DETAILED ACTION
This Office Action is in response to the communication filed on 10/16/2024.
Claims 1-20 are pending.
Claims 1-20 are rejected.
The Examiner cites particular sections in the references as applied to the claims below for the convenience of the applicant(s). Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant(s) fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
The Claims have various formatting and punctuation issues, for example:
Claim 1 line 10 reads “configured to be executed” which is passive language and should be changed to active language such as “when executed…”.
Claim 6 line 11 reads “system (DNS) traffic data;” which should be changed to “system (DNS) traffic data[[;]].”
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
The term “dynamically enforce” in claim 1 renders the claim indefinite. “Dynamic” enforcement not defined by the claim and the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Does “dynamic” mean applying to real-time queries (instant [0017])? real-time enforcement (instant [0018-0021])? Continuously adjusting/updating (instant [0080])? (instant [0084]) teaches dynamically applying, is dynamically enforcing and dynamically applying intended to be the identical processes? It is not clear what “dynamic” enforcement includes or excludes.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Daviss (U.S. 20230062068), in view of Moore (U.S. 20220360598).
Regarding claims 1, 13 and 20,
Daviss discloses: A computer-implemented system for providing cybersecurity services in dual-stack traffic processing within one or more communication networks, comprising: (Daviss [0016-0020] teaches identification of malicious traffic and dual-stack traffic processing)
one or more carrier edge nodes configured to transmit traffic data packets between one or more communication devices and one or more network services within the one or more communication networks, wherein each carrier edge node of the one or more carrier edge nodes comprises: (Daviss [0016-0025, 0034-0036, 0078-0081] teaches carrier nodes configured to transmit data between devices)
one or more hardware processors; (Daviss [0045-0047] teaches processor and memory)
a memory unit operatively connected to the one or more hardware processors, wherein the memory unit comprises a set of computer-readable instructions in form of a plurality of subsystems, configured to be executed by the one or more hardware processors, wherein the plurality of subsystems comprises: (Daviss [0045-0047] teaches processor and memory)
a tagging subsystem configured to assign one or more virtual local area network (VLAN) tags to at least one of: outbound communication device-originated data, and inbound communication device-originated data for identifying the traffic data packets to enforce one or more security rules; (Daviss [0002, 0019-0025, 0030, 0042-0043, and 0053-0066] teaches adding a prefix from a pattern to a record; [0081] teaches virtual machines)
a prefix detection subsystem configured to:
translate Internet Protocol version 6 (IPv6) addresses associated with the outbound communication device-originated data to Internet Protocol version 4 (IPv4) addresses using one or more network address translation 64 (NAT64) prefixes; and (Daviss [0001-0002, 0016-0025] teaches network address translation 6-to-4 (NAT64) to enable client-server communication between a client on a local Internet Protocol version 6 (IPv6) network and a server on an Internet Protocol version 4 (IPv4) external network using a technology called DNS64 … DNS64-enabled may use a network prefix (the prefix) that is configured for the translator)
query one or more domain name system (DNS) servers to translate the Internet Protocol version 6 (IPv6) addresses by deriving an associated network address translation 64 (NAT64) prefix within the one or more network address translation 64 (NAT64) prefixes for authorized communication with the Internet Protocol version 4 (IPv4) destinations associated with the one or more network services; (Daviss [0001-0002, 0016-0025, 0036-0045] teaches querying DNS’s to perform the 6-to-4 translation using prefixes which enables communication between IPv6 and IPv4 network destinations)
a traffic segmentation subsystem configured to segment at least one of: the outbound communication device-originated data, and the inbound communication device-originated data into one or more categories based on one or more predefined parameters; and (Daviss [0016-0019, 0023-0025] teaches determining patterns of traffic to generate resource records for enhancing DNS packets by adding prefixes and suffixes according to the records which creates segments of traffic (each different prefix/suffix creates a different segment))
While Daviss discloses performing security checks to determine whether a resource is malicious, Daviss does not explicitly disclose: a security policy enforcement subsystem configured to:
dynamically enforce the one or more security policies on the segmented at least one of: the outbound communication device-originated data, and the inbound communication device-originated data based on at least one of: the one or more virtual local area network (VLAN) tags and the one or more predefined parameters; and
detect one or more malicious domains based on the one or more security policies in the traffic data packets for providing the cybersecurity services in the dual-stack traffic processing within the one or more communication networks.
However, in the same field of endeavor Moore discloses: a security policy enforcement subsystem configured to:
dynamically enforce the one or more security policies on the segmented at least one of: the outbound communication device-originated data, and the inbound communication device-originated data based on at least one of: the one or more virtual local area network (VLAN) tags and the one or more predefined parameters; and (Moore [0007-0013, 0039-0045, 0050-0052, 0067-0080, 0081-0090, 0092-0096] describes continuously identifying and analyzing threat indicators, which can be indicative of malicious/risky traffic, and blocking or allowing the traffic based on the risk/maliciousness indicator using dispositions and directives that were predetermined prior to receiving the in-transit packet; [0038-0039, 0179] teaches virtual environments)
detect one or more malicious domains based on the one or more security policies in the traffic data packets for providing the cybersecurity services in the dual-stack traffic processing within the one or more communication networks. (Moore [0050-0055, 0059, 0063-0069] teaches associating domains to threat indicators (detecting malicious domains) and using those threat indicators to block/allow the traffic in order to provide cybersecurity within communication networks)
Daviss and Moore are analogous art because they are from the same field of endeavor identification of malicious resources.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Daviss and Moore before him or her, to modify the method of Daviss to include the 6-to-4 translation of Moore because it will improve g network protections by computing the best dispositions and directives to be applied to rule-matching in-transit packets for protecting the network at the time that the rule-matching in-transit packets are actually observed/filtered by a TIG)
The motivation for doing so would be [“ The threat context-enabled packet filtering appliance may do so using one or more rules such that in response to determining that one or more of those rules applies to an observed in-transit packet, the threat context-enabled packet filtering appliance may determine threat context information associated with the in-transit packet; determine (e.g., compute) such as by using logic associated with the one or more rules, based on the threat context information, a disposition and/or one or more directives; and apply the computed disposition and/or one or more directives to the in-transit packet. ”] (Paragraph 0071-0072 by Moore)].
Therefore, it would have been obvious to combine Daviss and Moore to obtain the invention as specified in the instant claim.
Claim 13 additionally discloses: A computer-implemented method (Daviss [0014] This disclosure also describes, at least in part, a method)
Claim 20 additionally discloses: A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed by one or more hardware processors, cause the one or more hardware processors to perform (Daviss [0094-0095] It should be appreciated by those skilled in the art that computer-readable storage media is any available media that provides for the non-transitory storage of data and that can be accessed by the computer)
Regarding claims 2 and 14,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein each carrier edge node of the one or more carrier edge nodes is further configured to:
provide customer-side translator (CLAT) functionality for the outbound communication device-originated data with only the Internet Protocol version 6 (IPv6) addresses, using a derived network address translation 64 (NAT64) prefix within the one or more network address translation 64 (NAT64) prefixes to synthesize the Internet Protocol version 6 (IPv6) addresses for the Internet Protocol version 4 (IPv4) destinations. (Daviss [0016-0021, 0031, 0037-0039] teaches a local DNS resolver which can be used to translate and add prefixes/suffixes)
Daviss does not explicitly disclose: transmit the traffic data packets to the Internet Protocol version 4 (IPv4) destinations through the one or more carrier edge nodes, while bypassing the Internet Protocol version 6 (IPv6) addresses at each carrier edge node of the one or more carrier edge nodes until complete Internet Protocol version 6 (IPv6) security policies are enforced; and
However, in the same field of endeavor Moore discloses: transmit the traffic data packets to the Internet Protocol version 4 (IPv4) destinations through the one or more carrier edge nodes, while bypassing the Internet Protocol version 6 (IPv6) addresses at each carrier edge node of the one or more carrier edge nodes until complete Internet Protocol version 6 (IPv6) security policies are enforced; and (Moore [0012-0023, 0046-0052, 0136-0151] teaches determining disposition (e.g., “block” or “allow”) of a threat indicator rule as well as the determination of one or more directives to be applied to an in-transit packet which may be delayed or change/evolve over time by passing addresses until that traffic is not determined to be malicious; [0046-0052] teaches that in-transit packet's disposition may remain undefined (e.g., unknown) during a time period from when the TIG has determined that the observed in-transit packet satisfies a rule having the “protect” disposition and until the in-transit packet's disposition is subsequently determined based on the threat context information)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claims 3 and 15,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the one or more virtual local area network (VLAN) tags comprise at least one of:
Daviss teaches: one or more additional virtual local area network (VLAN) tags are configured to assign to at least one of: the outbound communication device-originated data, and the inbound communication device-originated data based on the one or more predefined parameters. (Daviss [0019-0030, 0079-0081] teaches communication device specific prefixes and suffixes; the computers may each execute one or more application containers and/or virtual machines to perform techniques described herein)
Daviss does not explicitly teach: a first tag configured to identify the outbound communication device-originated data for initial processing at each carrier edge node of the one or more carrier edge nodes;
a second tag is assigned to the outbound communication device-originated data from each carrier edge node of the one or more carrier edge nodes after the one or more security policies are enforced for transmitting to the one or more network services;
a third tag configured to identify the inbound communication device-originated data directed to the one or more communication devices after the inbound communication device-originated data undergone processing at each carrier edge node of the one or more carrier edge nodes;
a fourth tag is assigned to the inbound communication device-originated data upon detection of the one or more malicious domains at each carrier edge node of the one or more carrier edge nodes for transmitting the traffic data packets to the one or more communication devices from the one or more network services; and
However in the same field of endeavor Moore teaches: a first tag configured to identify the outbound communication device-originated data for initial processing at each carrier edge node of the one or more carrier edge nodes; (Moore [0049-0078, 0080-0090, 0164-0178] teaches metadata and indicators which are assigned according to whether traffic is inbound, outbound, is determined to be a threat, threat analysis data, and type of threat)
a second tag is assigned to the outbound communication device-originated data from each carrier edge node of the one or more carrier edge nodes after the one or more security policies are enforced for transmitting to the one or more network services; (Moore [0049-0078, 0080-0090, 0164-0178] teaches metadata and indicators which are assigned according to whether traffic is inbound, outbound, is determined to be a threat, threat analysis data, and type of threat)
a third tag configured to identify the inbound communication device-originated data directed to the one or more communication devices after the inbound communication device-originated data undergone processing at each carrier edge node of the one or more carrier edge nodes; (Moore [0049-0078, 0080-0090, 0164-0178] teaches metadata and indicators which are assigned according to whether traffic is inbound, outbound, is determined to be a threat, threat analysis data, and type of threat)
a fourth tag is assigned to the inbound communication device-originated data upon detection of the one or more malicious domains at each carrier edge node of the one or more carrier edge nodes for transmitting the traffic data packets to the one or more communication devices from the one or more network services; and (Moore [0049-0078, 0080-0090, 0164-0178] teaches metadata and indicators which are assigned according to whether traffic is inbound, outbound, is determined to be a threat, threat analysis data, and type of threat)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claim 4,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the prefix detection subsystem is further configured to automatically update the network address translation 64 (NAT64) prefixes (Daviss [0002, 0016-0023, 0064-0073] teaches embedding resources records (prefixes) using existing records (updating)
David does not explicitly disclose: based on real-time queries to the one or more domain name system (DNS) servers, ensuring compatibility with updated the Internet Protocol version 4 (IPv4) destinations.
However in the same field of endeavor Moore discloses: based on real-time queries to the one or more domain name system (DNS) servers, ensuring compatibility with updated the Internet Protocol version 4 (IPv4) destinations. (Moore [0017-0023, 0043, 0143-0151, 0152-0160] teaches determining a disposition and/or a directive key (prefix) in real time prefixes for the NAT64 translator)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claims 5 and 16,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the one or more categories comprise at least one of: domain name system (DNS) traffic data, enterprise traffic data, internet-bound traffic data, and intercepted traffic data. (Daviss [0004-0007, 0049-0064] teaches various categories which are assigned to the traffic data)
Regarding claim 6,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein each carrier edge node of the one or more carrier edge nodes is further configured to:
Daviss does not explicitly disclose: route the domain name system (DNS) traffic data through the one or more domain name system (DNS) servers configured with user-defined domain name system (DNS) policies to the one or more communication devices using the translated Internet Protocol version 6 (IPv6) addresses for communication with the one or more domain name system (DNS) servers for communicating with the Internet Protocol version 4 (IPv4) addresses;
perform reputation checks for both the Internet Protocol version 4 (IPv4) addresses and the Internet Protocol version 6 (IPv6) addresses associated with the domain name system (DNS) traffic data;
However, in the same field of endeavor Moore teaches: route the domain name system (DNS) traffic data through the one or more domain name system (DNS) servers configured with user-defined domain name system (DNS) policies to the one or more communication devices using the translated Internet Protocol version 6 (IPv6) addresses for communication with the one or more domain name system (DNS) servers for communicating with the Internet Protocol version 4 (IPv4) addresses; (Moore [0007-0013, 0039-0045, 0050-0052, 0067-0080, 0081-0090, 0092-0096] describes continuously identifying and analyzing DNS traffic to enforce security policies for communication which includes NAT64 translation; [0016-0017, 0052, 0065] teaches that the policies may be configured by an administrator (user))
perform reputation checks for both the Internet Protocol version 4 (IPv4) addresses and the Internet Protocol version 6 (IPv6) addresses associated with the domain name system (DNS) traffic data; (Moore [0006-0017, 0041-0043, 0071] teaches checking the reputation of packets by analyzing characters of the packs (some of which are indicative of malicious packets) and comparing with a published threat list)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claim 7,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein each carrier edge node of the one or more carrier edge nodes is configured to process the enterprise traffic data to:
convert the Internet Protocol version 6 (IPv6) addresses to the Internet Protocol version 4 (IPv4) addresses (Daviss [0002] teaches a local translator, such as a network address translation 6-to-4 (NAT64))
apply a network address translation (NAT) using Small-Medium Business (SMB)-specific Virtual Internet Protocol (VIPs) addresses; (Daviss [0002, 0016-0017, 0049-0062] teaches a local translator, such as a network address translation 6-to-4 (NAT64); [0079-0081] teaches virtual machines)
Daviss does not explicitly disclose: prior to encryption, for secure communication with the Internet Protocol version 4 (IPv4) addresses associated with the one or more network services;
route the enterprise traffic data through one or more secure tunnels according to the user-defined domain name system (DNS) instructions; and
decrypt and transmit the enterprise traffic data to the one or more communication devices using a designated virtual local area network (VLAN) tag within the one or more virtual local area network (VLAN) tags for managing the segmented at least one of: the outbound communication device-originated data, and the inbound communication device-originated data.
However, in the same field of endeavor Moore teaches: prior to encryption, for secure communication with the Internet Protocol version 4 (IPv4) addresses associated with the one or more network services; (Moore [0068] teaches encrypting communications using transport layer security (TLS-secure communications))
route the enterprise traffic data through one or more secure tunnels according to the user-defined domain name system (DNS) instructions; and (Moore [0068] teaches encrypting communications/traffic using transport layer security (TLS-secure communications) which enterprise traffic can be routed through; [0016-0017, 0052, 0065] teaches that the policies may be configured by an administrator (user)); [0004-0007] teaches enterprise traffic )
decrypt and transmit the enterprise traffic data to the one or more communication devices using a designated virtual local area network (VLAN) tag within the one or more virtual local area network (VLAN) tags for managing the segmented at least one of: the outbound communication device-originated data, and the inbound communication device-originated data. (Moore [0004-0007] teaches enterprise traffic; [0068] teaches encrypting and decrypting communications using transport layer security (TLS-secure communications) which includes transmitting, encrypting and encrypting traffic; [0038-0039, 0179] teaches virtual environments)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claim 8,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the tagging subsystem is further configured to:
Daviss does not explicitly disclose: assign the second tag for outbound internet-bound traffic data within the internet-bound traffic data for external transmission; and
assign the fourth tag for inbound internet-bound traffic data within the internet-bound traffic data after decrypted for transmitting the traffic data packets to the one or more communication devices from the one or more network services.
However, in the same field of endeavor Moore teaches: assign the second tag for outbound internet-bound traffic data within the internet-bound traffic data for external transmission; and (Moore [0049-0078, 0080-0090, 0164-0178] teaches metadata and indicators which are assigned according to whether traffic is inbound, outbound, is determined to be a threat, threat analysis data, and type of threat)
assign the fourth tag for inbound internet-bound traffic data within the internet-bound traffic data after decrypted for transmitting the traffic data packets to the one or more communication devices from the one or more network services. (Moore [0049-0078, 0080-0090, 0164-0178] teaches metadata and indicators which are assigned according to whether traffic is inbound, outbound, is determined to be a threat, threat analysis data, and type of threat)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claim 9,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the traffic segmentation subsystem is configured with a secure sockets layer (SSL) interception module,
Daviss does not explicitly disclose: the secure sockets layer (SSL) interception module is configured to manage the intercepted traffic data through an Internet Protocol version 6 (IPv6)-capable secure sockets layer (SSL) proxy for generating outbound intercepted traffic data after the detection of one or more malicious domains for transmitting to the one or more communication devices.
However, in the same field of endeavor Moore teaches: the secure sockets layer (SSL) interception module is configured to manage the intercepted traffic data through an Internet Protocol version 6 (IPv6)-capable secure sockets layer (SSL) proxy for generating outbound intercepted traffic data after the detection of one or more malicious domains for transmitting to the one or more communication devices. (Moore [0007-0013, 0039-0045, 0050-0059, 0064-0068, 0081-0090] teaches management of TLS and SSL protocols by using traffic data which is intercepted when domains are detected which are malicious)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claims 10 and 17,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the one or more predefined parameters comprise at least one of: a type of application, one or more user roles, one or more traffic characteristics, destination Internet Protocol (IP) address, security requirements, network conditions, and real-time threat intelligence. (Daviss [0020-0025] teaches that the prefixes and suffixes can be determined according to various characteristics including traffic characteristics)
Regarding claims 11 and 18,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the one or more security policies comprise at least one of:
Daviss does not explicitly disclose: firewall policies, intrusion detection and prevention policies, reputation-based filtering policies, access control policies, data encryption policies, malicious domain detection policies, content filtering policies, application-specific policies, bandwidth management policies, and compliance policies.
However, in the same field of endeavor Moore teaches: firewall policies, intrusion detection and prevention policies, reputation-based filtering policies, access control policies, data encryption policies, malicious domain detection policies, content filtering policies, application-specific policies, bandwidth management policies, and compliance policies. (Moore [0007-0013, 0039-0045, 0050-0052, 0049-0078, 0081-0096] teaches various security policies which are used to filter traffic)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Moore for similar reasons as cited in claim 1.
Regarding claims 12 and 19,
Daviss in view of Moore discloses: The computer-implemented system of claim 1, wherein the plurality of subsystems comprises a virtual private network (VPN) management subsystem,
the virtual private network (VPN) management subsystem is configured to encapsulate the Internet Protocol version 4 (IPv4) addresses within the Internet Protocol version 6 (IPv6) addresses for providing a virtual private network (VPN) communication over an Internet Protocol version 6 (IPv6)-only network environment, (Daviss [0002, 0013-0025] A Domain Name System (DNS) resolver works with an IP address translator, such as a network address translation 6-to-4 (NAT64) gateway, in order to enable client-server communication between a client on a local Internet Protocol version 6 (IPv6) network and a server on an Internet Protocol version 4 (IPv4) external network using a technology called DNS64; [0081] teaches virtual machines)
the virtual private network (VPN) management subsystem is configured to generate one or more virtual private network (VPN) tunnels using the Internet Protocol version 6 (IPv6) addresses for transmitting the traffic data packets while communicating with the Internet Protocol version 4 (IPv4) addresses. (Daviss [0002, 0013-0025] A Domain Name System (DNS) resolver works with an IP address translator, such as a network address translation 6-to-4 (NAT64) gateway, in order to enable client-server communication between a client on a local Internet Protocol version 6 (IPv6) network and a server on an Internet Protocol version 4 (IPv4) external network using a technology called DNS64; [0081] teaches virtual machines)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's
disclosure.
Pan 2014-11-24 (US 20160149748) teaches connecting a network using one network protocol with a network using another network protocol are provided. According to an embodiment, a method is provided for performing network address translation. A data packet is received, by a protocol bridge connecting a first network, using a first protocol, and a second network, using a second protocol, via a first session of the first protocol from a first network appliance of the first network. The first protocol may be either Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) and the second protocol is the other. The data packet is translated into the second protocol. The translation is performed in a kernel space of the protocol bridge. Finally, the data packet is transmitted via a second session of the second protocol to a second network appliance of the second network.
Kienzle 2010-02-26 (US 8844041) teaches detection of network devices (e.g., stealth devices) and mapping network topology are performed via network introspection by collaborating endpoints/nodes. The method includes receiving (e.g., by a node on a network) an assignment to be a supernode that will manage multiple agents of a subnetwork within an overall network. This assigned supernode instructs two or more of the agents to perform a set of network traffic fingerprinting tests of the subnetwork by passing information across the subnetwork to each other. The supernode receives results of the tests from the clients and detects one or more intermediate devices located between the clients based on an effect of the intermediate devices on the information passed between the clients. The supernode can further map the topology of the subnetwork (including the detected devices) which can be used in mapping the overall network topology.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A CARNES whose telephone number is (571)272-4378. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached at (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
THOMAS A. CARNES
Examiner
Art Unit 2436
/THOMAS A CARNES/Examiner, Art Unit 2436
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436