Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 7-19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dhanabalan et al. (US 2020/0186507) hereafter Dhanabalan.
7. Dhanabalan discloses a switch configured to relay data between a first combination of virtual private network (VPN) peers, the switch comprising:
a first circuit configured to:
encrypt 1-1 data or cause an application specific integrated circuit (ASIC) or a field- programmable gate array (FPGA) of a network interface connected to the switch to encrypt the 1-1 data, wherein the 1-1 data is from a 1-1 device that is one of the first combination of VPN peers (para the tunnel selector 515 (generally referring to the tunnel selector 515a-b) may select one or more of the communication tunnels 530a-n to send the packet 540 to make a tunnel selection 565 … the communication tunnels 530a-n may include at least one encrypted tunnel 530a, at least one unencrypted tunnel for payload data 530b, and/or at least one encrypted tunnel for header information 530c for instance, among others. The encrypted tunnel 530a may apply a cryptographic algorithm to the entirety of the packet 540. The unencrypted tunnel 530b may lack any encryption, and may lack any application of a cryptographic algorithm, operation and/or function to the payload data of the packet 540. The encrypted tunnel 530c may apply a cryptographic algorithm, operation and/or function to the header of the packet 540, digest/identification information of the packet 540, and/or other metadata .. each communication tunnel 530a-n may be established in accordance with any number of network protocols for point-to-point communications, such as the Generic Routing Encapsulation (GRE), virtual private network (VPN), Secure Sockets Layer virtual private network (SSLVPN), and Internet Protocol Security (IPSec), among others [encrypted tunnels provide encryption]; fig 5A); and
transmit the 1-1 data that has been encrypted to a 1-2 device via a network to transmit the 1-1 data by a VPN, wherein the 1-2 device is another one of the first combination of VPN peers (para 96, each communication tunnel 530a-n may be established in accordance with any number of network protocols for point-to-point communications, such as the Generic Routing Encapsulation (GRE), virtual private network (VPN), Secure Sockets Layer virtual private network (SSLVPN), and Internet Protocol Security (IPSec), among others [encrypted tunnels provide encryption]; fig 5A).
8. The switch according to claim 7, further comprising a second circuit configured to: decrypt 1-2 data transmitted by the VPN from the 1-2 device via the network; and transmit the 1-2 data that has been decrypted to the 1-1 device (para 95-96, the communication engine 520b running on the recipient network device 570 (generally referring to the communication engine 520a-b) may receive the packets 540 through the one or more communication tunnels 530a-n, and may reconstruct the packets 540′ to send to one of the clients 102 over the network 104 or one of the servers 106 over the network 104 [fig 5A and corresponding text, sender network device 535 may be the client-side appliance 200a or the server-side appliance 200b]).
9. The switch according to claim 7, further comprising a second circuit configured to: cause the ASIC or the FPGA of the network interface connected to the switch to decrypt 1-2 data transmitted by the VPN from the 1-2 device via the network (para 95-96, fig 5A, see above); and transmit the 1-2 data that has been decrypted to the 1-1 device (para 95-96, fig 5A, see above).
10. The switch according to claim 7, wherein the first circuit is further configured to: receive the 1-1 data from a first port connected to the 1-1 device (figs 5A and 5B, para 95-96); determine that the 1-1 data is a target of communication by a VPN (figs 5A and 5B, para 95-96); and transfer the 1-1 data that has been encrypted to a second port connected to the network (figs 5A and 5B, para 95-96).
11. The switch according to claim 7, wherein the first circuit is further configured to: encrypt second data from a 2-1 device according to a second rule different from a first rule for encrypting the 1-1 data, wherein the 2-1 device is one of a second combination of VPN peers (para 95-96, communication tunnel 530a-n may be established in accordance with any number of network protocols for point-to-point communications, such as the Generic Routing Encapsulation (GRE), virtual private network (VPN), Secure Sockets Layer virtual private network (SSLVPN), and Internet Protocol Security (IPSec), among others); or cause the ASIC or the FPGA of the network interface connected to the switch to encrypt the second data according to the second rule (fig 2, para 58).
12. The switch according to claim 11, wherein the first circuit is further configured to: transmit the second data that has been encrypted to a 2-2 device via the network to transmit the second data by a VPN, wherein the 2-2 device is another one of the second combination of VPN peers (figs 5A-5C and corresponding text).
13. The switch according to claim 8, further comprising a second circuit configured to: decrypts 1-2 data received from a second port connected to the network or cause the ASIC or the FPGA of the network interface connected to the switch to decrypt the 1-2 data and transfer the 1-2 data that has been decrypted to a first port connected to the 1-1 device when the 1-2 data is encrypted; and transfer the 1-2 data received from the second port to the first port without decrypting the 1-2 data when the 1-2 data is not encrypted (para 95-96; figs 5A-5C).
14. The switch according to claim 7, wherein the first circuit is configured to encrypt the 1-1 data, and includes a CPU that is configured to control an operation of the switch and encrypt the 1-1 data (figs 5A-5C and corresponding text).
15. Dhanabalan discloses a switch configured to relay data between a first combination of virtual private network (VPN) peers, the switch (para 58, fig 5A) comprising:
a first circuit (fig 2; para 58) configured to:
receive 1-1 data from a first port connected to a 1-1 device that is one of the first combination of VPN peers (figs 5A and 5B, para 95-96);
determine whether the 1-1 data is a target of communication by a VPN (para 95-96 , the tunnel selector 515 (generally referring to the tunnel selector 515a-b) may select one or more of the communication tunnels 530a-n to send the packet 540 to make a tunnel selection 565 … the communication tunnels 530a-n may include at least one encrypted tunnel 530a, at least one unencrypted tunnel for payload data 530b, and/or at least one encrypted tunnel for header information 530c for instance, among others. The encrypted tunnel 530a may apply a cryptographic algorithm to the entirety of the packet 540. The unencrypted tunnel 530b may lack any encryption, and may lack any application of a cryptographic algorithm, operation and/or function to the payload data of the packet 540. The encrypted tunnel 530c may apply a cryptographic algorithm, operation and/or function to the header of the packet 540, digest/identification information of the packet 540, and/or other metadata.);
in response to determining that the 1-1 data is the target of communication by the VPN, encrypt the 1-1 data or cause an application specific integrated circuit (ASIC) or a field- programmable gate array (FPGA) of a network interface connected to the switch to encrypt the 1-1 data and transfer the 1-1 data that has been encrypted to a second port connected to a network (para 96, each communication tunnel 530a-n may be established in accordance with any number of network protocols for point-to-point communications, such as the Generic Routing Encapsulation (GRE), virtual private network (VPN), Secure Sockets Layer virtual private network (SSLVPN), and Internet Protocol Security (IPSec), among others [encrypted tunnels provide encryption]; fig 5A); and
in response to determining that the 1-1 data is not the target of communication by the VPN, transfer the 1-1 data to the second port without encrypting the 1-1 data (para 95-96, unencrypted tunnel).
16. Dhanabalan discloses the switch according to claim 15, further comprising a second circuit configured to: decrypts 1-2 data received from a second port connected to the network or cause the ASIC or the FPGA of the network interface connected to the switch to decrypt the 1-2 data and transfer the 1-2 data that has been decrypted to a first port connected to the 1-1 device when the 1-2 data is encrypted; and transfer the 1-2 data received from the second port to the first port without decrypting the 1-2 data when the 1-2 data is not encrypted (para 95-96, the communication engine 520b running on the recipient network device 570 (generally referring to the communication engine 520a-b) may receive the packets 540 through the one or more communication tunnels 530a-n, and may reconstruct the packets 540′ to send to one of the clients 102 over the network 104 or one of the servers 106 over the network 104 [fig 5A and corresponding text, sender network device 535 may be the client-side appliance 200a or the server-side appliance 200b]).
17. Dhanabalan discloses the switch according to claim 15, wherein the first circuit is further configured to: encrypt second data from a 2-1 device according to a second rule different from a first rule for encrypting the 1-1 data, wherein the 2-1 device is one of a second combination of VPN peers (para 95-96, communication tunnel 530a-n may be established in accordance with any number of network protocols for point-to-point communications, such as the Generic Routing Encapsulation (GRE), virtual private network (VPN), Secure Sockets Layer virtual private network (SSLVPN), and Internet Protocol Security (IPSec), among others); or cause the ASIC or the FPGA of the network interface connected to the switch to encrypt the second data according to the second rule (fig 2, para 58).
18. Dhanabalan discloses the switch according to claim 17, wherein the first circuit is further configured to: transmit the second data that has been encrypted to a 2-2 device via the network to transmit the second data by a VPN, wherein the 2-2 device is another one of the second combination of VPN peers (figs 5A-5C and corresponding text).
19. Dhanabalan discloses the switch according to claim 15, wherein the first circuit is configured to encrypt the 1-1 data, and includes a CPU that is configured to control an operation of the switch and encrypt the 1-1 data (figs 5A-5C and corresponding text).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES R TURCHEN/ Primary Examiner, Art Unit 2439
Prosecution Insights