DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. This communication is in response to amendments filed on 03/03/2026.
Claims 1, 4, 7, 9, 12, 14, and 16-20 have been amended.
Claims 1-20 remain pending.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
2. Claims 1-8 remain rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. As previously noted, the claims do not fall within at least one of the four categories of patent eligible subject matter because they are directed to a third-party gateway comprising “a layer four load balancer”, “a plurality of forward proxy servers”, and “a management backend”, each element broad enough to be implemented as software, as supported in the specification.
In response to this rejection, Applicant asserts that the technical solution of claim 1 improves the functioning of a computer network itself, and therefore the subject matter of claim 1 includes significantly more elements and is not simply executing an abstract logic on a general-purpose computer. However, the rejection is based on the broadest reasonable interpretation of the claimed elements of the third-party gateway (a layer four load balancer, a plurality of forward proxy servers, and a management backend) being only software without any corresponding hardware, not for being an abstract idea. Although the preamble has been amended to state that the third-party gateway is implemented by a processor executing instructions, this does not sufficiently link the structural processor to the claimed functionalities.
Applicant is urged to amend the claim to specify that the gateway comprises a processor (and a memory storing instructions), and specify that the processor executing the instructions is what causes the gateway to perform the claimed functionalities in order to overcome the rejection.
Double Patenting
3. Per Applicant’s request in response to the previously raised double patenting rejection of claims 1-20 over claims 1-5, 7-13, 15-17, 20 and 29 of US Patent 11,677,723, the rejection will be held in abeyance until one or more of the claims is found to be allowable.
Response to Arguments
4. Applicant's arguments asserting that the previous combination of the applied Good, Bowen, and Ramirez references fail to disclose or render obvious a combination comprising “a layer four load balancer”, “a plurality of forward proxy servers”, “a management backend configured to provide configuration implementation to the plurality of forward proxy servers, the configuration implementation specifying one or more processing parameters for each of the forward proxy servers”, “each forward proxy server of the plurality of forward proxy servers is configured to perform layer seven network traffic processing on network traffic received from the layer four load balancer in accordance with the one or more processing parameters, the network traffic being directed to a third-party host residing external to a virtual private datacenter in which the third-party gateway for security and privacy resides”, and “the third-party gateway processes, in response to an egress rule update, network traffic based on a new configuration implementation”, as recited in independent claim 1 and similarly in claims 9 and 16, have been fully considered but they are only partially persuasive.
It is first noted that Applicant’s arguments with regards to the Bowen reference are moot, as this reference is no longer relied upon in the rejection. In view of the new claim amendment, the newly applied Landgraf reference has replaced Bowen.
With regards to Good, Applicant first asserts that Good relates to packet inspection and the proxy instances in Good perform security processing based on rules, and that therefore Good falls under the category of intrusion detection or prevention. It is first noted that the claimed invention, similarly to Good, is directed to network traffic flowing through proxies to perform security processing based on rules. The claim language is silent regarding any specific purpose or improvement associated with the claimed features, nor to the limitations provide any description of a particular environment in such a way that distinguishes from the corresponding teachings of Good. It is therefore submitted that Good’s method of packet inspection does not negate the correlating features.
Applicant further argues that, in Good, traffic from external end uses is received, rather than traffic flowing from internal services of a virtual private datacenter to a third-party host outside the virtual private datacenter. In response, it is noted that Good is not relied upon for teaching the limitation that network traffic is directed to a third-party host residing external to a virtual private datacenter in which the third-party gateway for security and privacy resides, but that it is the newly applied Landgraf reference which expressly teaches this limitation. Additionally, the claim limitations which Good is relied upon for teaching lack any description of features or characteristics that are specific to traffic flowing in one particular direction or the other. It is therefore submitted that the same process of a proxy processing traffic for security between an internal network and external network could be applied regardless of the direction of the traffic.
Regarding the newly amended limitation reciting, “wherein the third-party gateway processes, in response to an egress rule update, network traffic based on a new configuration implementation”, Applicant acknowledges that, in Good, rules, configurations and software updates are pushed to and synchronized with the proxies, but asserts that Good does not disclose how outbound rule changes are used as trigger events to enable rapid switching of proxy configurations for handling subsequent traffic. This language argued by Applicant is far narrower than the language of the claims. Good unambiguously teaches that the proxy instances process network traffic based on a new configuration, although it is conceded that Good does not explicitly disclose an egress rule update. However, as cited below, it is the Landgraf reference currently relied upon for teaching this amended limitation.
It is therefore submitted that the combination of Good and Landgraf teach each of the limitations of the independent claims, except that the load balancer is a layer four load balancer, as taught by Ramirez. Ramirez is merely relied upon as support for a load balancer being a layer four load balancer. Nothing in the claims describe any specific enhancement or improvement of the system based on this particular feature.
The rejection is therefore maintained.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
5. Claims 1, 2, 5, 9, 10, 15, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Good et al. (US 2017/0324847, cited in the IDS dated 12/19/2024) in view of Landgraf (US 2018/0007002) and in further view of Ramirez (Layer 4 vs Layer 7 Proxy Mode (Understanding the Difference), cited in the IDS dated 02/27/2024).
Regarding claim 1, Good teaches a third-party gateway for security and privacy, implemented by a processor executing instructions, comprising:
a load balancer (external load balancer 202 of FIG. 2);
a plurality of forward proxy servers (proxy instances 204, 206, or 208 of FIG. 2);
a management backend configured to provide a configuration implementation to the plurality of forward proxy servers, the configuration implementation specifying one or more processing parameters for each of the forward proxy servers (the NAT instance 218, or another instance, can act as a master instance, propagated configuration and rule changes, software updates, and the like to the proxy instances 204, 206, and 208, [0032]),
wherein each forward proxy server of the plurality of forward proxy servers is configured to perform layer seven network traffic processing on network traffic received from the load balancer in accordance with the one or more processing parameters (External load balancer 202 can send all the packets of a given stream to a single proxy instance, such as one of proxy instances 204, 206, or 208, [0022]; Proxy instances 204, 206, and 208 can inspect the packets, such as by comparing the packets to a traffic signature of a known malicious network activity, [0024]; the proxy instance can perform deep packet inspection to identify malicious packets by inspecting any or all of network layers 3 to 7 (3-Network Layer, 4-Transport Layer, 5-Session Layer, 6-Presentation Layer, 7-Application Layer), [0034]); and
wherein the third-party gateway processes, in response to a rule update, network traffic based on a new configuration implementation (The proxy instance 204 can receive a packet and processes it according to rules present in the Linux kernel iptables system, [0025]; the NAT instance 218, or another instance, can act as a master instance, propagated configuration and rule changes, software updates, and the like to the proxy instances 204, 206, and 208, [0032]; updates to the rules and/or the software being executed on the proxy instances may be needed. An administrator can push rule or configuration changes or software updates to a master instance, [0041]).
However, Good does not explicitly teach the network traffic being directed to a third-party host residing external to a virtual private datacenter in which the third-party gateway for security and privacy resides, or an egress rule update.
Landgraf teaches network traffic being directed to a third-party host residing external to a virtual private datacenter in which a third-party gateway for security and privacy resides (a list of enterprise facility 102 external network locations/applications that may or may not be accessed by the client facility, [0038]; provide outbound gateway protection that can flexibly handle traffic, [0102]; The worker gateways 420, individually and collectively, may serve as a firewall gateway(s) for endpoints located in the first virtual private cloud 402 or other virtual private clouds 430, 432. In some implementations, the other virtual private clouds 430, 432, include clients 433 that may make outbound network requests, and load balancer gateways 435A-435D, generally 435, which communicate the outbound network traffic to the worker gateways 420 in the first virtual private cloud 402, [0103]); and
wherein the third-party gateway processes, in response to an egress rule update, network traffic based on a new configuration implementation (providing an outbound gateway system includes provisioning one or more worker gateways located in a first gateway virtual private cloud, the one or more worker gateways receiving configuration data from a controller gateway, [0005]; scan an outgoing file and verify that the outgoing file is permitted to be transmitted per the enterprise facility 102 rules and policies, [0046]; the network access rule facility 124 may provide updated rules and policies to the enterprise facility 102, [0050]; a policy management facility that may include a set of rules or policies for access and permissions for the gateway 304 and the endpoint 302, such as access permissions associated with the network, applications, external computer devices, [0096]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to configure rules on a gateway for network traffic being sent externally in the system/method of Good as suggested by Landgraf for added security. One would be motivated to combine these teachings to ensure that sensitive information is protected and not improperly transferred.
However, Good-Landgraf do not explicitly disclose the load balancer is a layer four load balancer.
Ramirez teaches a layer four load balancer (Layer 4 of the OSI model is the Transport layer, page 3, Layer 4 Proxy Mode; It works well for load balancing services, page 4).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a layer four load balancer in the system/method of Good-Landgraf as suggested by Ramirez to efficiently load balance communications based on transport layer packet information. One would be motivated to combine these teachings because not requiring inspection or modification of application data when distributing traffic allows for fast throughput of a large amount of traffic.
Regarding claim 2, Good teaches the third-party gateway for security and privacy of claim 1, wherein the load balancer is configured to receive network traffic from a service (External load balancer 202 receives traffic from a plurality of end users 220, [0022]), determine at least one forward proxy server to send a portion of the received network traffic for further processing (external load balancer 202 can allocate network streams to proxy instances 204, 206, and 208 according to the load experienced by each of the proxy instances. For example, if proxy instance 204 has the lowest load, the next incoming network stream can be allocated to proxy instance 204, [0022]), and route the portion of the received network traffic to the determined at least one forward proxy server (At 504, the load balancer can allocate the stream to a proxy instance. In various embodiments, the stream can be allocated based on the load on the proxy instances, [0033]).
However, Good does not explicitly disclose the network traffic is from a service within the virtual private datacenter.
Landgraf teaches receiving network traffic from a service within the virtual private datacenter (policy management that may be able to control legitimate applications, such as VoIP, instant messaging, peer-to-peer file-sharing, and the like, that may undermine productivity and network performance within the enterprise facility 102, [0029]; determining if a client facility application should be granted access to a requested network location. The network location may be on the same network as the facility or may be on another network, [0048]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to apply policies to packets being sent externally in the system/method of Good as suggested by Landgraf for added security. One would be motivated to combine these teachings to ensure that an enterprise’s sensitive information is not improperly transferred.
However, Good-Landgraf do not explicitly disclose a layer four load balancer.
Ramirez teaches the layer four load balancer (Layer 4 of the OSI model is the Transport layer, page 3, Layer 4 Proxy Mode; It works well for load balancing services, page 4).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a layer four load balancer in the system/method of Good-Landgraf as suggested by Ramirez to efficiently load balance communications based on transport layer packet information. One would be motivated to combine these teachings because not requiring inspection or modification of application data when distributing traffic allows for fast throughput of a large amount of traffic.
Regarding claim 5, Good teaches the third-party gateway for security and privacy of claim 1, wherein when a host or service associated with a request that is received from within the virtual private datacenter does not match a corresponding host or service processing parameter in the configuration implementation of a forward proxy server of the plurality of forward proxy servers, the forward proxy server of the plurality of forward proxy servers logs the request (a proxy instance, such as proxy instance 208 can generate an alert record. The alert record can record the time of the alert, the rule or signature that was matched, and other identifying information, such as the source and destination of the packets, and the like, [0043]) and prohibits the request (Should one or more packets of a stream match a network signature, the packet and all subsequent packets for that stream can be discarded or other actions performed according to the associated countermeasure, [0024]; When the network stream is determined to be malicious, packets of the network stream can be dropped and/or an alert can be generated, as indicated at 510, [0034]).
However, Good does not explicitly teach prohibiting the request from leaving the virtual private datacenter.
Landgraf teaches a forward proxy server prohibits a request from leaving the virtual private datacenter (perform various actions on a client requesting access to a denied network location. The action may be one or more of continuing to block all requests to a denied network location, [0051]; a block list, a black list, an allowed list, a white list, or the like that may provide a list of external network locations/applications that may or may not be accessed by the client facility, [0096]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to apply policies to packets being sent externally in the system/method of Good as suggested by Landgraf for added security. One would be motivated to combine these teachings to ensure that an enterprise’s sensitive information is not improperly transferred.
Regarding claim 9, Good teaches a method of providing enhanced security at a virtual private datacenter using a third-party gateway for security and privacy, the method comprising:
receiving network traffic at a load balancer of the third-party gateway for security and privacy (External load balancer 202 receives traffic from a plurality of end users 220, [0022]; receive a network stream originating at an end user. The network stream can be received from an external network, such as the Internet, at a load balancer, such as external load balancer 202, [0033]);
routing, by the load balancer, the received network traffic to a forward proxy server of a plurality of forward proxy servers (External load balancer 202 can send all the packets of a given stream to a single proxy instance, such as one of proxy instances 204, 206, or 208, [0022]; At 504, the load balancer can allocate the stream to a proxy instance, [0033]);
performing, by the forward proxy server of a plurality of forward proxy servers, layer seven network traffic processing on the received network traffic in accordance with one or more processing parameters included in a configuration implementation (At 506, the proxy instance can inspect and filter the network stream. For example, the proxy instance can perform deep packet inspection to identify malicious packets by inspecting any or all of network layers 3 to 7 (3-Network Layer, 4-Transport Layer, 5-Session Layer, 6-Presentation Layer, 7-Application Layer), [0034]); and
processing network traffic based on a new configuration implementation (The proxy instance 204 can receive a packet and processes it according to rules present in the Linux kernel iptables system, [0025]; the NAT instance 218, or another instance, can act as a master instance, propagated configuration and rule changes, software updates, and the like to the proxy instances 204, 206, and 208, [0032]; updates to the rules and/or the software being executed on the proxy instances may be needed. An administrator can push rule or configuration changes or software updates to a master instance, [0041]).
However, Good does not explicitly disclose wherein the network traffic is directed to a third-party host residing external to the virtual private datacenter in which the third-party gateway for security and privacy resides, wherein the network traffic is received from a service within the virtual private datacenter, or an egress rule update.
Landgraf teaches wherein network traffic is directed to a third-party host residing external to a virtual private datacenter in which a third-party gateway for security and privacy resides (a list of enterprise facility 102 external network locations/applications that may or may not be accessed by the client facility, [0038]; provide outbound gateway protection that can flexibly handle traffic, [0102]; The worker gateways 420, individually and collectively, may serve as a firewall gateway(s) for endpoints located in the first virtual private cloud 402 or other virtual private clouds 430, 432. In some implementations, the other virtual private clouds 430, 432, include clients 433 that may make outbound network requests, and load balancer gateways 435A-435D, generally 435, which communicate the outbound network traffic to the worker gateways 420 in the first virtual private cloud 402, [0103]), and wherein the network traffic is received from a service within the virtual private datacenter (policy management that may be able to control legitimate applications, such as VoIP, instant messaging, peer-to-peer file-sharing, and the like, that may undermine productivity and network performance within the enterprise facility 102, [0029]; determining if a client facility application should be granted access to a requested network location. The network location may be on the same network as the facility or may be on another network, [0048]); and
processing, in response to an egress rule update, network traffic based on a new configuration implementation (providing an outbound gateway system includes provisioning one or more worker gateways located in a first gateway virtual private cloud, the one or more worker gateways receiving configuration data from a controller gateway, [0005]; scan an outgoing file and verify that the outgoing file is permitted to be transmitted per the enterprise facility 102 rules and policies, [0046]; the network access rule facility 124 may provide updated rules and policies to the enterprise facility 102, [0050]; a policy management facility that may include a set of rules or policies for access and permissions for the gateway 304 and the endpoint 302, such as access permissions associated with the network, applications, external computer devices, [0096]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to configure rules on a gateway for network traffic being sent externally in the system/method of Good as suggested by Landgraf for added security. One would be motivated to combine these teachings to ensure that sensitive information is protected and not improperly transferred.
However, Good-Landgraf do not explicitly disclose a layer four load balancer.
Ramirez teaches the layer four load balancer (Layer 4 of the OSI model is the Transport layer, page 3, Layer 4 Proxy Mode; It works well for load balancing services, page 4).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a layer four load balancer in the system/method of Good-Landgraf as suggested by Ramirez to efficiently load balance communications based on transport layer packet information. One would be motivated to combine these teachings because not requiring inspection or modification of application data when distributing traffic allows for fast throughput of a large amount of traffic.
Regarding claim 10, Good teaches the method of claim 9, further comprising:
selecting, by the load balancer, the forward proxy server of the plurality of forward proxy servers to send the received network traffic for further processing based on configuration information associated with one or more processing parameters included in the configuration implementation (External load balancer 202 can send all the packets of a given stream to a single proxy instance, such as one of proxy instances 204, 206, or 208. In various embodiments, external load balancer 202 can allocate network streams to proxy instances 204, 206, and 208 according to the load experienced by each of the proxy instances. For example, if proxy instance 204 has the lowest load, the next incoming network stream can be allocated to proxy instance 204, [0022]; In some embodiments, the load balancer may not allocate additional streams to a proxy instance marked for destruction and when all the network streams being handled by the marked proxy instance end, the proxy instance can be terminated. Alternatively, the proxy instance can be marked for destruction and the network streams currently allocated to the marked proxy instance can be reallocated to the other proxy instances and the marked proxy instance can be destroyed, [0023]).
However, Good-Landgraf do not explicitly disclose a layer four load balancer.
Ramirez teaches the layer four load balancer (Layer 4 of the OSI model is the Transport layer, page 3, Layer 4 Proxy Mode; It works well for load balancing services, page 4).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a layer four load balancer in the system/method of Good-Landgraf as suggested by Ramirez to efficiently load balance communications based on transport layer packet information. One would be motivated to combine these teachings because not requiring inspection or modification of application data when distributing traffic allows for fast throughput of a large amount of traffic.
Claims 15 and 20 are rejected in view of the same rationale as claim 5.
Claim 16 is rejected in view of the same rationale as claim 9.
6. Claims 3 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Good-Landgraf-Ramirez in view of O’Tool, Jr. et al. (US 7,254,636).
Regarding claim 3, Good-Landgraf-Ramirez do not explicitly disclose the third-party gateway for security and privacy of claim 2, wherein when the portion of the received network traffic does not match at least one of a protocol, domain, origin, destination, or microservice that is specific to the determined at least one forward proxy server, the determined at least one forward proxy server routes the portion of the received network traffic to another different forward proxy server.
O’Tool teaches wherein when a portion of the received network traffic does not match at least one of a protocol, domain, origin, destination, or microservice that is specific to a determined at least one forward proxy server (the redundancy/dispatch module of the filer proxy looks up the network address in the table of network addresses and associated accepted file transfer protocols. Absence of the network address from this table indicates that a different filer proxy should be handling the request, column 14 lines 20-24), the determined at least one forward proxy server routes the portion of the received network traffic to another different forward proxy server (In that case, step 580, the filer proxy forwards the client request to another filer proxy. In the embodiment of the invention using WCCP, the filer proxy has data about the configuration of filer proxies in the network and is able to forward the client request on the basis of that information, column 14 lines 24-26).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for a proxy to forward a packet to another proxy in the system/method of Good-Landgraf-Ramirez as suggested by O’Tool when the initial proxy is not the most appropriate to handle the packet. One would be motivated to combine these teachings to ensure each communication is properly processed by the most suitable proxy.
Regarding claim 11, Good teaches the method of claim 9, further comprising:
routing, by the load balancer, other received network traffic to a second forward proxy server of the plurality of forward proxy servers (external load balancer 202 can allocate network streams to proxy instances 204, 206, and 208 according to the load experienced by each of the proxy instances. For example, if proxy instance 204 has the lowest load, the next incoming network stream can be allocated to proxy instance 204, [0022]).
However, Good-Landgraf do not explicitly disclose a layer four load balancer.
Ramirez teaches a layer four load balancer (Layer 4 of the OSI model is the Transport layer, page 3, Layer 4 Proxy Mode; It works well for load balancing services, page 4).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a layer four load balancer in the system/method of Good-Landgraf as suggested by Ramirez to efficiently load balance communications based on transport layer packet information. One would be motivated to combine these teachings because not requiring inspection or modification of application data when distributing traffic allows for fast throughput of a large amount of traffic.
However, Good-Landgraf-Ramirez do not explicitly disclose determining, by the second forward proxy server, that the other received network traffic does not match at least one of a protocol, domain, origin, destination, or microservice that is specific to the second forward proxy server, and routing, by the second forward proxy server, the other received network traffic to another different forward proxy server.
O’Tool teaches determining, by a second forward proxy server, that other received network traffic does not match at least one of a protocol, domain, origin, destination, or microservice that is specific to the second forward proxy server (the redundancy/dispatch module of the filer proxy looks up the network address in the table of network addresses and associated accepted file transfer protocols. Absence of the network address from this table indicates that a different filer proxy should be handling the request, column 14 lines 20-24); and
routing, by the second forward proxy server, the other received network traffic to another different forward proxy server (In that case, step 580, the filer proxy forwards the client request to another filer proxy. In the embodiment of the invention using WCCP, the filer proxy has data about the configuration of filer proxies in the network and is able to forward the client request on the basis of that information, column 14 lines 24-26).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for a proxy to forward a packet to another proxy in the system/method of Good-Landgraf-Ramirez as suggested by O’Tool when the initial proxy is not the most appropriate to handle the packet. One would be motivated to combine these teachings to ensure each communication is properly processed by the most suitable proxy.
7. Claims 4, 12 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Good-Landgraf-Ramirez in view of Salour et al. (US 10,021,120).
Regarding claim 4, Good teaches the third-party gateway for security and privacy of claim 1, wherein the plurality of forward proxy servers are configured to interrogate a configuration rules repository and determine if the new configuration implementation is available (the proxy instances may periodically check with the master instance to determine if changes need to be synchronized, [0042]), wherein when the new configuration implementation is available, each of the forward proxy servers of the plurality of forward proxy servers is configured to perform an update to the new configuration implementation (updates to the rules and/or the software being executed on the proxy instances may be needed. An administrator can push rule or configuration changes or software updates to a master instance, as indicated at 702, [0041]).
However, Good-Landgraf-Ramirez do not explicitly disclose performing the update to the new configuration implementation at a time that is different from at least one other forward server of the plurality of forward servers.
Salour teaches each of forward servers of a plurality of forward servers is configured to perform an update to a new configuration implementation at a time that is different from at least one other forward proxy server of the plurality of forward servers (the data replication manager 102 is configured to delay replication of modifications for different length of time specified for the data servers in the security profile 104, column 7 lines 40-43; A modification initially performed at the initial data server 110 may be performed in a first secondary data server (e.g., 120) after a first length of time specified in the security profile. The modification may also be performed in a second secondary data server (e.g., 130) after a second length of time specified in the security profile, column 7 lines 45-51).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed to make modifications to devices at different times in the system/method of Good-Landgraf-Ramirez as suggested by Salour in order to maintain at least one device operational at a given time. One would be motivated to combine these teachings because reconfiguring all devices at the same time could cause delays or errors in processing traffic.
Claims 12 and 17 are rejected in view of the same rationale as claim 4.
8. Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Good-Landgraf-Ramirez in view of Lopez et al. (US 2014/0143854).
Regarding claim 6, Good teaches the third-party gateway for security and privacy of claim 1, wherein the third- party gateway for security and privacy is configured to:
create a new forward proxy server in response to a received request (when the aggregate load across the proxy instances exceeds a maximum load threshold, additionally proxy instances can be created, [0023]); and
provide network traffic to the newly created forward proxy server (additional streams can be allocated to the new proxy instance, [0023]).
However, Good-Landgraf do not explicitly disclose a layer four load balancer.
Ramirez teaches the layer four load balancer (Layer 4 of the OSI model is the Transport layer, page 3, Layer 4 Proxy Mode; It works well for load balancing services, page 4).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize a layer four load balancer in the system/method of Good-Landgraf as suggested by Ramirez to efficiently load balance communications based on transport layer packet information. One would be motivated to combine these teachings because not requiring inspection or modification of application data when distributing traffic allows for fast throughput of a large amount of traffic.
However, Good-Landgraf-Ramirez do not explicitly disclose providing a configuration implementation to the newly created forward proxy server, or registering the newly created forward proxy server with the load balancer.
Lopez teaches a third- party gateway for security and privacy is configured to:
provide a configuration implementation to a newly created forward proxy server (when a new firewall security device, such as, firewall security device 208c is mounted in a slot which is a part of cluster 210a, switching device 106 sends one or more control messages to firewall security device 208c. The control messages are intended for configuring firewall security device 208c to enter into a load balancing mode., [0086]); and
register the newly created forward proxy server with a load balancer (after the successful reception of heartbeat signals, switching device 106 includes the data corresponding to the newly added firewall security device 208c in a load balancing table (not shown), [0090]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to configure and register newly added security devices in the system/method of Good-Landgraf-Ramirez as suggested by Lopez in order to efficiently track and manage the devices processing traffic flows. One would be motivated to combine these teachings to ensure that network security devices are properly configured and that network devices communicating with them maintain up to date information about their presence.
Claims 13 is rejected in view of the same rationale as claim 6.
9. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Good-Landgraf-Ramirez in view of Haugsnes (US 2015/0222656).
Regarding claim 8, Good does not explicitly disclose the third-party gateway for security and privacy of claim 1, wherein the third- party gateway for security and privacy is included in a system for providing enhanced security at a virtual private datacenter, the system including the virtual private datacenter including the third-party gateway for security and privacy, and application services configured to provide a request to the third-party gateway for security and privacy, the request being directed to the third-party host residing external to the virtual private datacenter.
Landgraf teaches wherein the third- party gateway for security and privacy is included in a system for providing enhanced security at a virtual private datacenter, a system including:
the virtual private datacenter including the third-party gateway for security and privacy (an outbound gateway system 400 includes a first virtual private cloud 402. The first virtual private cloud 402 may be configured in a cloud provider network, for example, as one or more security zones within a network provided by an infrastructure-as-a-service provider, or a private cloud network, or any other suitable network, [0103]); and
application services configured to provide a request to the third-party gateway for security and privacy (the first virtual private cloud 402 includes one or more controller gateways 410 and worker gateways 420A-420D, generally 420, which are used to control and/or inspect network traffic, and, for example, protect applications running on instances in the other virtual private clouds 430, 432, [0103]; clients 433 that may make outbound network requests, and load balancer gateways 435A-435D, generally 435, which communicate the outbound network traffic to the worker gateways 420, [0103]), the request being directed to the third-party host residing external to the virtual private datacenter (the clients 433 may be web servers or other servers that may make outbound network requests, and so benefit from worker gateway 420 protection, [0107]; The worker gateway 420A may examine the network traffic and as determined by applicable policy may forward traffic to the network 405 or another virtual private cloud, [0118]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to apply policies to data being communicated outside of a private network in the system/method of Good as suggested by Landgraf to ensure that sensitive information is not being inappropriately shared with external entities. One would be motivated to combine these teachings to enable secure access to services and applications outside of the private network.
However, Good-Landgraf-Ramirez do not explicitly disclose the system including a technology partner datacenter.
Haugsnes teaches a system including:
a technology partner datacenter including application services to provide a request to a third-party gateway (Each query can be received by a gateway 167 which, for example, services a number of sources of queries, such as third parties, different network providers or administrators, and so forth, [0049]; the "client network" can also encompass other third party networks, e.g., the networks of trusted business partners, customers of that client, contractors, semi-trusted networks of others (e.g., a foreign subsidiary of the client), and potentially other third parties, [0056]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to recognize third party partners in the system/method of Good-Landgraf-Ramirez as suggested by Haugsnes as a means by which a private organization can utilize trusted services and applications. One would be motivated to combine these teachings to support users of a private network having secure access to additional network services and resources.
10. Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Good-Landgraf-Ramirez-Salour in view of Lopez.
Claim 18 is rejected in view of the same rationale as claim 6.
Allowable Subject Matter
11. Claims 7, 14, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHU WOOLCOCK whose telephone number is (571)270-3629. The examiner can normally be reached Tuesday, Thursday 9-6 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chris Parry can be reached at 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
MADHU WOOLCOCK
Examiner
Art Unit 2451
/MADHU WOOLCOCK/Primary Examiner, Art Unit 2451