Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsCisco Technology Inc. › 18901354
Last updated: April 19, 2026
Application No. 18/901,354

AUTOMATIC ENCRYPTION FOR CLOUD-NATIVE WORKLOADS

Non-Final OA §103§112§DP
Filed
Sep 30, 2024
Examiner
MCNALLY, MICHAEL S
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
Cisco Technology Inc.
OA Round
1 (Non-Final)
90%
Grant Probability
Favorable
1-2
OA Rounds
2y 8m
To Grant
98%
With Interview

Interview Optional

+8.7% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 1060 resolved cases, 2023–2026

Examiner Intelligence

MCNALLY, MICHAEL S View full profile →
Grants 90% — above average
90%
Career Allow Rate
950 granted / 1060 resolved
+31.6% vs TC avg
Moderate +9% lift
Without
With
+8.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
17 currently pending
Career history
1077
Total Applications
across all art units

Statute-Specific Performance

§101
11.2%
-28.8% vs TC avg
§103
36.8%
-3.2% vs TC avg
§102
22.5%
-17.5% vs TC avg
§112
13.7%
-26.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1060 resolved cases

Office Action

§103 §112 §DP
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Information Disclosure Statement The information disclosure statement (IDS) submitted on 30 September 2024 has been considered by the examiner. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 17 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 17 recites the limitation " the L3 encrypted tunnel" in Lines 1-2. There is insufficient antecedent basis for this limitation in the claim. Examiner believes this to be a typographical error and that it should be “the L2 encrypted tunnel”. For the purposes of examination, Examiner will treat claim 17 as such. Appropriate correction is required. Claim Objections Applicant is advised that should claim 17 (when corrected to correct the antecedent basis issue above) be found allowable, claim 20 will be objected to under 37 CFR 1.75 as being a substantial duplicate thereof. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m). Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-6, 8-11, 13-17 and 19-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 12,192,186. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application represent a broadening and obvious variation of the claims of the ‘186 Patent. As to claim 1, the ‘186 Patent discloses a method comprising (Claim 1: A method comprising): receiving, from a first pod hosting a first container associated with a microservices application, traffic that is to be sent to a second pod (Claim 1: receiving, from a first pod hosting a first container associated with a microservices application, traffic that is to be sent to a second pod); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Claim 1: determining that Layer-7 (L7) data within the traffic is unencrypted); and based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second pod via a Layer-2 (L2) encrypted tunnel between the first pod and the second pod (Claim 1: and based at least in part on the L7 data being unencrypted, causing the traffic to be sent to the second pod via a Layer-3 (L3) encrypted tunnel between the first pod and the second pod. Examiner note: While the ‘186 Patent discloses an L3 encrypted tunnel rather than an L2 encrypted tunnel, the choice of layer at which to create the encrypted tunnel is an obvious variation as there are a small number of layers in the OSI model at which to create an encrypted tunnel). As to claim 2, the ‘186 Patent discloses the method of claim 1, wherein the first pod is running on a first node associated with an orchestration system for managing containerized microservices applications (Claim 2: The method of claim 1, wherein the first pod is running on a first node associated with an orchestration system for managing containerized microservices applications.). As to claim 3, the ‘186 Patent discloses the method of claim 2, wherein the second pod is running on a second node associated with the orchestration system (Claim 3: The method of claim 2, wherein the second pod is running on a second node associated with the orchestration system). As to claim 4, the ‘186 Patent discloses the method of claim 1, wherein the second pod is hosting a second container associated with at least one of the microservices application or another microservices application (Claim 4: The method of claim 1, wherein the second pod is hosting a second container associated with at least one of the microservices application or another microservices application.). As to claim 5, the ‘186 Patent discloses the method of claim 1, wherein the method is performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first pod (Claim 5: The method of claim 1, wherein the method is performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first pod). As to claim 6, the ‘186 Patent discloses the method of claim 1, wherein the L2 encrypted tunnel between the first pod and the second pod is established by an agent executing on a same node as at least one of the first pod or the second pod (Claim 6: The method of claim 1, wherein the L3 encrypted tunnel between the first pod and the second pod is established by an agent executing on a same node as at least one of the first pod or the second pod. Examiner note: See also Examiners Note in the rejection of claim 1). As to claim 8, the ‘186 Patent discloses the method of claim 1, wherein determining that the data within any of L3-L7 is unencrypted is based at least in part on inspecting a first packet of the traffic (Claim 9: The method of claim 1, wherein determining that the L7 data within the traffic is unencrypted is based at least in part on inspecting a first packet of the traffic.). As to claim 9, the ‘186 Patent discloses a system comprising (Claim 10: A system comprising): one or more processors (Claim 10: one or more processors); and one or more non-transitory computer-readable media storing instructions that, when executed, cause the one or more processors to perform operations comprising (Claim 10: and one or more non-transitory computer-readable media storing instructions that, when executed, cause the one or more processors to perform operations comprising): receiving, from a first container host of an orchestration system for managing containerized microservices applications, traffic that is to be sent to a second container host of the orchestration system, the first container host and the second container host each hosting a container associated with a microservices application (Claim 10: receiving, from a first container host of an orchestration system for managing containerized microservices applications, traffic that is to be sent to a second container host of the orchestration system, the first container host and the second container host each hosting a container associated with a microservices application); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Claim 10: determining that Layer-7 (L7) data within the traffic is unencrypted, wherein determining that the L7 data within the traffic is unencrypted is based at least in part on inspecting a first packet of the traffic); and based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second container host via a Layer-2 (L2) encrypted tunnel between the first container host and the second container host (Claim 10: and based at least in part on the L7 data being unencrypted, causing the traffic to be sent to the second container host via a Layer-3 (L3) encrypted tunnel between the first container host and the second container host. Examiner note: See also Examiners Note in the rejection of claim 1). As to claim 10, the ‘186 Patent discloses the system of claim 9, wherein the first container host is a first pod that is running on a first node of the orchestration system and the second container host is running on at least one of the first node or a second node associated with the orchestration system (Claim 11: The system of claim 10, wherein the first container host is a first pod that is running on a first node of the orchestration system and the second container host is running on at least one of the first node or a second node associated with the orchestration system.) As to claim 11, the ‘186 Patent discloses the system of claim 9, wherein the L2 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host (Claim 12: The system of claim 10, wherein the L3 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host. Examiner note: See also Examiners Note in the rejection of claim 1). As to claim 13, the ‘186 Patent discloses the system of claim 9, wherein determining that the data within any of L3-L7 is unencrypted is based at least in part on inspecting a first packet of the traffic (Claim 10: determining that Layer-7 (L7) data within the traffic is unencrypted, wherein determining that the L7 data within the traffic is unencrypted is based at least in part on inspecting a first packet of the traffic). As to claim 14, the ‘186 Patent discloses one or more non-transitory computer-readable media storing instructions that, when executed, cause one or more processors to perform operations comprising (Claim 15: One or more non-transitory computer-readable media storing instructions that, when executed, cause one or more processors to perform operations comprising): receiving, from a first container host of an orchestration system for managing containerized microservices applications, traffic that is to be sent to a second container host of the orchestration system, the first container host and the second container host each hosting a container associated with a microservices application (Claim 15: receiving, from a first container host of an orchestration system for managing containerized microservices applications, traffic that is to be sent to a second container host of the orchestration system, the first container host and the second container host each hosting a container associated with a microservices application); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Claim 15: determining that Layer-7 (L7) data within the traffic is unencrypted); and based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second container host via a Layer-2 (L2) encrypted tunnel between the first container host and the second container host (Claim 15: and based at least in part on the L7 data being unencrypted, causing the traffic to be sent to the second container host via a Layer-3 (L3) encrypted tunnel between the first container host and the second container host. Examiner note: See also Examiners Note in the rejection of claim 1). As to claim 15, the ‘186 Patent discloses the one or more non-transitory computer-readable media of claim 14, wherein the first container host is a first container host that is running on a first node of the orchestration system (Claim 16: The one or more non-transitory computer-readable media of claim 15, wherein the first container host is a first pod that is running on a first node of the orchestration system and the second container host is running on at least one of the first node or a second node associated with the orchestration system). As to claim 16, the ‘186 Patent discloses the one or more non-transitory computer-readable media of claim 15, wherein the second container host is running on at least one of the first node or a second node associated with the orchestration system (Claim 16: The one or more non-transitory computer-readable media of claim 15, wherein the first container host is a first pod that is running on a first node of the orchestration system and the second container host is running on at least one of the first node or a second node associated with the orchestration system). As to claim 17, the ‘186 Patent discloses the one or more non-transitory computer-readable media of claim 14, wherein the L3 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host (Claim 17: The one or more non-transitory computer-readable media of claim 15, wherein the L3 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host. Examiner note: In light of the rejection of claim 17 under 35 U.S.C. 112(b) above, see also Examiners Note in the rejection of claim 1). As to claim 19, the ‘186 Patent discloses the one or more non-transitory computer-readable media of claim 14, wherein the operations are performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first container host (Claim 5: The method of claim 1, wherein the method is performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first pod). As to claim 20, the ‘186 Patent discloses the one or more non-transitory computer-readable media of claim 14, wherein the L2 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host (Claim 12: The system of claim 10, wherein the L3 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host. Examiner note: See also Examiners Note in the rejection of claim 1). Claims 7, 12 and 18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 12,192,186 in view of U.S. Patent Application Publication No. 2022/0286439 by Takahashi et al. As to claims, 7, 12 and 18, the ‘186 Patent discloses all recited elements of claims 1, 9 and 14 from which clams 7, 12 and 18 depend. The ‘186 Patent does not expressly disclose wherein the L2 encrypted tunnel between the first container host and the second container host is a Media Access Control Security (MACsec) tunnel. Takahashi discloses wherein the L2 encrypted tunnel between the first container host and the second container host is a Media Access Control Security (MACsec) tunnel (Takahashi, Page 2, Sec 23-25, MACsec tunnel used to transmit data between two nodes. Examiner note: See also Examiners Note in the rejection of claim 1). The ‘186 Patent and Takahashi are analogous art because they are from the common area of network communications. It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, the MACsec tunnel of Takahasi with the teachings of the ‘186 Patent. The rationale would have been to provide a physically isolated channel for message transmission (Takahashi: Page 1, Sec 3). Claims 1, 5-6, 9, 11-14, 17 and 19-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,824,845. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application represent a broadening and obvious variation of the claims of the ‘845 Patent. As to claim 1, the ‘845 Patent discloses a method comprising (Claim 1: A method that is performed at least partially by a program running on a first node of a cloud-based network, the method comprising): receiving, from a first pod hosting a first container associated with a microservices application, traffic that is to be sent to a second pod (Claim 1: receiving, from a first pod running on the first node, traffic that is to be sent to a second pod, the first pod hosting a container associated with a microservices application); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Claim 1: determining whether the traffic is encrypted or unencrypted and Claim 5: The method of claim 1, wherein determining whether the traffic is encrypted or unencrypted comprises determining whether the traffic is transport layer security (TLS) traffic or non-TLS traffic; Examiner Note: TLS traffic is at Layer 4 of the OSI model); and based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second pod via a Layer-2 (L2) encrypted tunnel between the first pod and the second pod (Claim 1: sending the traffic to the second pod via an encrypted tunnel between the first pod and the second pod based at least in part on determining that the traffic is unencrypted. And Claim 8: The method of claim 1, wherein sending the traffic to the second pod via the encrypted tunnel comprises sending the traffic to the second pod via a layer 3 encrypted tunnel between the first pod and the second pod. Examiner note: While the ‘186 Patent discloses an L3 encrypted tunnel rather than an L2 encrypted tunnel, the choice of layer at which to create the encrypted tunnel is an obvious variation as there are a small number of layers in the OSI model at which to create an encrypted tunnel). As to claim 5, the ‘845 Patent discloses the method of claim 1, wherein the method is performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first pod (Claim 2: The method of claim 1, wherein the program is an extended Berkeley Packet Filter (eBPF) program running in a kernel space of the first node). As to claim 6, the ‘845 Patent discloses the method of claim 1, wherein the L2 encrypted tunnel between the first pod and the second pod is established by an agent executing on a same node as at least one of the first pod or the second pod (Claim 3: The method of claim 1, further comprising establishing, by an agent executing on the first node, the encrypted tunnel between the first pod and the second pod. Examiner note: See also Examiners Note in the rejection of claim 1). As to claim 9, the ‘845 Patent discloses a system comprising (Claim 10: A system comprising): one or more processors (Claim 10: one or more processors); and one or more non-transitory computer-readable media storing instructions that, when executed, cause the one or more processors to perform operations comprising (Claim 10: and one or more non-transitory computer-readable media storing instructions that, when executed by the one or more processors, cause the system to perform operations comprising): receiving, from a first container host of an orchestration system for managing containerized microservices applications, traffic that is to be sent to a second container host of the orchestration system (Claim 10: receiving, from a first pod running on a first node of a cloud-based network, traffic that is to be sent to a second pod), the first container host and the second container host each hosting a container associated with a microservices application (Claim 17: The system of claim 10, wherein the first pod is hosting a container associated with a microservices application and the traffic is associated with the microservices application); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Claim 10: determining whether the traffic is encrypted or unencrypted and Claim 14: The system of claim 10, wherein determining whether the traffic is encrypted or unencrypted comprises determining whether the traffic is transport layer security (TLS) traffic or non-TLS traffic. Examiners Note: See Examiners note of claim 1); and based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second container host via a Layer-2 (L2) encrypted tunnel between the first container host and the second container host (Claim 10: sending the traffic to the second pod via an encrypted tunnel between the first pod and the second pod based at least in part on determining that the traffic is unencrypted. And Claim 13: The system of claim 10, wherein the encrypted tunnel comprises a layer 3 encrypted tunnel between the first pod and the second pod. Examiners Note: See examiners note of claim 1). As to claim 11, the ‘845 Patent discloses the system of claim 9, wherein the L2 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host (Claim 12: The system of claim 10, the operations further comprising establishing, by an agent executing on the first node, the encrypted tunnel between the first pod and the second pod. Examiner note: See also Examiners Note in the rejection of claim 1). As to claim 14, the ‘845 Patent discloses one or more non-transitory computer-readable media storing instructions that, when executed, cause one or more processors to perform operations comprising (Claim 18: One or more non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising): receiving, from a first container host of an orchestration system for managing containerized microservices applications, traffic that is to be sent to a second container host of the orchestration system, the first container host and the second container host each hosting a container associated with a microservices application (Claim 18: receiving, from an application hosted on a first pod that is running on a first node of a cloud-based network, first traffic that is to be sent to a second pod; and Claim 17: The system of claim 10, wherein the first pod is hosting a container associated with a microservices application and the traffic is associated with the microservices application); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Clam 18: determining that the first traffic is encrypted; and Claim 14: The system of claim 10, wherein determining whether the traffic is encrypted or unencrypted comprises determining whether the traffic is transport layer security (TLS) traffic or non-TLS traffic. Examiners Note: See Examiners note of claim 1); based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second container host via a Layer-2 (L2) encrypted tunnel between the first container host and the second container host (Claim 18: based at least in part on the second traffic being unencrypted, sending the second traffic to the at least one of the second pod or the third pod via the encrypted tunnel. And Claim 13: The system of claim 10, wherein the encrypted tunnel comprises a layer 3 encrypted tunnel between the first pod and the second pod. Examiners Note: See examiners note of claim 1). As to claim 17, the ‘845 Patent discloses the one or more non-transitory computer-readable media of claim 14, wherein the L3 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host (Claim 19: The one or more non-transitory computer-readable media of claim 18, wherein the encrypted tunnel is established by an agent executing on at least the first node. Examiner note: See also Examiners Note in the rejection of claim 1). As to claim 19, the ‘845 Patent discloses the one or more non-transitory computer-readable media of claim 14, wherein the operations are performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first container host (Claim 2: The method of claim 1, wherein the program is an extended Berkeley Packet Filter (eBPF) program running in a kernel space of the first node). As to claim 20, the ‘845 Patent discloses the one or more non-transitory computer-readable media of claim 14, wherein the L2 encrypted tunnel between the first container host and the second container host is established by an agent executing on a same node as at least one of the first container host or the second container host (Claim 19: The one or more non-transitory computer-readable media of claim 18, wherein the encrypted tunnel is established by an agent executing on at least the first node. Examiner note: See also Examiners Note in the rejection of claim 1). Claims 7, 12 and 18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 11,824,845 in view of U.S. Patent Application Publication No. 2022/0286439 by Takahashi et al. As to claims, 7, 12 and 18, the ‘845 Patent discloses all recited elements of claims 1, 9 and 14 from which clams 7, 12 and 18 depend. The ‘845 Patent does not expressly disclose wherein the L2 encrypted tunnel between the first container host and the second container host is a Media Access Control Security (MACsec) tunnel. Takahashi discloses wherein the L2 encrypted tunnel between the first container host and the second container host is a Media Access Control Security (MACsec) tunnel (Takahashi, Page 2, Sec 23-25, MACsec tunnel used to transmit data between two nodes. Examiner note: See also Examiners Note in the rejection of claim 1). The ‘845 Patent and Takahashi are analogous art because they are from the common area of network communications. It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, the MACsec tunnel of Takahasi with the teachings of the ‘186 Patent. The rationale would have been to provide a physically isolated channel for message transmission (Takahashi: Page 1, Sec 3). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-4, 6-7, 9-12, 14-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2021/0314359 by Thyagayuru et al. in view of U.S. Patent Application Publication No. 2022/0286439 by Takahashi et al. As to claims 1 and 9, Thyagayuru discloses a method/system comprising: receiving, from a first pod hosting a first container (Thyagaturu: Page 2, Sec 20-21; “The solution enables applications, VMs, and Containers to be able transmit their data through VPN sessions without being double encrypted”) associated with a microservices application (Thyagaturu: Page 6, Sec 67, 69, microservice deployments), traffic that is to be sent to a second pod (Thyagaturu: Page 2, Sec 20-26; data being transmitted between VM/containers); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Thyagaturu: Page 2, Sec 20-26; application notifies socket as to where the data is encrypted or not; data is at Layer-6 (tls)); and based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second pod via an encrypted tunnel between the first pod and the second pod (Thyatagura: Fig 3, Page 2, Sec 25-26; unencrypted data sent through secure encrypted tunnel). With respect to claim 9 only, Thyatagura discloses one or more processors (Thyatagura: Fig 8); and one or more non-transitory computer-readable media storing instructions that, when executed, cause the one or more processors to perform operations (Thyatagura: Fig 8). Thyatagura does not expressly disclose a Layer-2 (L2) encrypted tunnel. Takahashi discloses an encrypted Layer-2 (L2) tunnel between the first pod and the second pod (Takahashi, Page 2, Sec 23-25, MACsec tunnel used to transmit data between two nodes). Thyatagura and Takahashi are analogous art because they are from the common area of encrypted tunnel communication. It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use the Layer-2 encrypted tunnel of Takahashi in the system of Thyatagura. The rationale would have been to enable secure transmission of data across secure storage sites (Takahashi: Page 1, Sec 3). As to claim 14, the modified Thyatagura/Takahashi reference discloses one or more non-transitory computer-readable media storing instructions that, when executed, cause one or more processors to perform operations comprising: receiving, from a first container host of an orchestration system for managing containerized microservices applications (Thyagaturu: Page 2, Sec 20-21; “The solution enables applications, VMs, and Containers to be able transmit their data through VPN sessions without being double encrypted”), traffic that is to be sent to a second container host of the orchestration system (Thyagaturu: Page 2, Sec 20-26; data being transmitted between VM/containers), the first container host and the second container host each hosting a container associated with a microservices application (Thyagaturu: Page 6, Sec 67, 69, microservice deployments); determining that data within any of Layer-3 (L3) through Layer-7 (L7) of the traffic is unencrypted (Thyagaturu: Page 2, Sec 20-26; application notifies socket as to where the data is encrypted or not; data is at Layer-6 (tls)); and based at least in part on the data in any of L3-L7 being unencrypted, causing the traffic to be sent to the second container host via a Layer-2 (L2) encrypted tunnel (Takahashi, Page 2, Sec 23-25, MACsec tunnel used to transmit data between two nodes) between the first container host and the second container host (Thyatagura: Fig 3, Page 2, Sec 25-26; unencrypted data sent through secure encrypted tunnel). As to claims 2, 10 and 15, the modified Thyatagura/Takahashi reference further discloses wherein the first pod is running on a first node associated with an orchestration system for managing containerized microservices applications (Thyagaturu: Fig 2; Page 2, Sec 20-21; software layer containing VPN controller and hypervisors). As to claims 3, 10 and 16, the modified Thyatagura/Takahashi reference further discloses wherein the second pod is running on a second node associated with the orchestration system (Thyagaturu: Page 2, Sec 20-26; data being transmitted between VM/containers). As to claim 4, the modified Thyatagura/Takahashi reference further discloses wherein the second pod is hosting a second container (Thyagaturu: Page 2, Sec 20-21; “The solution enables applications, VMs, and Containers to be able transmit their data through VPN sessions without being double encrypted”) associated with at least one of the microservices application or another microservices application (Thyagaturu: Page 6, Sec 67, 69, microservice deployments). As to claims 6, 11, 17 and 20, the modified Thyatagura/Takahashi reference further discloses wherein the L2 encrypted tunnel (Takahashi, Page 2, Sec 23-25,) between the first pod and the second pod is established by an agent executing on a same node as at least one of the first pod or the second pod (Thyagaturu: Page 2, Sec 22-23; TLS VPN agent). As to claims 7, 12 and 18, the modified Thyatagura/Takahashi reference further discloses wherein the L2 encrypted tunnel between the first pod and the second pod is a Media Access Control Security (MACsec) tunnel (Takahashi, Page 2, Sec 23-25, MACsec tunnel used to transmit data between two nodes). Claims 5 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2021/0314359 by Thyagayuru et al. in view of U.S. Patent Application Publication No. 2022/0286439 by Takahashi et al. further in view of U.S. Patent No. 10,623,372 to Wang et al. As to claims 5 and 19, the modified Thyatagura/Takahashi reference discloses all recited elements of claims 1 and 14 from which claims 5 and 19 depend. The modified reference does not expressly disclose wherein the method is performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first pod. Wang discloses wherein the method is performed at least partially by an extended Berkeley Packet Filter (eBPF) program that is running on a same node as the first pod (Wang: Col 3, Lines 62-65; “Embodiments presented herein relate to systems and methods for load balancing processing of packets of IPSec tunnels using an extended Berkeley Packet Filter (eBPF) module of a destination tunnel endpoint.”). The modified reference and Wang are analogous art because they are from the common area of encrypted tunnel communication. It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use the eBPF of Wang in the system of the modified reference. The rationale would have been to improve packet filtering (Wang: Col 3, Lines 7-10). Claims 8 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2021/0314359 by Thyagayuru et al. in view of U.S. Patent Application Publication No. 2022/0286439 by Takahashi et al. further in view of U.S. Patent Application Publication No. 2022/0353243 by Moore. As to claims 8 and 13, the modified Thyatagura/Takahashi reference discloses all recited elements of claims 1 and 9 from which claims 8 and 13 depend. The modified reference does not expressly disclose wherein determining that the data within any of L3-L7 is unencrypted is based at least in part on inspecting a first packet of the traffic. Moore discloses wherein determining that the data within any of L3-L7 is unencrypted is based at least in part on inspecting a first packet of the traffic (Moore: Claim 1: “ inspecting packet header field values to determine, based on a destination address for each of the first plurality of packets indicating that the first plurality of packets originate within the protected network and are destined for the second network, that the first plurality of packets comprise one or more packet header field values that correspond to a first packet-filtering rule; responsive to determining that the first plurality of packets comprises one or more packet header field values that correspond to the first packet-filtering rule, inspecting application layer packet header field values to determine whether the first plurality of packets comprises an unencrypted TLS record protocol header indicating at least one TLS-version value defined by the first packet-filtering rule as being a security vulnerability”). The modified reference and Moore are analogous art because they are from the common area of encrypted tunnel communication. It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use the packet filtering of Moore in the system of the modified reference. The rationale would have been to determine if traffic was encrypted or not (Moore: Claim 1). Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S. Patent Application Publication No. 2011/0231923 by Bollay et al. discloses determining if an encrypted end-to-end session has been established U.S. Patent Application Publication No. 2014/0376530 by Erickson et al. discloses DTLS Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL S MCNALLY whose telephone number is (571)270-1599. The examiner can normally be reached Monday-Friday, 8:30 AM - 5:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. MICHAEL S. MCNALLY Primary Examiner Art Unit 2432 /Michael S McNally/Primary Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Sep 30, 2024
Application Filed
Jan 14, 2026
Non-Final Rejection — §103, §112, §DP
Apr 07, 2026
Interview Requested

Precedent Cases

Applications granted by this same examiner with similar technology

18/602,162
Patent 12597369
CRYPTO RECOVERY SEED PHRASE STORAGE DEVICE
2y 5m to grant Granted Apr 07, 2026
18/446,689
Patent 12579243
PROVIDING DYNAMIC AUTHENTICATION AND AUTHORIZATION AN ON ELECTRONIC DEVICE
2y 5m to grant Granted Mar 17, 2026
18/166,488
Patent 12572676
AUTHENTICATED DOCUMENT STORAGE VAULT
2y 5m to grant Granted Mar 10, 2026
18/410,406
Patent 12561422
SYSTEM FOR AUTHENTICATING DATA
2y 5m to grant Granted Feb 24, 2026
18/578,261
Patent 12563401
Hash Function and Lawful Interception
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
90%
Grant Probability
98%
With Interview (+8.7%)
2y 8m
Median Time to Grant
Low
PTA Risk
Based on 1060 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month