Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the application 18/926,165 filed 10/24/2024.
As per instant Amendment, claims 1-21 are currently pending. Claims 1, 15, 18, and 21 are independent claims. Claims 1-21 have been examined. This Action is made non-FINAL.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/20/2024, 06/19/2025, 08/27/2025, 11/13/2025, and 02/20/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement has been considered by the examiner.
Specification
Applicant is reminded of the proper content of an abstract of the disclosure.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives.
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
The current abstract appears to contain 167 words.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.
Claim Objections
Claim 21 is objected to because of the following informalities:
Regarding claim 21, claim 21 recites the acronym “RADIUS” without spelling out in full at its first occurrence. It’s suggested that said acronym be spelling out in full at its first occurrence. Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 18-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claims 18-20; claims 18-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory statutory subject matter. The claims are directed to a computer program per se because the claimed “computer program product being embodied in a tangible computer readable storage medium” is not stored on any non-transitory computer-readable storage medium. See Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760. The claim also recites “a computer program product being embodied in a tangible computer readable storage medium;” The specification does not explicitly limit the claim computer readable medium to non-transitory medium. At most paragraph 0008 and original claim 18, the specification just provides some examples with respect to “computer program product being embodied in a tangible computer readable storage medium.” However, the specification does not explicitly exclude the communication/propagate medium from the claimed “a computer program product being embodied in a tangible computer readable storage medium;” Under a recent precedential opinion, the scope of the recited “computer readable storage medium” encompasses transitory media such as signals or carrier waves, where, as here the Specification does not limit the computer readable storage medium to non-transitory forms. See Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential) (holding recited machine-readable storage medium ineligible under § 35 U.S.C. 101 since it encompassed transitory media). The Examiner respectfully suggests that the claim be amended to either “A computer program product stored on a non-transitory computer-readable storage medium” or “A computer program product stored on a computer-readable storage device” to make the claim statutory under 35 USC 101; (emphasis added).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 4-7, 13-15, 18, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Koenning (US20210258248), filed February 19, 2020, in view of Sood.(US20220329573), filed June 21, 2022
Regarding claim 1, Koenning disclose a system, comprising:
a processor configured to (Koenning, paragraph 0044, memory, processor, traffic, policy; paragraph 0065, traffic management apparatus, processor, memory, software)
receive traffic associated with a User Equipment (UE) from a mobile core network at a cloud network via a service provider network attach using an interconnect between the mobile core network and the cloud network (Koenning, paragraph 0031, network traffic received; paragraph 0038, components can communicate with each other using the interconnect);
forward the data plane traffic from the cloud network to its original destination if allowed by the policy (Koenning, paragraph 0018, forward all network traffic, data plane traffic distribution; paragraph 0015, policies to determine whether and how traffic is forwarded through the network);
block or drop the data plane traffic from the cloud network if not allowed by the policy (Koenning, paragraph 0050, implement policy, blocking packets, forwarding packets);
a memory coupled to the processor and configured to provide the processor with instructions (Koenning, paragraph 0044, memory, processor, traffic, policy; paragraph 0065, traffic management apparatus, processor, memory, software).
Koenning discloses receive traffic associated with a User Equipment (UE) from a mobile core network at a cloud network via a service provider network attach using an interconnect between the mobile core network and the cloud network; forward the at a plane traffic from the cloud network to its original destination if allowed by the policy; block or drop the data plane traffic from the cloud network if not allowed by the policy. but does not explicitly disclose receive traffic associated with a User Equipment (UE) from a mobile core network at a Secure Access Service Edge (SASE) cloud network via a service provider network attach using an interconnect between the mobile core network and the SASE cloud network; enforce a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user; forward the secured data plane traffic from the SASE cloud network to its original destination if allowed by the security policy; block or drop the data plane traffic from the SASE cloud network if not allowed by the security policy.
However, in an analogous art, Sood discloses receive traffic associated with a User Equipment (UE) from a mobile core network at a Secure Access Service Edge (SASE) cloud network via a service provider network attach using an interconnect between the mobile core network and the SASE cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
enforce a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
forward the secured data plane traffic from the SASE cloud network to its original destination if allowed by the security policy (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
block or drop the data plane traffic from the SASE cloud network if not allowed by the security policy (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy)..
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sood with the system/ method/ computer program product/ system of Koenning to include enforce a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user. One would have been motivated to provide users with the benefits of facilitating service to service communications. (Sood: paragraph 0002).
Regarding claim 4, Koenning and Sood disclose the system recited in claim 1. Koenning and Sood disclose wherein the mobile core network includes a 4G mobile core network, a 5G mobile core network, and/or 6G mobile core network (Sood, paragraph 0049, 5G/6G control plane functions, UE, mobile, paragraph 0065, interconnected, 4G, 5G, user; paragraph 0068, network, 4G, 5G).
Regarding claim 5, Koenning and Sood disclose the system recited in claim 1. Koenning and Sood disclose wherein the data plane traffic is secured from and to 4G, 5G, and/or 6G UE devices (Sood, paragraph 0049, 5G/6G control plane functions, UE, mobile, paragraph 0065, interconnected, 4G, 5G, user; paragraph 0068, network, 4G, 5G).
Regarding claim 6, Koenning and Sood disclose the system recited in claim 1. Koenning and Sood disclose wherein Internet access is secured from and to 4G, 5G, and/or 6G UE devices (Sood, paragraph 0049, 5G/6G control plane functions, UE, mobile, paragraph 0065, interconnected, 4G, 5G, user; paragraph 0068, network, 4G, 5G).
Regarding claim 7, Koenning and Sood disclose the system recited in claim 1. Koenning and Sood disclose wherein enterprise data center access is secured from and to 4G, 5G, and/or 6G UE devices (Sood, paragraph 0049, 5G/6G control plane functions, UE, mobile, paragraph 0065, interconnected, 4G, 5G, user; paragraph 0068, network, 4G, 5G).
Regarding claim 13, Koenning and Sood disclose the system recited in claim 1. Koenning and Sood disclose wherein the data plane traffic is encapsulated with meta information, including a subscriber identity and/or a unique device identifier (Koenning, paragraph 0045, subscriber, identifying information of the subscriber, policies; paragraph 0040, metadata associated with the subscriber).
Regarding claim 14, Koenning and Sood disclose the system recited in claim 1. Koenning and Sood disclose wherein the processor is further configured to: determine the security policy to apply at the SASE cloud network to the data plane traffic based on a subscriber identity and/or a unique device identifier. (Koenning, paragraph 0045, subscriber, identifying information of the subscriber, policies)
Regarding claim 15, Koenning discloses a method, comprising:
receiving traffic associated with a User Equipment (UE) from a mobile core network at a cloud network via a service provider network attach using an interconnect between the mobile core network and the cloud network (Koenning, paragraph 0031, network traffic received; paragraph 0038, components can communicate with each other using the interconnect);
forwarding the data plane traffic from the cloud network to its original destination if allowed by the policy (Koenning, paragraph 0018, forward all network traffic, data plane traffic distribution; paragraph 0015, policies to determine whether and how traffic is forwarded through the network);
block or drop the data plane traffic from the cloud network if not allowed by the policy (Koenning, paragraph 0050, implement policy, blocking packets, forwarding packets);
a memory coupled to the processor and configured to provide the processor with instructions (Koenning, paragraph 0044, memory, processor, traffic, policy; paragraph 0065, traffic management apparatus, processor, memory, software).
Koenning discloses receiving traffic associated with a User Equipment (UE) from a mobile core network at a cloud network via a service provider network attach using an interconnect between the mobile core network and the cloud network; forwarding the at a plane traffic from the cloud network to its original destination if allowed by the policy; block or drop the data plane traffic from the cloud network if not allowed by the policy. but does not explicitly disclose receiving traffic associated with a User Equipment (UE) from a mobile core network at a Secure Access Service Edge (SASE) cloud network via a service provider network attach using an interconnect between the mobile core network and the SASE cloud network; enforcing a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user; forwarding the secured data plane traffic from the SASE cloud network to its original destination if allowed by the security policy; block or drop the data plane traffic from the SASE cloud network if not allowed by the security policy.
However, in an analogous art, Sood discloses receiving traffic associated with a User Equipment (UE) from a mobile core network at a Secure Access Service Edge (SASE) cloud network via a service provider network attach using an interconnect between the mobile core network and the SASE cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
enforcing a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
forwarding the secured data plane traffic from the SASE cloud network to its original destination if allowed by the security policy (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
block or drop the data plane traffic from the SASE cloud network if not allowed by the security policy (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy)..
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sood with the system/ method/ computer program product/ system of Koenning to include enforcing a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user. One would have been motivated to provide users with the benefits of facilitating service to service communications. (Sood: paragraph 0002).
Regarding claim 18, Koenning discloses a computer program product, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for: (Koenning, paragraph 0044, memory, processor, traffic, policy; paragraph 0065, traffic management apparatus, processor, memory, software);
receiving traffic associated with a User Equipment (UE) from a mobile core network at a cloud network via a service provider network attach using an interconnect between the mobile core network and the cloud network (Koenning, paragraph 0031, network traffic received; paragraph 0038, components can communicate with each other using the interconnect);
forwarding the data plane traffic from the cloud network to its original destination if allowed by the policy (Koenning, paragraph 0018, forward all network traffic, data plane traffic distribution; paragraph 0015, policies to determine whether and how traffic is forwarded through the network);
block or drop the data plane traffic from the cloud network if not allowed by the policy (Koenning, paragraph 0050, implement policy, blocking packets, forwarding packets);
a memory coupled to the processor and configured to provide the processor with instructions (Koenning, paragraph 0044, memory, processor, traffic, policy; paragraph 0065, traffic management apparatus, processor, memory, software).
Koenning discloses receiving traffic associated with a User Equipment (UE) from a mobile core network at a cloud network via a service provider network attach using an interconnect between the mobile core network and the cloud network; forwarding the at a plane traffic from the cloud network to its original destination if allowed by the policy; block or drop the data plane traffic from the cloud network if not allowed by the policy. but does not explicitly disclose receiving traffic associated with a User Equipment (UE) from a mobile core network at a Secure Access Service Edge (SASE) cloud network via a service provider network attach using an interconnect between the mobile core network and the SASE cloud network; enforcing a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user; forwarding the secured data plane traffic from the SASE cloud network to its original destination if allowed by the security policy; block or drop the data plane traffic from the SASE cloud network if not allowed by the security policy.
However, in an analogous art, Sood discloses receiving traffic associated with a User Equipment (UE) from a mobile core network at a Secure Access Service Edge (SASE) cloud network via a service provider network attach using an interconnect between the mobile core network and the SASE cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
enforcing a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
forwarding the secured data plane traffic from the SASE cloud network to its original destination if allowed by the security policy (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
block or drop the data plane traffic from the SASE cloud network if not allowed by the security policy (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy)..
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sood with the system/ method/ computer program product/ system of Koenning to include enforcing a security policy on data plane traffic associated with the UE based on contextual information associated with the UE to provide secured data plane traffic using the security policy configured per user group and/or per user. One would have been motivated to provide users with the benefits of facilitating service to service communications. (Sood: paragraph 0002).
Regarding claim 21, Koenning discloses a system, comprising:
a processor configured to: (Koenning, paragraph 0044, memory, processor, traffic, policy; paragraph 0065, traffic management apparatus, processor, memory, software);
receive mobile network service provider configuration settings for a plurality of mobile network attributes for a mobile core network in a portal for a cloud network (Koenning, paragraph 0031, network traffic received);
activate an interconnect between the mobile core network and the cloud network (Koenning, paragraph 0058, interconnect various computing systems);
route data plane traffic from the mobile core network and a RADIUS message to a load balancing endpoint for the cloud network (Koenning, paragraph 0018, RADIUS server, data plane traffic distribution; paragraph 0023, cloud-based computing environment; paragraph 0026, load balancing; paragraph 0063, load balancing network traffic);
process a RADIUS start message and populate synchronization data with a mobile user identity and IP mapping for the cloud network (Koenning, paragraph 0018, RADIUS server, data plane traffic distribution);
process the data plane traffic using a processing node (SPN) in the cloud network and applying the configured security policy for the tenant (Koenning, paragraph 0018, data plane traffic distribution);
perform an action on the data plane traffic based on a verdict after applying the configured policy for the tenant (Koenning, paragraph 0018, data plane traffic, processing nodes);
a memory coupled to the processor and configured to provide the processor with instructions (Koenning, paragraph 0044, memory, processor, traffic, policy; paragraph 0065, traffic management apparatus, processor, memory, software).
Koenning discloses receive mobile network service provider configuration settings for a plurality of mobile network attributes for a mobile core network in a portal for a cloud network; activate an interconnect between the mobile core network and the cloud network; route data plane traffic from the mobile core network and a RADIUS message to a load balancing endpoint for the cloud network; process a RADIUS start message and populate synchronization data with a mobile user identity and IP mapping for the cloud network; process the data plane traffic using a processing node (SPN) in the cloud network and applying the configured security policy for the tenant, does not explicitly disclose receive mobile network service provider configuration settings for a plurality of mobile network attributes for a mobile core network in a portal for a Secure Access Service Edge (SASE) cloud network; receive a security policy configured per user group and/or per user for a tenant for the SASE cloud network; activate an interconnect between the mobile core network and the SASE cloud network; route data plane traffic from the mobile core network and a RADIUS message to a load balancing endpoint for the SASE cloud network; process a RADIUS start message and populate synchronization data with a mobile user identity and IP mapping for the SASE cloud network; process the data plane traffic using a security processing node (SPN) in the SASE cloud network and applying the configured security policy for the tenant..
However, in an analogous art, Sood discloses receive mobile network service provider configuration settings for a plurality of mobile network attributes for a mobile core network in a portal for a Secure Access Service Edge (SASE) cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
receive a security policy configured per user group and/or per user for a tenant for the SASE cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
activate an interconnect between the mobile core network and the SASE cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
route data plane traffic from the mobile core network and a RADIUS message to a load balancing endpoint for the SASE cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
process a RADIUS start message and populate synchronization data with a mobile user identity and IP mapping for the SASE cloud network (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy);
process the data plane traffic using a security processing node (SPN) in the SASE cloud network and applying the configured security policy for the tenant (Sood, paragraph 0034, security policy, communication; paragraph 0048, data plane, cloud service, communication; Secure Access Service Edge; paragraph 0049, UE, policy).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sood with the system/ method/ computer program product/ system of Koenning to include receive a security policy configured per user group and/or per user for a tenant for the SASE cloud network. One would have been motivated to provide users with the benefits of facilitating service to service communications. (Sood: paragraph 0002).
Claims 2, 3, 16, 17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Koenning (US20210258248), filed February 19, 2020, in view of Sood.(US20220329573), filed June 21, 2022, and further in view of Shaw (US20140141743), filed November 21, 2012
Regarding claim 2, Koenning and Sood disclose the system recited in claim 1.
Koenning and Sood disclose application identifier (Sood, paragraph 0042, application identifier).
Koenning and Sood do not explicitly disclose wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI).
However, in an analogous art, Shaw discloses wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI) (Shaw, paragraph 0050, international mobile subscriber identity, paragraph 0087, cloud service access, paragraph 0085, international mobile equipment identity).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shaw with the system/ method/ computer program product/ system of Koenning and Sood to include wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI). One would have been motivated to provide users with the benefits of configuring a network based on predicted use of a mobile device (Shaw: abstract).
Regarding claim 3, Koenning and Sood disclose the system recited in claim 1.
Koenning and Sood disclose application identifier (Sood, paragraph 0042, application identifier).
Koenning and Sood do not explicitly disclose wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI).
However, in an analogous art, Shaw discloses wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI) (Shaw, paragraph 0050, international mobile subscriber identity, paragraph 0087, cloud service access, paragraph 0085, international mobile equipment identity).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shaw with the system/ method/ computer program product/ system of Koenning and Sood to include wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI). One would have been motivated to provide users with the benefits of configuring a network based on predicted use of a mobile device (Shaw: abstract).
Regarding claim 16, Koenning and Sood disclose the method recited in claim 15.
Koenning and Sood disclose application identifier (Sood, paragraph 0042, application identifier).
Koenning and Sood do not explicitly disclose wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI).
However, in an analogous art, Shaw discloses wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI) (Shaw, paragraph 0050, international mobile subscriber identity, paragraph 0087, cloud service access, paragraph 0085, international mobile equipment identity)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shaw with the system/ method/ computer program product/ system of Koenning and Sood to include wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI). One would have been motivated to provide users with the benefits of configuring a network based on predicted use of a mobile device (Shaw: abstract).
Regarding claim 17, Koenning and Sood disclose the method recited in claim 15.
Koenning and Sood disclose application identifier (Sood, paragraph 0042, application identifier).
Koenning and Sood do not explicitly disclose wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI).
However, in an analogous art, Shaw discloses wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI) (Shaw, paragraph 0050, international mobile subscriber identity, paragraph 0087, cloud service access, paragraph 0085, international mobile equipment identity) .
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shaw with the system/ method/ computer program product/ system of Koenning and Sood to include wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI). One would have been motivated to provide users with the benefits of configuring a network based on predicted use of a mobile device (Shaw: abstract).
Regarding claim 19, Koenning and Sood disclose the computer program product recited in claim 18.
Koenning and Sood disclose application identifier (Sood, paragraph 0042, application identifier).
Koenning and Sood do not explicitly disclose wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI).
However, in an analogous art, Shaw discloses wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI) (Shaw, paragraph 0050, international mobile subscriber identity, paragraph 0087, cloud service access) (Sood, paragraph 0042, application identifier).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shaw with the system/ method/ computer program product/ system of Koenning and Sood to include wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity and an application identifier, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI). One would have been motivated to provide users with the benefits of configuring a network based on predicted use of a mobile device (Shaw: abstract).
Regarding claim 20, Koenning and Sood disclose the computer program product recited in claim 18.
Koenning and Sood disclose application identifier (Sood, paragraph 0042, application identifier).
Koenning and Sood do not explicitly disclose wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI).
However, in an analogous art, Shaw discloses wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI) (Shaw, paragraph 0050, international mobile subscriber identity, paragraph 0087, cloud service access, paragraph 0085, international mobile equipment identity).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shaw with the system/ method/ computer program product/ system of Koenning and Sood to include wherein the SASE cloud network includes a firewall as a service that is configured with a plurality of security policies based on a subscriber identity, a unique device identifier, and an application identifier, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI), and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI). One would have been motivated to provide users with the benefits of configuring a network based on predicted use of a mobile device (Shaw: abstract).
Claims 8 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Koenning (US20210258248), filed February 19, 2020, in view of Sood.(US20220329573), filed June 21, 2022, and further in view of Yadav (US20230100395), filed September 27, 2021
Regarding claim 8, Koenning and Sood disclose the system recited in claim 1.
Koenning and Sood do not explicitly disclose wherein selection and the enforcement of the security policy is based on the contextual information associated with the UE and the data plane traffic correlated with the UE based on a UE Internet Protocol (IP) address.
However, in an analogous art, Yadav discloses wherein selection and the enforcement of the security policy is based on the contextual information associated with the UE and the data plane traffic correlated with the UE based on a UE Internet Protocol (IP) address (Yadav, paragraph 0053, IP addresses, packet traffic, UE).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Yadav with the system/ method/ computer program product/ system of Koenning and Sood to include wherein selection and the enforcement of the security policy is based on the contextual information associated with the UE and the data plane traffic correlated with the UE based on a UE Internet Protocol (IP) address. One would have been motivated to provide users with the benefits of providing secure network connectivity (Yadav: paragraph 0017).
Regarding claim 12, Koenning and Sood disclose the system recited in claim 1.
Koenning and Sood do not explicitly disclose wherein each of a plurality of security policies is distinctly selected and enforced for each mobile service provider (MSP) enterprise tenant at the SASE cloud network, wherein per tenant security policy configuration and enforcement are provided by the SASE cloud network.
However, in an analogous art, Yadav discloses wherein each of a plurality of security policies is distinctly selected and enforced for each mobile service provider (MSP) enterprise tenant at the SASE cloud network, wherein per tenant security policy configuration and enforcement are provided by the SASE cloud network (Yadav, paragraph 0064, tenants, enterprise, policies).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Yadav with the system/ method/ computer program product/ system of Koenning and Sood to include wherein each of a plurality of security policies is distinctly selected and enforced for each mobile service provider (MSP) enterprise tenant at the SASE cloud network, wherein per tenant security policy configuration and enforcement are provided by the SASE cloud network. One would have been motivated to provide users with the benefits of providing secure network connectivity (Yadav: paragraph 0017).
Claims 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Koenning (US20210258248), filed February 19, 2020, in view of Sood.(US20220329573), filed June 21, 2022, and further in view of Jungck (US20100103837), filed November 12, 2009
Regarding claim 9, Koenning and Sood disclose the system recited in claim 1.
Koenning and Sood do not explicitly disclose wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform Uniform Resource Link (URL) filtering for the data plane traffic.
However, in an analogous art, Jungck discloses wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform Uniform Resource Link (URL) filtering for the data plane traffic (Jungck, paragraph 0184, firewall service, denial of service, intrusion detection, intrusion prevention, URL filtering service).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Jungck with the system/ method/ computer program product/ system of Koenning and Sood to include wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform Uniform Resource Link (URL) filtering for the data plane traffic. One would have been motivated to provide users with the benefits of more efficiently delivering content and services from providers to users and providing additional network throughput, reliability, security and fault tolerance (Jungck: paragraph 0007).
Regarding claim 10, Koenning and Sood disclose the system recited in claim 1.
Koenning and Sood do not explicitly disclose wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform application Denial of Service (DoS) detection for the data plane traffic.
However, in an analogous art, Jungck discloses wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform application Denial of Service (DoS) detection for the data plane traffic (Jungck, paragraph 0184, firewall service, denial of service, intrusion detection, intrusion prevention, URL filtering service).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Jungck with the system/ method/ computer program product/ system of Koenning and Sood to include wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform application Denial of Service (DoS) detection for the data plane traffic. One would have been motivated to provide users with the benefits of more efficiently delivering content and services from providers to users and providing additional network throughput, reliability, security and fault tolerance (Jungck: paragraph 0007).
Regarding claim 11, Koenning and Sood disclose the system recited in claim 1.
Koenning and Sood do not explicitly disclose wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform application Denial of Service (DoS) prevention for the data plane traffic.
However, in an analogous art, Jungck discloses wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform application Denial of Service (DoS) prevention for the data plane traffic (Jungck, paragraph 0184, firewall service, denial of service, intrusion detection, intrusion prevention, URL filtering service).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Jungck with the system/ method/ computer program product/ system of Koenning and Sood to include wherein a firewall as a service (FWaaS) associated with the SASE is configured to perform application Denial of Service (DoS) prevention for the data plane traffic. One would have been motivated to provide users with the benefits of more efficiently delivering content and services from providers to users and providing additional network throughput, reliability, security and fault tolerance (Jungck: paragraph 0007).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/W.J.M/ Examiner, Art Unit 2439
/LUU T PHAM/ Supervisory Patent Examiner, Art Unit 2439