Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsMellanox Technologies Ltd. › 18649319
Last updated: May 29, 2026
Application No. 18/649,319

NETWORK PIPELINE ABSTRACTION LAYER (NPAL) OPTIMIZED PIPELINE FOR NETWORK ACCELERATION

Final Rejection §102
Filed
Apr 29, 2024
Examiner
LESNIEWSKI, VICTOR D
Art Unit
2493
Tech Center
2400 — Computer Networks
Assignee
Mellanox Technologies Ltd.
OA Round
2 (Final)
58%
Grant Probability
Moderate
3-4
OA Rounds
1y 3m
Est. Remaining
99%
With Interview

This examiner grants 58% of cases after interview

+56.0% interview lift. A telephonic interview to clarify the technical implementation could significantly improve the outcome.
Based on 481 resolved cases, 2023–2026

Examiner Intelligence

LESNIEWSKI, VICTOR D View full profile →
Grants 58% of resolved cases
58%
Career Allowance Rate
280 granted / 481 resolved
At TC average
Strong +56% interview lift
Without
With
+56.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
22 currently pending
Career history
506
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
86.9%
+46.9% vs TC avg
§102
9.0%
-31.0% vs TC avg
§112
0.8%
-39.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 481 resolved cases

Office Action

§102
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The amendment filed 3/5/2026 has been placed of record in the file. Claims 12, 13, 19, and 20 have been amended. Claims 1-20 are pending. The applicant’s arguments with respect to claims 1-20 have been fully considered but they are not persuasive as discussed below. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kutch et al. (U.S. Patent Application Publication Number 2021/0117360), hereinafter referred to as Kutch. Regarding claim 1, Kutch discloses a data processing unit (DPU) comprising: DPU hardware comprising a processing device and an acceleration hardware engine (paragraph 56, integrated in xPU, and paragraph 311, xPU includes DPU, and paragraph 54, acceleration hardware); and a memory operatively coupled to the DPU hardware, the memory to store DPU software comprising a network pipeline abstraction layer (NPAL) that supports multiple network protocols and network functions in a network pipeline, wherein the network pipeline comprises a set of tables and logic organized in a specific order to be accelerated by the acceleration hardware engine, wherein the acceleration hardware engine is to process network traffic data using the network pipeline (paragraph 61, mapping packet processing pipeline stages between software and accelerator hardware). Regarding claim 2, Kutch discloses wherein the network pipeline comprises: an input port to receive the network traffic data (paragraph 85, packet input); a filtering network function operatively coupled to the input port, the filtering network function to filter the network traffic data (paragraph 276, packet filtering); an ingress port operatively coupled to the filtering network function (paragraph 276, ingress); a first network function operatively coupled to the ingress port, the first network function to process the network traffic data using one or more ingress Access Control Lists (ACLs) (paragraph 276, classify ingress packets, and paragraph 85, ACL operations); a bridge operatively coupled to the first network function, the bridge to perform a layer 2 (L2) bridging operation (paragraph 276, L2 level); one or more Switched Virtual Interface (SVI) ACLs operatively coupled to the bridge (paragraph 276, packet inspection at L2, and paragraph 85, ACL operations); a router operatively coupled to the SVI ACLs, the router to perform a layer 3 (L3) routing operation (paragraph 276, L3 level); a second network function operatively coupled to the router, the second network function to process the network traffic data using one or more egress ACLs (paragraph 276, packet inspection at L3, and paragraph 85, ACL operations); and an egress port operatively coupled to the second network function (paragraph 276, egress); and an output port to output the network traffic data (paragraph 85, packet output). Regarding claim 3, Kutch discloses wherein the ACLs comprise at least one of a static ACL or a dynamic ACL (paragraph 66, accelerators for access control operations are fixed or programmable). Regarding claim 4, Kutch discloses wherein the network pipeline comprises: an input port to receive the network traffic data (paragraph 85, packet input); a filtering network function operatively coupled to the input port, the filtering network function to filter the network traffic data (paragraph 276, packet filtering); an ingress port operatively coupled to the filtering network function (paragraph 276, ingress), the ingress port having a first network function to perform first virtual local area network (VLAN) mapping on the network traffic data (paragraph 157, mapping with VLAN tags); a second network function operatively coupled to the ingress port, the second network function to process the network traffic data using one or more ingress Access Control Lists (ACLs) (paragraph 276, classify ingress packets, and paragraph 85, ACL operations); a bridge operatively coupled to the second network function, the bridge to perform a layer 2 (L2) bridging operation (paragraph 276, L2 level); one or more Switched Virtual Interface (SVI) ACLs operatively coupled to the bridge (paragraph 276, packet inspection at L2, and paragraph 85, ACL operations); a router operatively coupled to the SVI ACLs, the router to perform a layer 3 (L3) routing operation (paragraph 276, L3 level); a third network function operatively coupled to the router, the third network function to process the network traffic data using one or more egress ACLs (paragraph 276, packet inspection at L3, and paragraph 85, ACL operations); and an egress port operatively coupled to the third network function (paragraph 276, egress), the egress port having a fourth network function to perform second VLAN mapping on the network traffic data (paragraph 157, mapping with VLAN tags); and an output port to output the network traffic data (paragraph 85, packet output). Regarding claim 5, Kutch discloses wherein the network pipeline comprises two or more of the following: a first network function to perform layer 2 (L2) bridging; a second network function to perform layer 3 (L3) routing; a third network function to perform tunnel encapsulation or tunnel decapsulation; a fourth network function to perform a hash calculation; a fifth network function to perform an Equal-Cost Multi-Path (ECMP) operation; a sixth network function to perform a Connection Tracking (CT) operation; or a seventh network function to perform a network address translation (NAT) operation (paragraph 276, VPN handling, routing and forwarding, NAT, etc.). Regarding claim 6, Kutch discloses wherein the network pipeline abstraction layer comprises a set of applications programming interfaces (APIs) or classes that provide a unified interface to one or more applications executed by the processing device (paragraph 87, APIs to configure rules). Regarding claim 7, Kutch discloses wherein the network pipeline comprises: an input port (paragraph 85, packet input); an ingress dynamic or static Access Control List (ACL) (paragraph 276, ingress, and paragraph 85, ACL operations); a bridge (paragraph 276, L2 level); a router (paragraph 276, L3 level); an egress dynamic or static ACL (paragraph 276, egress, and paragraph 85, ACL operations); and an output port (paragraph 85, packet output). Regarding claim 8, Kutch discloses a computing system comprising: a host device (paragraph 58, host); an integrated circuit coupled to the host device and a network (paragraph 56, chip package), wherein the integrated circuit comprises: a network interconnect coupled to the network (paragraph 58, Network Interface Manager); a host interconnect coupled to the host device (paragraph 58, Host Interface Manager); an acceleration hardware engine (paragraph 58, workload accelerator); a memory to store DPU software comprising a network pipeline abstraction layer (NPAL) that supports multiple network protocols and network functions in a network pipeline, wherein the network pipeline comprises a set of tables and logic organized in a specific order to be accelerated by the acceleration hardware engine, wherein the acceleration hardware engine is to process network traffic data using the network pipeline (paragraph 61, mapping packet processing pipeline stages between software and accelerator hardware). Regarding claim 9, Kutch discloses wherein the integrated circuit is at least one of a data processing unit (DPU), a network interface card (NIC), a network interface device, or a switch, wherein the DPU is a programmable data center infrastructure on a chip (paragraph 56, chip package, and paragraph 56, integrated in xPU, and paragraph 311, xPU includes DPU). Regarding claim 10, Kutch discloses wherein the network pipeline comprises: an input port to receive the network traffic data (paragraph 85, packet input); a filtering network function operatively coupled to the input port, the filtering network function to filter the network traffic data (paragraph 276, packet filtering); an ingress port operatively coupled to the filtering network function (paragraph 276, ingress); a first network function operatively coupled to the ingress port, the first network function to process the network traffic data using one or more ingress Access Control Lists (ACLs) (paragraph 276, classify ingress packets, and paragraph 85, ACL operations); a bridge operatively coupled to the first network function, the bridge to perform a layer 2 (L2) bridging operation (paragraph 276, L2 level); one or more Switched Virtual Interface (SVI) ACLs operatively coupled to the bridge (paragraph 276, packet inspection at L2, and paragraph 85, ACL operations); a router operatively coupled to the SVI ACLs, the router to perform a layer 3 (L3) routing operation (paragraph 276, L3 level); a second network function operatively coupled to the router, the second network function to process the network traffic data using one or more egress ACLs (paragraph 276, packet inspection at L3, and paragraph 85, ACL operations); and an egress port operatively coupled to the second network function (paragraph 276, egress); and an output port to output the network traffic data (paragraph 85, packet output). Regarding claim 11, Kutch discloses wherein the ACLs comprise at least one of a static ACL or a dynamic ACL (paragraph 66, accelerators for access control operations are fixed or programmable). Regarding claim 12, Kutch discloses wherein the network pipeline comprises: an input port to receive the network traffic data (paragraph 85, packet input); a filtering network function operatively coupled to the input port, the filtering network function to filter the network traffic data (paragraph 276, packet filtering); an ingress port operatively coupled to the filtering network function (paragraph 276, ingress), the ingress port having a first network function to perform first virtual local area network (VLAN) mapping on the network traffic data (paragraph 157, mapping with VLAN tags); a second network function operatively coupled to the ingress port, the second network function to process the network traffic data using one or more ingress Access Control Lists (ACLs) (paragraph 276, classify ingress packets, and paragraph 85, ACL operations); a bridge operatively coupled to the second network function, the bridge to perform a layer 2 (L2) bridging operation (paragraph 276, L2 level); one or more Switched Virtual Interface (SVI) ACLs operatively coupled to the bridge (paragraph 276, packet inspection at L2, and paragraph 85, ACL operations); a router operatively coupled to the SVI ACLs, the router to perform a layer 3 (L3) routing operation (paragraph 276, L3 level); a third network function operatively coupled to the router, the third network function to process the network traffic data using one or more egress ACLs (paragraph 276, packet inspection at L3, and paragraph 85, ACL operations); and an egress port operatively coupled to the third network function (paragraph 276, egress), the egress port having a fourth network function to perform second VLAN mapping on the network traffic data (paragraph 157, mapping with VLAN tags); and an output port to output the network traffic data (paragraph 85, packet output). Regarding claim 13, Kutch discloses wherein the network pipeline comprises two or more of the following: a first network function to perform layer 2 (L2) bridging; a second network function to perform layer 3 (L3) routing; a third network function to perform tunnel encapsulation or tunnel decapsulation; a fourth network function to perform a hash calculation; a fifth network function to perform an Equal-Cost Multi-Path (ECMP) operation; a sixth network function to perform a Connection Tracking (CT) operation; or a seventh network function to perform a network address translation (NAT) operation (paragraph 276, VPN handling, routing and forwarding, NAT, etc.). Regarding claim 14, Kutch discloses wherein the network pipeline abstraction layer comprises a set of applications programming interfaces (APIs) or classes that provide a unified interface to one or more applications executed by the integrated circuit (paragraph 87, APIs to configure rules). Regarding claim 15, Kutch discloses wherein the network pipeline comprises: an input port (paragraph 85, packet input); an ingress dynamic or static Access Control List (ACL) (paragraph 276, ingress, and paragraph 85, ACL operations); a bridge (paragraph 276, L2 level); a router (paragraph 276, L3 level); an egress dynamic or static ACL (paragraph 276, egress, and paragraph 85, ACL operations); and an output port (paragraph 85, packet output). Regarding claim 16, Kutch discloses a method of operating a data processing unit (DPU) (paragraph 56, integrated in xPU, and paragraph 311, xPU includes DPU), the method comprising: executing one or more instructions of a network pipeline abstraction layer (NPAL) that supports multiple network protocols and network functions in a network pipeline, wherein the network pipeline comprises a set of tables and logic organized in a specific order to be accelerated by an acceleration hardware engine of the DPU (paragraph 61, mapping packet processing pipeline stages between software and accelerator hardware); receiving network traffic data over a network (paragraph 55, ingress traffic); and processing, using the acceleration hardware engine of the DPU, the network traffic data using the network pipeline (paragraph 61, mapping packet processing pipeline stages between software and accelerator hardware). Regarding claim 17, Kutch discloses wherein the network pipeline comprises: an input port to receive the network traffic data (paragraph 85, packet input); a filtering network function operatively coupled to the input port, the filtering network function to filter the network traffic data (paragraph 276, packet filtering); an ingress port operatively coupled to the filtering network function (paragraph 276, ingress); a first network function operatively coupled to the ingress port, the first network function to process the network traffic data using one or more ingress Access Control Lists (ACLs) (paragraph 276, classify ingress packets, and paragraph 85, ACL operations); a bridge operatively coupled to the first network function, the bridge to perform a layer 2 (L2) bridging operation (paragraph 276, L2 level); one or more Switched Virtual Interface (SVI) ACLs operatively coupled to the bridge (paragraph 276, packet inspection at L2, and paragraph 85, ACL operations); a router operatively coupled to the SVI ACLs, the router to perform a layer 3 (L3) routing operation (paragraph 276, L3 level); a second network function operatively coupled to the router, the second network function to process the network traffic data using one or more egress ACLs (paragraph 276, packet inspection at L3, and paragraph 85, ACL operations); and an egress port operatively coupled to the second network function (paragraph 276, egress); and an output port to output the network traffic data (paragraph 85, packet output). Regarding claim 18, Kutch discloses wherein the ACLs comprise at least one of a static ACL or a dynamic ACL (paragraph 66, accelerators for access control operations are fixed or programmable). Regarding claim 19, Kutch discloses wherein the network pipeline comprises: an input port to receive the network traffic data (paragraph 85, packet input); a filtering network function operatively coupled to the input port, the filtering network function to filter the network traffic data (paragraph 276, packet filtering); an ingress port operatively coupled to the filtering network function (paragraph 276, ingress), the ingress port having a first network function to perform first virtual local area network (VLAN) mapping on the network traffic data (paragraph 157, mapping with VLAN tags); a second network function operatively coupled to the ingress port, the second network function to process the network traffic data using one or more ingress Access Control Lists (ACLs) (paragraph 276, classify ingress packets, and paragraph 85, ACL operations); a bridge operatively coupled to the second network function, the bridge to perform a layer 2 (L2) bridging operation (paragraph 276, L2 level); one or more Switched Virtual Interface (SVI) ACLs operatively coupled to the bridge (paragraph 276, packet inspection at L2, and paragraph 85, ACL operations); a router operatively coupled to the SVI ACLs, the router to perform a layer 3 (L3) routing operation (paragraph 276, L3 level); a third network function operatively coupled to the router, the third network function to process the network traffic data using one or more egress ACLs (paragraph 276, packet inspection at L3, and paragraph 85, ACL operations); and an egress port operatively coupled to the third network function (paragraph 276, egress), the egress port having a fourth network function to perform second VLAN mapping on the network traffic data (paragraph 157, mapping with VLAN tags); and an output port to output the network traffic data (paragraph 85, packet output). Regarding claim 20, Kutch discloses wherein the network pipeline comprises two or more of the following: a first network function to perform layer 2 (L2) bridging; a second network function to perform layer 3 (L3) routing; a third network function to perform tunnel encapsulation or tunnel decapsulation; a fourth network function to perform a hash calculation; a fifth network function to perform an Equal-Cost Multi-Path (ECMP) operation; a sixth network function to perform a Connection Tracking (CT) operation; or a seventh network function to perform a network address translation (NAT) operation (paragraph 276, VPN handling, routing and forwarding, NAT, etc.). Response to Arguments In the remarks, the applicant has argued: <Argument 1> Kutch does not disclose the features of independent claim 1 because he does not disclose “a memory operatively coupled to the DPU hardware, the memory to store DPU software comprising a network pipeline abstraction layer (NPAL)” as recited in claim 1. <Argument 2> Kutch does not disclose the features of independent claim 1 because he does not disclose “a network pipeline abstraction layer (NPAL) that supports multiple network protocols and network functions in a network pipeline” as recited in claim 1. <Argument 3> Kutch does not disclose the features of independent claim 1 because he does not disclose “wherein the network pipeline comprises a set of tables and logic organized in a specific order to be accelerated by the acceleration hardware engine” as recited in claim 1. <Argument 4> Kutch does not disclose the features of dependent claim 2 because he does not disclose the components of the network pipeline as arranged and operatively coupled in the expressly recited sequence. In response to argument 1, Kutch does disclose the features as recited in claim 1. The rejection cites paragraph 61, which shows the ability to map packet processing pipeline stages between software and the accelerator hardware. This is seen to meet the limitation at hand as it is the software-defined processing that effectuates the pipeline configuration. The claim does not define the term “network pipeline abstraction layer” beyond such an interpretation. In response to argument 2, Kutch does disclose the features as recited in claim 1. The rejection cites paragraph 61, which shows the ability to map packet processing pipeline stages between software and the accelerator hardware. This is seen to meet the limitation at hand as the listed networking applications clearly have different protocols and functions. Here the applicant states that “The cited passage addresses distribution of execution, not the presence of an abstraction layer providing protocol and function support in a defined pipeline.” However, Kutch clearly teaches software-defined processing that effectuates the pipeline configuration, where the various protocols and functions of different applications are supported. The applicant also states that Kutch’s disclosure “concerns programmability of execution placement.” However, the processing is still software-defined as discussed herein above. In response to argument 3, Kutch does disclose the features as recited in claim 1. The rejection cites paragraph 61, which shows the ability to map packet processing pipeline stages between software and the accelerator hardware. This is seen to meet the limitation at hand as the pipeline clearly represents stages for the accelerator hardware. Here the applicant states that Kutch’s mapping framework “is directed to allocation of processing stages rather than definition of a pipeline comprising tables and logic arranged in a specific order.” However, Kutch’s processing stages clearly are a pipeline. Kutch’s mapping is software-defined and as such inherently uses the data structures and code of the software. For example, Kutch explicitly states the use of tables at, inter alia, paragraph 157. In response to argument 4, Kutch does disclose the features as recited in claim 2. The rejection shows various examples of pipeline stages as cited at paragraphs 85 and 276. This is seen to meet the limitation at hand as the very nature of a pipeline implies “sequence” and Kutch clearly states the use of configurable entry and exit points. See again paragraph 61. Since Kutch discloses all of the recited components as well as the flexibility of pipeline configuration, Kutch meets the limitations as claimed. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Victor Lesniewski/Primary Examiner, Art Unit 2493
Read full office action

Prosecution Timeline

Apr 29, 2024
Application Filed
Aug 11, 2025
Response after Non-Final Action
Oct 10, 2025
Response after Non-Final Action
Jan 16, 2026
Non-Final Rejection mailed — §102
Mar 05, 2026
Response Filed
Apr 07, 2026
Final Rejection mailed — §102 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/835,074
Patent 12579276
Application Vulnerability Score Based on Stack Traces
3y 9m to grant Granted Mar 17, 2026
18/733,543
Patent 12580945
SIMULATION AND VISUALIZATION OF MALWARE SPREAD THROUGH SHARING OF DATA OBJECTS IN CLOUD APPLICATIONS
1y 9m to grant Granted Mar 17, 2026
18/162,011
Patent 12568378
SYSTEM AND METHOD FOR VALIDATING AUTHORITY OF DEVICE BASED ON IP ADDRESS
3y 1m to grant Granted Mar 03, 2026
18/258,234
Patent 12567970
METHOD FOR MANAGING A ONE-TIME-PASSWORD
2y 8m to grant Granted Mar 03, 2026
18/696,479
Patent 12566854
METHOD FOR DETECTING MOBILE MALICIOUS APPLICATION BASED ON IMPLEMENTATION FEATURES, RECORDING MEDIUM, AND DEVICE FOR PERFORMING THE METHOD
1y 11m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
58%
Grant Probability
99%
With Interview (+56.0%)
3y 4m (~1y 3m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 481 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month