HIGH PERFORMANCE ARCHITECTURE FOR CONVERGED SECURITY SYSTEMS AND APPLIANCES

§102 §103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority This application is a continuation of and claims priority to and the benefit of U.S. patent application Ser. No. 17/587,739, titled “HIGH PERFORMANCE ARCHITECTURE FOR CONVERGED SECURITY SYSTEMS AND APPLIANCES,” and filed on Jan. 28, 2022, the contents of all of which are hereby incorporated herein by reference in its entirety for all purposes. Information Disclosure Statement The information disclosure statement (IDS) submitted on 08/22/2024 was filed along with the mailing date of the Non-Provisional Patent Application on 08/22/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. DETAILED ACTION This Office Action is in response to a Non-Provisional Patent Application received on 08/22/2024. In the application, claims dated 10/15/2024 have been received. Claims 1-20 have been cancelled. Claims 21-40 have been added as new claims. For this Office Action, claims 21-40 (overall 20) have been received for consideration and have been examined. Specification Applicant’s submitted specification has been reviewed and found to be in compliance. Drawings Applicant’s submitted drawings have been reviewed and found to be in compliance. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a switch configured to” claim 21, “the single card is configured to” claim 30, “the plurality of security subsystems are configured to” claim 37, and “a switch configured to” claim 39. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 21, 30, 37, and 39 are rejected under 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph, because the claim purports to invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, but fails to recite a combination of elements as required by that statutory provision and thus cannot rely on the specification to provide the structure, material or acts to support the claimed function. As such, the claim recites a function that has no limits and covers every conceivable means for achieving the stated function, while the specification discloses at most only those means known to the inventor. Accordingly, the disclosure is not commensurate with the scope of the claim. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 21, 30, 37, and 39 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. “a switch configured to” claim 21, “the single card is configured to” claim 30, “the plurality of security subsystems are configured to” claim 37, and “a switch configured to” claim 39 invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph. Applicant may: (a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph; (b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)). If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: (a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181. Dependent claims inherit these deficiencies. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 21-27, and 29-39 are rejected under 35 U.S.C. 102(a)(1) & (a)(2) as being anticipated by Cook et al., (US20130343207A1). Regarding claim 21, Cook discloses: A system comprising: one or more cards comprising ([0098] FIG. 3 illustrates an example configuration of a network testing system 16, according to example embodiments. Network testing system 16 may include a chassis 50 including any suitable number of slots 52, each configured to receive a modular card, or blade, 54. A card or blade 54 may comprise one or more printed circuit boards (e.g., PCB 380 discussed below). For example, as shown, chassis 50 may include Slot 0 configured to receive Card 0, Slot 1 configured to receive Card 1, . . . and Slot n configured to receive Card n, where n equals any suitable number, e.g., 1, 2, 3, 4, 5, 7, or more): a plurality of networking subsystems (i.e., Multiple capture and offload configurable logic device (CLDs) 102A and router (CLDs) 102B; FIG. 9A), each of the plurality of networking subsystems having a plurality of network processing engines ([0259] (d) Multiple capture and offload CLDs 102A and router CLDs 102B configured to route traffic between the Ethernet MACs 130 and the network processors 105 and to perform packet acceleration offload tasks); and a plurality of security subsystems (i.e., “security engine” 150), each of the plurality of security subsystems having a plurality of security processing engines ([0260] (e) A “security engine” 150 comprising software 150 configured to generate malicious application traffic and to verify its effectiveness. Security engine 150 may be provided on a network processor 105 and/or controller 106, and is thus indicated by dashed lines in FIG. 9A; [0263] As mentioned above, security engine 150 may be provided on a network processor 105 and/or controller 106); and a switch (i.e., switch 110) configured to distribute network traffic of the plurality of networking subsystems for security processing between at least two of the plurality of security subsystems ([0101] Each architecture 100 may include a system controller, one or more network processors, and one or more CLDs connected to a management switch 110 (and any other suitable components, e.g., memory devices, communication interfaces, etc.). Cards 54 may be communicatively coupled to each other via the backplane 56 and management switches 110 of the respective cards 54, as shown in FIG. 3). Regarding claim 22, Cook discloses: The system of claim 1, wherein the plurality of network processing engines of each networking subsystem of the plurality of networking systems are interconnected and configured as a pipeline ([0099-0101] & [0119]). Regarding claim 23, Cook discloses: The system of claim 1, wherein the one or more cards comprises a single card with a PCI (Peripheral Component Interconnect) based interface ([0175]). Regarding claim 24, Cook discloses: The system of claim 1, wherein each of the plurality of security subsystems are external from and coupled to the plurality of networking subsystems ([0099-0101]). Regarding claim 25, Cook discloses: The system of claim 1, wherein the one or more cards are configured to be deployed in a server ([0358]). Regarding claim 26, Cook discloses: The system of claim 1, wherein each of the plurality of security subsystems are coupled to the plurality of network subsystems via an Ethernet interface ([0106-0107]). Regarding claim 27, Cook discloses: The system of claim 1, wherein the switch is configured to distribute network traffic to balance security processing between the at least two of the plurality of security subsystems ([0245], & [0412-0413]). Regarding claim 29, Cook discloses: The system of claim 1, wherein the plurality of security processing engines of each security subsystems of the plurality of security subsystems are interconnected and configured in a plurality of parallel processing pipelines ([0176]). Regarding claim 30, Cook discloses: A system comprising: a single card deployable within a chassis ([0099] Each card 54 may be plugged into a backplane 56, which may include physical connections 60 for communicatively connecting cards 54 to each other, as discussed below), the single card comprising: a plurality of networking subsystems having a plurality of network processing engines ([0259] (d) Multiple capture and offload CLDs 102A and router CLDs 102B configured to route traffic between the Ethernet MACs 130 and the network processors 105 and to perform packet acceleration offload tasks); and a plurality of security subsystems having a plurality of security processing engines and coupled to the plurality of networking subsystems ([0260] (e) A “security engine” 150 comprising software 150 configured to generate malicious application traffic and to verify its effectiveness. Security engine 150 may be provided on a network processor 105 and/or controller 106, and is thus indicated by dashed lines in FIG. 9A; [0263] As mentioned above, security engine 150 may be provided on a network processor 105 and/or controller 106); wherein the single card is configured to connect via a communications backplane to one or more physical communication interfaces positioned on the chassis ([0101] Each architecture 100 may include a system controller, one or more network processors, and one or more CLDs connected to a management switch 110 (and any other suitable components, e.g., memory devices, communication interfaces, etc.). Cards 54 may be communicatively coupled to each other via the backplane 56 and management switches 110 of the respective cards 54, as shown in FIG. 3. In some embodiments, backplane 56 include physical connections for connecting each card 54 directly to each other card 54); and wherein the plurality of networking subsystems configured to couple to the one or more physical communication interfaces ([0098] FIG. 3 illustrates an example configuration of a network testing system 16, according to example embodiments. Network testing system 16 may include a chassis 50 including any suitable number of slots 52, each configured to receive a modular card, or blade, 54; [0099] Each card 54 may be plugged into a backplane 56, which may include physical connections 60 for communicatively connecting cards 54 to each other, as discussed below; [0101] Each architecture 100 may include a system controller, one or more network processors, and one or more CLDs connected to a management switch 110 (and any other suitable components, e.g., memory devices, communication interfaces, etc.). Cards 54 may be communicatively coupled to each other via the backplane 56 and management switches 110 of the respective cards 54, as shown in FIG. 3. In some embodiments, backplane 56 include physical connections for connecting each card 54 directly to each other card 54). Regarding claim 31, Cook discloses: The system of claim 10, wherein the plurality of network processing engines of each networking subsystem of the plurality of networking systems are interconnected and configured as a pipeline ([0099-0101] & [0119]). Regarding claim 32, Cook discloses: The system of claim 10, wherein the plurality of security processing engines of each security subsystem of the plurality of networking systems are interconnected ([0176]). Regarding claim 33, Cook discloses: The system of claim 10, wherein the chassis is configured to be deployed into a rack mount of a server ([0066] & [0099]). Regarding claim 34, Cook discloses: The system of claim 10, further comprising a switch configured to manage packet flow across the communications backplane ([0101]). Regarding claim 35, Cook discloses: The system of claim 10, wherein the plurality of security subsystems are configured to couple to the plurality of networking subsystems via an Ethernet or fabric interface ([0106-0107]). Regarding claim 36, Cook discloses: A system comprising (FIG. 3; [0098] FIG. 3 illustrates an example configuration of a network testing system 16, according to example embodiments. Network testing system 16 may include a chassis 50 including any suitable number of slots 52, each configured to receive a modular card, or blade, 54; [0099] Each card 54 may be plugged into a backplane 56, which may include physical connections 60 for communicatively connecting cards 54 to each other, as discussed below): a first card (i.e., Multiple capture and offload CLDs 102A and router CLDs 102B; FIG. 9A) deployable within a chassis, the first card comprising: a plurality of networking subsystems having a plurality of network processing engines ([0259] (d) Multiple capture and offload CLDs 102A and router CLDs 102B configured to route traffic between the Ethernet MACs 130 and the network processors 105 and to perform packet acceleration offload tasks); and a second card (i.e., “security engine” 150) deployable within the chassis, the second card comprising: a plurality of security subsystems having a plurality of security processing engines and coupled to the plurality of networking subsystems ([0260] (e) A “security engine” 150 comprising software 150 configured to generate malicious application traffic and to verify its effectiveness. Security engine 150 may be provided on a network processor 105 and/or controller 106, and is thus indicated by dashed lines in FIG. 9A; [0263] As mentioned above, security engine 150 may be provided on a network processor 105 and/or controller 106); wherein the first card and the second card are configured to connect via a communications backplane to one or more physical communication interfaces positioned on the chassis ([0098] FIG. 3 illustrates an example configuration of a network testing system 16, according to example embodiments. Network testing system 16 may include a chassis 50 including any suitable number of slots 52, each configured to receive a modular card, or blade, 54; [0099] Each card 54 may be plugged into a backplane 56, which may include physical connections 60 for communicatively connecting cards 54 to each other, as discussed below; [0101] Each architecture 100 may include a system controller, one or more network processors, and one or more CLDs connected to a management switch 110 (and any other suitable components, e.g., memory devices, communication interfaces, etc.). Cards 54 may be communicatively coupled to each other via the backplane 56 and management switches 110 of the respective cards 54, as shown in FIG. 3. In some embodiments, backplane 56 include physical connections for connecting each card 54 directly to each other card 54). Regarding claim 37, Cook discloses: The system of claim 16, wherein the plurality of security subsystems are configured to couple to the plurality of networking subsystems via an Ethernet or fabric interface provided via the one or more physical communication interfaces ([0106-0107]). Regarding claim 38, Cook discloses: The system of claim 16, wherein the plurality of network processing engines of each networking subsystem of the plurality of networking systems are interconnected and configured as a pipeline ([0099-0101] & [0119]). Regarding claim 39, Cook discloses: The system of claim 16, further comprising a switch configured to manage packet flow across the communications backplane between the first card and the second card ([0099] & [0101]). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 28, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Cook et al., (US20130343207A1) in view of Bailey et al., (US7689821B2). Regarding claim 28, Cook discloses: The system of claim 1, wherein the plurality of networking subsystems Cook fails to disclose: a first device comprising a first clock and a second device comprises a second clock. However, Bailey discloses: a first device comprising a first clock and a second device comprises a second clock (Claim 1; Limitation # 7; wherein in a first configuration of the plurality of configurations a given one of the signal lines is sampled using a first one of the clock signals having a first clock rate associated with a first one of the interface clock domains; wherein in a second configuration of the plurality of configurations the given one of the signal lines is sampled using a second one of the clock signals having a second clock rate associated with a second one of the interface clock domains, the second clock rate being different than the first clock rate; Col. 6, Line # 23-32; FIG. 4A shows this first configuration comprising an interface 105-1 between a single physical layer device 106-1 and network processor 102. More specifically, the physical layer device 106-1 comprises a conventional packet framer coupled to network processor 102 via a standard 32-bit POS-PHY 3 interface 105-1 operating at a data rate of 2.4 Gigabits per second (Gb/s). In this example, the port clock runs at a clock rate up to 100 MHz, which supports an OC-48 data rate, although other clock rates and data rates could of course be used in other embodiments). It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the architectural network design of Cook and include a network processor which is able operate the network interfaces at different clock rates, as disclosed by Bailey. The motivation to incorporate such processor functionality is to provide a network processor having interface circuitry which provides configurable association between signal lines of an interface and different interface clock domains of the processor. Claim 40 is a system claim and recites similar subject matter as claim 28, and therefore rejected under similar ground of rejection. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at (571) 272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SYED M AHSAN/Primary Examiner, Art Unit 2491