disclosed by Smith et al wherein the first plurality of filtered packets is provided to a provider edge router (edge router, #205) over a clean return virtual routing (data scrubbed) and forwarding system of the provider network in unencapsulated form (the data scrubber receives the filtered traffic and then selects a server (customer endpoint), the DS router (aggregator device) then transmits the traffic in encapsulated form through a tunnel, col. 7, lines 32-39. Since the DS router handles the encapsulation and tunneling, it is interpreted by the Examiner that the communications between the DS router (i.e., aggregator device) and the data scrubber (i.e., managed security router) is in unencapsulated form since the encapsulation is done by the DS router (i.e., aggregator device) when it is being sent to a server (i.e., customer endpoint). As per claim 13, it is taught by Smith et al of further comprising selecting the first tunnel aggregator device from a plurality of tunnel aggregator devices (Figure 1A shows DS routers, #115a, #115b, etc. (i.e., tunnel aggregator device)), wherein the first tunnel aggregator device is selected from a plurality of tunnel aggregator devices based on the first tunnel aggregator device being logically closer to the first customer endpoint (Figure 1A shows DS router, #115a (i.e., tunnel aggregator device) is logically closer to the security router, 120a (i.e., first customer routing device) than either of the data scrubbers, #110a, #110b (i.e., first managed security router or second managed security router)). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Bocchino, U.S. Patent 11,496,438 is relied upon for disclosing of using Generic Routing Encapsulation tunneling to route traffic between a scrubbing device and an enterprise network, see col. 1, lines 36-39. Reams, III et al, U.S. Patent 8,510,826 is relied upon for disclosing of customer’s traffic reaching a mitigation provider, malicious packets removed, the cleaned traffic is forwarded to routers having static configured tunnels, such as Generic Routing Encapsulation, see col. 10, lines 26-36. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2407
Read full office action

Prosecution Timeline

Oct 27, 2023
Application Filed
May 08, 2025
Non-Final Rejection — §102, §103
Aug 07, 2025
Response Filed
Oct 21, 2025
Final Rejection — §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/141,703
Patent 12602477
DETECTING TARGETED INTRUSION ON MOBILE DEVICES
2y 5m to grant Granted Apr 14, 2026
18/545,845
Patent 12596798
PROBABILISTIC TRACKER MANAGEMENT FOR MEMORY ATTACK MITIGATION
2y 5m to grant Granted Apr 07, 2026
18/904,916
Patent 12591698
SECURE DATA PARSER METHOD AND SYSTEM
2y 5m to grant Granted Mar 31, 2026
18/148,070
Patent 12579251
SYSTEM AND METHOD FOR DETECTING EXCESSIVE PERMISSIONS IN IDENTITY AND ACCESS MANAGEMENT
2y 5m to grant Granted Mar 17, 2026
18/340,971
Patent 12561439
LOCATION-BASED IHS FUNCTIONALITY LIMITING SYSTEM AND METHOD
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
89%
Grant Probability
98%
With Interview (+8.6%)
2y 9m
Median Time to Grant
Moderate
PTA Risk
Based on 1105 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month