Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
Claims 21-40 are presented for examination.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/28/2024 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Drawings
The drawings filed on 08/28/2024 are accepted by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims of Patent # 12,081,529 contains every element of claims of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later patent claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim. See the claim comparison below.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Furthermore, the ODP is not the only outstanding rejection and the claims, if allowed, would improperly extend the "right to exclude" already granted in the patent. A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Claim Comparison
Instant Application # 18/817,596
US Patent # 12,081,529
21
An apparatus, comprising:
one or more processors; and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause the apparatus to perform operations comprising: identifying an encrypted flow;
comparing a characteristic of the encrypted flow to a threshold;
selecting a tunnel for the encrypted flow; and
transmitting the encrypted flow over the selected tunnel, wherein the selected tunnel is a header-less tunnel or a software-defined wide area network (SD-WAN) Internet Protocol Security (IPSec) tunnel.
1
1. A system, comprising:
one or more processors; and
one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising:
identifying an encrypted conversational flow; determining whether a duration of the encrypted conversational flow exceeds a threshold;
selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold; and
transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
1. Claims 21, 23, 25, 28, 30, 32, 35, 37, and 39 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dhanabalan et al. (US Publication No. 2020/0186507, hereinafter “Dhanabalan”).
Regarding claim 21, Dhanabalan does disclose an apparatus, comprising: one or more processors; and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause the apparatus to perform operations comprising: identifying an encrypted flow (Dhanabalan, (para. [0108]), the packet analyzer 505 may parse the packet 540 to identify the level of security of the cryptographic algorithm applied to the payload 550. …. The level of security of the cryptographic algorithm may include the type of cryptographic algorithm, operation and/or function, and a level of encryption (e.g., number of bits of encryption) for the cryptographic algorithm. To identify the level of security (sometimes herein referred to as the encryption level 555), the packet analyzer 505 may parse the header information 545 or other portion of the packet 540 to identify metadata or information included therein (sometimes generally referred to as metadata); (para. [0115]), where the encrypted tunnel 530c may apply the defined cryptographic algorithm, mechanism and/or function to the header information 545 delivered through the tunnel 530c); comparing a characteristic of the encrypted flow to a threshold (Dhanabalan, (para. [0114, 0113]), in comparing the levels of security, the tunnel selector 515 may identify a subset of communication tunnels 530a-n with a cryptographic algorithm matching the cryptographic algorithm of the threshold level of security. From the subset of communication tunnels 530a-n with the matching cryptographic algorithm, the tunnel selector 515 may select at least one communication tunnel 530a-n with a level of encryption greater than or equal to the threshold level of encryption. …, the tunnel selector 515 may select the encrypted tunnel 530a, responsive to the determination that the level of security identified from the packet 540 is less than the threshold level of security. …, the encrypted tunnel 530a may apply a cryptographic algorithm to the header information 545 and/or the payload 550 of the packet 540; (para. [0089]), where traffic distribution may be performed based on … …, stateless hash-based traffic distribution, link aggregation (LAG) protocols, or any other type and form of flow distribution, …); selecting a tunnel for the encrypted flow; and transmitting the encrypted flow over the selected tunnel, wherein the selected tunnel is a [header-less tunnel] or a software-defined wide area network (SD-WAN) Internet Protocol Security (IPSec) tunnel (Dhanabalan, (para. [0119, 0117]), the communication engine 520a may deliver, transmit, or otherwise communicate the payload 550 via the selected communication tunnel 530a-n with a defined cryptographic algorithm, mechanism and/or function, and a level of encryption less the level of encryption of the packet 540; (para. [0004]), where network nodes distributed across multiple sites may use site-to-site tunnels to communicate the packets through a software-defined wide-area network (SD-WAN)).
Regarding claim 23, Dhanabalan further discloses the apparatus of Claim 21, the operations further comprising: starting a flow-longevity timer when the encrypted flow is identified; and marking, if the flow-longevity timer expires while the encrypted flow is still active, the encrypted flow as long duration (Dhanabalan, (para. [0127]), the communication engines 520a and 520b each may maintain a timer to keep track of each connection. The communication engines 520a and 520b may identify a time of communication of each packet 540 for the connection. With the exchange of the packet 540, the communication engines 520a and 520b may start the timer to identify a time elapsed since the last communication of the packet 540. The communication engines 520a and 520b may compare the elapsed time to a connection timeout limit. The connection timeout limit may correspond to an amount of time at which the connection is to be terminated when no further packets 540 are exchanged. If the time elapsed is determined to be greater than the connection timeout limit, the communication engine 520a and 520b may determine that the connection associated with the packet 540 is no longer active or terminated).
Regarding claim 25, Dhanabalan further discloses the apparatus of Claim 21, the operations further comprising determining the tunnel for the encrypted flow in response to comparing the characteristic of the encrypted flow to the threshold (Dhanabalan, (para. [0113]), with the determination of the threshold level of security, the security engine 510 may compare the identified level of security of the cryptographic algorithm applied to the packet 540 with the threshold level of security; (para. [0089]), where traffic distribution may be performed based on … …, stateless hash-based traffic distribution, link aggregation (LAG) protocols, or any other type and form of flow distribution, …).
Regarding claim 28, the substance of the claimed invention is similar to that of claim 21. Accordingly, this claim is rejected under the same rationale.
Regarding claim 30, the substance of the claimed invention is similar to that of claim 23. Accordingly, this claim is rejected under the same rationale.
Regarding claim 32, the substance of the claimed invention is similar to that of claim 25. Accordingly, this claim is rejected under the same rationale.
Regarding claim 35, the substance of the claimed invention is similar to that of claim 21. Accordingly, this claim is rejected under the same rationale.
Regarding claim 37, the substance of the claimed invention is similar to that of claim 23. Accordingly, this claim is rejected under the same rationale.
Regarding claim 39, the substance of the claimed invention is similar to that of claim 25. Accordingly, this claim is rejected under the same rationale.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
2. Claims 22, 24, 26-27, 29, 31, 33-34, 36, 38, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Dhanabalan et al. (US Publication No. 2020/0186507, hereinafter “Dhanabalan”) in view of Markuze et al. (US Pub No. 2022/0166713, hereinafter “Markuze”).
Regarding claim 22, Dhanabalan does disclose, the apparatus of Claim 21, the operations further comprising: selecting the [header-less] tunnel for the encrypted flow when the characteristic is more than the threshold (Dhanabalan, (para. [0115]), the tunnel selector 515 may select the unencrypted tunnel for payload data 530b and the encrypted tunnel 530a or the encrypted tunnel for header information 530c, responsive to the determination that the level of security is greater than or equal to the threshold level of security); and selecting the SD-WAN IPsec tunnel for the encrypted flow when the characteristic is not more than the threshold (Dhanabalan, (para. [0114]), when packet 540 is determined to not meet or satisfy the threshold level of security, the tunnel selector 515 may select the at least one communication tunnel 530a-n with a defined level of security greater than or equal to the threshold level of security).
Dhanabalan does not explicitly disclose but the analogous art Markuze does disclose, selecting the header-less tunnel (Markuze, (para. [0025]), sending a flow of TCP packets through a tunnel-less SD-WAN).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dhanabalan by including selecting the header-less tunnel taught by Markuze for the advantage of not require replacing an outer encapsulation header in every single packet of a data flow (which could be millions of packets) at every intermediate node, nor does the present invention require a route lookup from a routing table at each intermediate node for every packet of every flow (Markuze, (para. [para. [0032]])).
Regarding claim 24, the combination of Dhanabalan-Markuze does disclose, the apparatus of Claim 21, wherein the encrypted flow is transmitted over the selected tunnel to an egress router (Markuze, (para. [0071]), the cloud forwarding element 535 is the MFN engine that is responsible for forwarding a data message flow to the next hop MFN's cloud forwarding element (CFE) when the data message flow has to traverse to another public cloud to reach its destination, or to an egress router in the same public cloud when the data message flow can reach its destination through the same public cloud).
Regarding claim 26, the combination of Dhanabalan-Markuze does disclose, the apparatus of Claim 21, the operations further comprising: removing one or more unencrypted fields from a packet of the encrypted flow prior to transmitting the encrypted flow over the selected tunnel (Markuze, (para. [0024, 0031, 0046]), where the first hop's prepended header includes the network addresses for each hop along the SD-WAN, each subsequent hop removes its network address from the prepended header, identifies the network address for the next hop along the SD-WAN, creates a record that stores the next-hop's network address for this flow, and forwards the prepended header (e.g., the first packet with the prepended header or the prepended packet flow) along to the next hop when the next hop is another hop along the SD-WAN).
Regarding claim 27, the combination of Dhanabalan-Markuze does disclose, the apparatus of Claim 21, wherein: The apparatus is an ingress router; and the characteristic is a conversational flow duration (Markuze, (para. [0019]), in a novel tunnel-less SD-WAN, when an ingress node of the SD-WAN (also referred to below as the “first hop”) receives a new packet flow, it identifies the path of the flow through the SD-WAN, and sends an initial prepended set of SD-WAN header values before the first packet for the flow to the next hop along this identified path, rather than encapsulating each packet of the flow with encapsulating tunnel headers that store SD-WAN next hop data for the flow).
Regarding claim 29, the substance of the claimed invention is similar to that of claim 22. Accordingly, this claim is rejected under the same rationale.
Regarding claim 31, the substance of the claimed invention is similar to that of claim 24. Accordingly, this claim is rejected under the same rationale.
Regarding claim 33, the substance of the claimed invention is similar to that of claim 26. Accordingly, this claim is rejected under the same rationale.
Regarding claim 34, the substance of the claimed invention is similar to that of claim 27. Accordingly, this claim is rejected under the same rationale.
Regarding claim 36, the substance of the claimed invention is similar to that of claim 22. Accordingly, this claim is rejected under the same rationale.
Regarding claim 38, the substance of the claimed invention is similar to that of claim 24. Accordingly, this claim is rejected under the same rationale.
Regarding claim 40, the substance of the claimed invention is similar to that of claim 26. Accordingly, this claim is rejected under the same rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Publication No. 2021/0006589, “a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow”.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Linglan Edwards can be reach on (571) 270-5440. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (In USA or Canada) or 571-272-1000.
/MORSHED MEHEDI/Primary Examiner, Art Unit 2408