Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor
to file provisions of the AIA .
Detailed Action
2. Claims 1-20 are pending in Instant Application.
Information Disclosure Statement
3. The information disclosure statement (IDS) submitted on 12/17/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
4. Applicant's arguments filed 12/22/2025 have been fully considered but they are not persuasive. Below is examiner’s response to the arguments:
Applicant: applicant’s representative argues that “Kreger-Stickles fails to show or suggest at least "establish[ing] a layer-2 virtual interface for the edge application using a tunnel to encapsulate layer-2 traffic over the layer-3 virtual private network," as recited in claim 1”.
Examiner: claim limitation teaches “establish a layer-2 virtual interface for the edge application using a tunnel to encapsulate layer-2 traffic over the layer-3 virtual private network”.
Kreger, ¶ 0137, teaches each compute instance that is part of a VCN is associated with a VNIC that enables the compute instance to become a member of a subnet of the VCN. The VNIC associated with a compute instance facilitates the communication of packets or frames (layer-2 data) to and from the compute instance. ¶ 0112, teaches the processing performed by the VNIC associated with the source compute instance can include determining destination information for the packet from the packet headers, identifying any policies (e.g., security lists) configured for the VNIC associated with the source compute instance, determining a next hop for the packet and performing any packet encapsulation functions as needed (encapsulating layer-2 traffic).
So, Kreger teaches the claim limitation about encapsulating layer-2 traffic.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
5. Claims 1-20 are rejected under 35 U.S.C. 102 (a) (1) as being anticipated by US 2023/0133380 issued to Kreger-Stickles et al. (Kreger) (Applicant IDS).
As per claim 1, Kreger teaches a system, comprising: a cloud provider network comprising at least one computing device configured to execute an edge application for a customer (Kreger: Figure 1 – notations (102), (118), (124), (134), (138); Figure 2 – notations (102), (118), (124), (134), (138); ¶ 0038 – Each tunnel VM (116, 122) and resource VM (130, 132) is additionally configured with a host manager (118, 134) respectively. The host managers (118, 134) represent processes executing on the tunnel VMs and the resource VMs. The host managers (118 or 134) may implement API's that are used to create the tunnel and resource shards); a customer premises network of the customer that uses private network addresses and is separated from a public network by a gateway (Kreger: Figure 1 – notation (106); Figure 2 – notation (106); Figure 6 – notation (616); ¶ 0042 – FIG. 2 depicts additional details of the operations performed by the systems and subsystems shown in FIG. 1 for providing secure private network connectivity to a customer's external resources residing in a customer's on premise network from the customer's VCN hosted by the CSPI (cloud service provider infrastructure)); and an edge customer premises equipment (CPE) device on the customer premises network (Kreger: Figure 1 – notation (112); Figure 2 – notation (112); Figure 6 – notation (626)), wherein the edge CPE device is configured to at least: establish a layer-3 virtual private network between the cloud provider network and the customer premises network (Kreger: ¶ 0044, ¶ 0045, ¶ 0117 – the VPN connection utilizes a secure tunneling protocol (e.g., the open VPN protocol) to establish secure private network connectivity to the SNCS 104 via the Internet 110. When the external gateway appliance 112 is installed in the external site representation 106, an agent 204 executing in the external gateway appliance 112 starts a bootstrap process to activate itself with the SNCS 104 by passing information such as a compartment identifier associated with the external gateway appliance 112 and an external site representation identifier in a configuration file to the SNCS 104); establish a layer-2 virtual interface for the edge application using a tunnel to encapsulate layer-2 traffic over the layer-3 virtual private network (Kreger: ¶ 0137 - teaches each compute instance that is part of a VCN is associated with a VNIC that enables the compute instance to become a member of a subnet of the VCN. The VNIC associated with a compute instance facilitates the communication of packets or frames (layer-2 data) to and from the compute instance; ¶ 0112 - teaches the processing performed by the VNIC associated with the source compute instance can include determining destination information for the packet from the packet headers, identifying any policies (e.g., security lists) configured for the VNIC associated with the source compute instance, determining a next hop for the packet and performing any packet encapsulation functions as needed (encapsulating layer-2 traffic)); and connect a client device outside of the cloud provider network to the customer premises network via the layer-3 virtual private network (Kreger: ¶ 0053, ¶ 0124 - ¶ 0127 – Compute instances in the private subnet can then use the PE VNIC's private IP address or the service DNS name to access the service. Compute instances in the customer VCN can access the service by sending traffic to the private IP address of the PE in the customer VCN).
As per claim 2, Kreger teaches the system of claim 1, wherein the edge application processes data generated by an Internet of Things (IoT) device on the customer premises network, and the client device accesses the processed data from the edge application via the customer premises network (Kreger: Fig. 1, Fig. 2, ¶ 0038 – the host managers (118, 134) may be stateless and operate in an imperative mode (i.e., as a sequence of commands for the host manager to perform) by receiving instructions from a user (via APIs 108) regarding the type of shard (tunnel or resource shard) to be created and) the specific configuration of the shard. The host managers may additionally be responsible for collecting and monitoring the status of the tunnel shards and the resource shards).
As per claim 3, Kreger teaches the system of claim 1, wherein the edge application stores data generated by an Internet of Things (IoT) device on the customer premises network, and the client device accesses the stored data via the customer premises network (Kreger: Fig. 1, Fig. 2, ¶ 0038 – the host managers (118, 134) may be stateless and operate in an imperative mode (i.e., as a sequence of commands for the host manager to perform) by receiving instructions from a user (via APIs 108) regarding the type of shard (tunnel or resource shard) to be created and) the specific configuration of the shard. The host managers may additionally be responsible for collecting and monitoring the status of the tunnel shards and the resource shards).
As per claim 4, Kreger teaches the system of claim 1, wherein the client device is assigned a network address on the customer premises network (Kreger: ¶ 0034 – a customer of the CSPI can securely access the external resource residing in their on-premise network from within their VCN by connecting to the IP address assigned to the VNIC. The SNCS 104 enables a customer of the CSPI 102 to securely access an external resource residing in their on-premise network without requiring the customer to set up elaborate site-to-site networking).
As per claim 5, Kreger teaches the system of claim 1, wherein the edge CPE device forwards network traffic between the edge application and the client device (Kreger: ¶ 0037 – the resource VM-1130 is used to run a resource shard 136 and the resource VM-2 132 is used to run a resource shard 140 for the tenant/customer. A resource shard may be used to receive traffic from the customer's VCN and forward it to the customer's external resource in the external site representation).
As per claim 6, Kreger teaches the system of claim 1, wherein the client device is connected to the customer premises network via the layer-3 virtual private network by the client device connecting to a virtual private network server executed in the cloud provider network (Kreger: ¶ 0116 – a communication channel 624 is set up where one endpoint of the channel is in customer on-premise network 616 and the other endpoint is in CSPI 601 and connected to customer VCN (Virtual Cloud Network)).
As per claim 7, Kreger teaches the system of claim 1, wherein the client device is connected to the customer premises network via the layer-3 virtual private network by the client device connecting to a virtual private network server executed on the edge CPE device (Kreger: Fig. 6 (notation 626)).
As per claim 8, Kreger teaches a computer-implemented method, comprising: establishing a layer-3 virtual private network between a cloud provider network and a customer premises network of a customer (Kreger: ¶ 0044, ¶ 0045, ¶ 0117 – the VPN connection utilizes a secure tunneling protocol (e.g., the open VPN protocol) to establish secure private network connectivity to the SNCS 104 via the Internet 110. When the external gateway appliance 112 is installed in the external site representation 106, an agent 204 executing in the external gateway appliance 112 starts a bootstrap process to activate itself with the SNCS 104 by passing information such as a compartment identifier associated with the external gateway appliance 112 and an external site representation identifier in a configuration file to the SNCS 104); establishing a layer-2 virtual interface for an edge application executed on the cloud provider network using a tunnel to encapsulate layer-2 traffic over the layer-3 virtual private network (Kreger: ¶ 0137 - teaches each compute instance that is part of a VCN is associated with a VNIC that enables the compute instance to become a member of a subnet of the VCN. The VNIC associated with a compute instance facilitates the communication of packets or frames (layer-2 data) to and from the compute instance; ¶ 0112 - teaches the processing performed by the VNIC associated with the source compute instance can include determining destination information for the packet from the packet headers, identifying any policies (e.g., security lists) configured for the VNIC associated with the source compute instance, determining a next hop for the packet and performing any packet encapsulation functions as needed (encapsulating layer-2 traffic)); and connecting a client device outside of the cloud provider network to the customer premises network via the layer-3 virtual private network (Kreger: ¶ 0053, ¶ 0124 - ¶ 0127 – Compute instances in the private subnet can then use the PE VNIC's private IP address or the service DNS name to access the service. Compute instances in the customer VCN can access the service by sending traffic to the private IP address of the PE in the customer VCN).
As per claim 9, the claim resembles claim 4 and is rejected under the same rationale.
As per claim 10, the claim resembles claim 5 and is rejected under the same rationale.
As per claim 11, the claim resembles claim 6 and is rejected under the same rationale.
As per claim 12, the claim resembles claim 7 and is rejected under the same rationale.
As per claim 13, Kreger teaches a computer-implemented method, comprising: assigning a first layer-3 network address on a customer premises network to an edge application executed on a cloud provider network (Kreger: ¶ 0034 – a customer of the CSPI can securely access the external resource residing in their on-premise network from within their VCN by connecting to the IP address assigned to the VNIC. The SNCS 104 enables a customer of the CSPI 102 to securely access an external resource residing in their on-premise network without requiring the customer to set up elaborate site-to-site networking); assigning a second layer-3 network address on the customer premises network to a remote client device connected to the customer premises network via a virtual private network connection (Kreger: ¶ 0116 – a communication channel 624 is set up where one endpoint of the channel is in customer on-premise network 616 and the other endpoint is in CSPI 601 and connected to customer VCN (Virtual Cloud Network)); and forwarding data on the customer premises network between the remote client device and the edge application (Kreger: ¶ 0037 – the resource VM-1130 is used to run a resource shard 136 and the resource VM-2 132 is used to run a resource shard 140 for the tenant/customer. A resource shard may be used to receive traffic from the customer's VCN and forward it to the customer's external resource in the external site representation).
As per claim 14, Kreger teaches the computer-implemented method of claim 13, further comprising: managing, by the edge application, an Internet-of-Things (IoT) device on the customer premises network; and wherein the data relates to the IoT device (Kreger: Fig. 1, Fig. 2, ¶ 0038 – the host managers (118, 134) may be stateless and operate in an imperative mode (i.e., as a sequence of commands for the host manager to perform) by receiving instructions from a user (via APIs 108) regarding the type of shard (tunnel or resource shard) to be created and) the specific configuration of the shard. The host managers may additionally be responsible for collecting and monitoring the status of the tunnel shards and the resource shards).
As per claim 15, Kreger teaches the computer-implemented method of claim 13, further comprising executing a virtual private network server on an edge device of the customer premises network to provide the virtual private network connection (Kreger: Fig. 6 (notation 626)).
As per claim 16, Kreger teaches the computer-implemented method of claim 13, further comprising executing a virtual private network server in the cloud provider network to provide the virtual private network connection (Kreger: ¶ 0116 – a communication channel 624 is set up where one endpoint of the channel is in customer on-premise network 616 and the other endpoint is in CSPI 601 and connected to customer VCN (Virtual Cloud Network)).
As per claim 17, Kreger teaches the computer-implemented method of claim 13, wherein the first layer-3 network address and the second layer-3 network address are assigned dynamically by a dynamic host configuration protocol (DHCP) server on the customer premises network (Kreger: ¶ 0100 – route tables, security rules, and DHCP options may be configured for a VCN).
As per claim 18, Kreger teaches the computer-implemented method of claim 13, further comprising connecting the edge application with the customer premises network by a tunnel to encapsulate layer-2 traffic over a layer-3 virtual private network between the cloud provider network and the customer premises network (Kreger: ¶ 0053, ¶ 0124 - ¶ 0127 – Compute instances in the private subnet can then use the PE VNIC's private IP address or the service DNS name to access the service. Compute instances in the customer VCN can access the service by sending traffic to the private IP address of the PE in the customer VCN).
As per claim 19, Kreger teaches the computer-implemented method of claim 13, further comprising forwarding other data on the customer premises network between the remote client device and an edge device on the customer premises network (Kreger: ¶ 0037 – the resource VM-1130 is used to run a resource shard 136 and the resource VM-2 132 is used to run a resource shard 140 for the tenant/customer. A resource shard may be used to receive traffic from the customer's VCN and forward it to the customer's external resource in the external site representation).
As per claim 20, Kreger teaches the computer-implemented method of claim 13, further comprising connecting the remote client device to an Internet-of-Things (IoT) device via a hardware radio interface in an edge device on the customer premises network (Kreger: ¶ 0225 – communications subsystem 1524 provides an interface to other computer systems and networks. Communications subsystem 1524 serves as an interface for receiving data from and transmitting data to other systems from computer system 1500. For example, communications subsystem 1524 may enable computer system 1500 to connect to one or more devices via the Internet wherein communications subsystem 1524 can include radio frequency (RF) transceiver components for accessing wireless voice and/or data networks (e.g., using cellular telephone technology, advanced data network technology, such as 3G, 4G or EDGE (enhanced data rates for global evolution), WiFi (IEEE 802.11 family standards, or other mobile communication technologies, or any combination thereof)).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136 (a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SM AZIZUR RAHMAN whose telephone number is (571)270-7360. The examiner can normally be reached on M-F Telework;
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached on 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SM A RAHMAN/Primary Examiner, Art Unit 2434