DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 26 November 2025 has been entered.
Claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18-20, and 23-27 are pending.
This Action is Non-Final.
Claim Objections
Claims 1, 8, and 15 are objected to because of the following informalities: each limitation contains the phrase “at core cloud services”; the “at” appears to be a typo. Appropriate correction is required.
Claim Rejections - 35 USC § 101
The rejection under 35 U.S.C. 101 is withdrawn.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 4, 7-9, 11, 14-16, 18, 20, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Cho et al. (US 20080127338) in view off Aithal et al. (US 10719369), in view of Leblond et al. (US 20160234186) and further in view of Bonomi et al. (US 20180115519).
As per claims 1, 8, 15, and 23, Cho et al. discloses a system, medium (see Figs. 11 and 12 where the routers must have processors, network interfaces, and memory/media with instructions to operate), and method comprising:
configuring a network access control list (NACL) of a first subset of a private computer network to deny a traffic destined to a public computer network, the first subnet comprising a blackhole subset (see paragraphs [0058]-[0059] where the advertisement of a blocked site acts as a NACL using blackhole routing based on IP blocks); and
configuring the first subset of the private computer network, the first subset associated with one or more computer devices that include a private network address translation (NAT) gateway, to perform egress control including operations of: receiving from a second subset in the private computer network the traffic destined to the public computer network, and in response to the traffic to egress to a blocked destination on the public computer network, discarding the traffic (see paragraphs [0056]-[0058] where the edge routers, i.e. a NAT gateway, are configured to receive requests from devices and block the egress of those not authorized, i.e. those destined or from the attacked site).
Cho et al. fails to disclose the subsets of the network (i.e. the IP blocks), are explicitly subnets.
However, Aithal et al. teaches the use of subnets as part of traffic filtering (see Fig. 7 and column 11 line 62 through column 12 line 12),
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to substitute subnets in place of the IP blocks in the Cho et al. system with the predictable result of blackhole routing using subnets.
While the modified Cho et al. and Aithal et al. system generally teaches blocking traffic, there lacks an explicit teaching of determining traffic authorization.
However, Leblond et al. teaches the explicit blocking of certain traffic and allowing of other traffic, i.e. authorized traffic (see paragraph [0052] where outgoing DNS traffic is allowed).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to allow certain authorized traffic in the modified Cho et al. and Aithal et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to have a granular protection system that won’t stop all traffic.
While the modified Cho et al., Aithal et al. and Leblond et al. system discloses receiving additional traffic from the second subnet; determining that the additional traffic is destined to the public computer network determine this traffic includes a type of traffic that is exempt from being discarded and routing the additional traffic to the public computer network (see Cho et al. paragraphs [0054]-[0058] and Leblond et al. paragraph [0052]), there lacks an explicit teaching that the type of data includes data traffic related to core cloud services.
However, Bonomi et al. teaches a firewall with a security group function that, by default, blocks outbound traffic and only permits traffic to specific component where these component are cloud controller components (see paragraphs [0053] and [0071] where cloud controller components are considered core cloud services).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include the various rules of Bonomi et al. in the modified Cho et al., Aithal et al. and Leblond et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to have a more granular set of protections for the network thereby providing more flexibility.
As per claims 2, 9, and 16, the modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system discloses configuring a first route table associated with the first subnet to define a first route to the private NAT gateway for at least the traffic generated in the second subnet and destined to the public computer network (see Cho et al. paragraph [0064] the next-hop routing as combined above).
As per claims 4, 11, and 18, he modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system discloses configuring a second route table associated with the second subnet to define a second route for the traffic generated in the second subnet and destined to the public computer network to the private NAT gateway of the first subnet (see Cho et al. paragraph [0064] and Aithal et al. column 24 lines 8-10).
As per claims 7, 14, and 20, he modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system discloses the private computer network is a virtual private cloud (VPC) associated with a cloud environment (see Aithal et al. Fig. 7 and column 23 lines 51-52).
As per claim 26, he modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system discloses the NACL includes at least one of an email address, an IP address, a domain name, or an application associated with the portion of the traffic (see Bonomi et al. paragraphs [0053] and [0071]).
Claims 5, 12, 19, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over he modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system as applied to claims 1, 4, 11, and 18 above, and further in view of Rossman (US 10484331).
As per claims 5, 12, 19, and 24, he modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system discloses receiving additional traffic from the second subnet; determining that the additional traffic is destined to the public computer network; determining that the additional traffic includes a type of data qualifying as an exception from being discarded; and routing the additional traffic to the public computer network (see Cho et al. paragraphs [0056]-[0058]), but fails to explicitly disclose logging traffic information.
However, Rossman teaches various components in the network that log traffic information (see column 5 line 51 through column 6 line 5).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include logging in the modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow for error and anomaly checking within a history of traffic.
Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over the modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system as applied to claim 1 above, and further in view of Wang (US 20210006594).
As per claim 25, he modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system fails to explicitly disclose the portion of the traffic includes at least one data packet with a destination IP address 0.0.0.0/0.
However, Wang teaches a rule based on a destination IP address 0.0.0.0/0 (see paragraph [0064]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to use the specific forwarding rule of Wang in the modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow a simple and easy to identify rule for forwarding traffic.
Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over the modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system as applied to claim 1 above, and further in view of Parla et al. (US 20230370424).
As per claim 27, he modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system fails to explicitly disclose establishing, via a proxy server, an HTTP connect tunnel for the additional traffic in response determining that the type of data qualifies as the exception from being discarded.
However, Parla et al. teaches establishing, via a proxy server, an HTTP connect tunnel for the additional traffic in response determining that the type of data qualifies as the exception from being discarded (see paragraphs [0047]-[0051 where the authorized traffic is transmitted using the tunnel).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to use the tunnel of Parla et al. in the modified Cho et al., Aithal et al., Leblond et al., and Bonomi et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow transmission without additional encryption.
Response to Arguments
Applicant’s arguments with respect to the prior art rejection claim(s) 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18-20, and 23-27 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are directed to blackhole routing.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571) 270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Michael Pyzocha/ Primary Examiner, Art Unit 2409