DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1, 2, 4-7, 9, 10, 23 and 24 have been examined.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/29/25 is being considered by the examiner.
Response to Arguments
Applicant’s arguments with respect to claims 1, 2, 4-7, 9, 10, 23 and 24 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Specifically, Mohammed, U.S. 2025/0039141, is relied upon for disclosure of amended features of generating mapping and routing of network packet based on capability of routers in order to execute specific security features supported by the routers.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 4-7, 9, 10, 23 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Pham et al. U.S. Pub. No. 2017/0195292 (hereinafter Pham) in view of Mohammed et al. U.S. 2025/0039141 (hereinafter Mohammed).
As per claim 1 and 6, Pham discloses a network management system (NMS)/method for a software-defined network (SDN) having multiple network service gateways (NSGs), the NMS comprising:
at least one processor; and
at least one memory storing instructions that, upon being executed by the at least one processor, cause the NMS at least to:
establishing an initial security header value for user packets, wherein the initial security header value indicates whether one or more security operations are to be performed for the user packets (Pham: Fig. 1C; [0008]: OpenFlow protocols offer high degree of flexibility to define new rules to be used and taken by network security devices; [0043]-[0047]: header information specifies rules associated with packet flows); and
configuring a mapping that identifies which NSGs are enabled to perform which security operations (Pham: [0010]: SDN switch transmit packet processing rules to gateway devices to perform security processing on packets, the rules specify a first type of security processing is performed by the first security device, and second type of security processing is performed by second security device; [0029]: network security devices may be any of IPS, IDS, gateway device, network controller device, etc.; [0038]: each network security device can be dynamically mapped for packet processing);
wherein the NMS is adapted to: receive resource metric telemetry data from the NSGs characterizing operations of the NSGs; and generate the mapping based on the resource metric telemetry data (Pham: [0008]: load balancing; [0038] and [0047]: perform network monitoring as flow based statistics collection function, session tracking, or perform load balancing functions).
Pham does not explicitly disclose routing the user packets to different NSGs based on which security operations are supported by the different NSGs. However, Mohammed discloses requesting and receiving capability of network devices, i.e. routers or network security devices, to perform security features of a network security solution and configure routers to execute specific security features on network packet (Mohammed: [0010]-[0011]: request capability information from routers and determine how the security features will be executed by different routers based on capability information gathered). It would have been obvious to one having ordinary skill in the art to request and gather information and capabilities of various network gateway devices/routers to properly assign packet processing because they are analogous art. The motivation to combine would be to improve efficiency of resource use, data management, and network security.
Pham as modified does not explicitly recite the steps of transmitting security header value and mapping to NSGs to perform security operations. However, Pham teaches or at least suggests dynamically map network security devices to SDN switch to selectively perform security operations in SDN (Pham: [0038]: the SDN can be set up with one-to-one, many-to-one, or one-to-many mapping between network security devices and FPUs). It would have been obvious to one having ordinary skill in the art to transmit security header value and policies to network security devices/NSGs to properly perform security operations and route packet to intended destination as specified by SDN controller.
As per claim 2 and 7, Pham as modified discloses or suggests the limitations of claims 1 and 6 respectively. Pham further discloses wherein the NSGs are part of a cluster of NSGs (Pham: [0010]: data path chaining or service group chaining).
As per claim 4 and 9, Pham as modified discloses or suggests the limitations of claims 1 and 6 respectively. Pham further discloses wherein the NMS is adapted to transmit, to the NSGs, at least two different instances of the initial security header value for user packets of at least two different packet flows in the SDN (Pham: Fig. 1C: different rules for different packet flows).
As per claim 5 and 10, Pham as modified discloses or suggests the limitations of claims 1 and 6 respectively. Pham further discloses wherein the NMS is adapted to transmit, to the NSGs, at least two different instances of the mapping for user packets of at least two different packet flows in the SDN (Pham: Fig. 1C; [0038]: network security device may be dynamically associated using a load balancing approach; [0044]).
As per claim 23 and 24, Pham as modified discloses or suggests the limitations of claims 1 and 6 respectively. Pham as modified further discloses wherein the network is a software-defined network (SDN) (Pham: [0010]: SDN switch ;Mohammed: [0018]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789. The examiner can normally be reached Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431