EDGE-BASED POLYMORPHIC NETWORK WITH ADVANCED AGENTLESS SECURITY

DETAILED ACTION Claim Objections Claims 1-4 are objected to because of the same limitation “determining a type of the source based on the first and second characteristics” is identically repeated twice in the claims. Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-7 are rejected under 35 U.S.C. 103 as being unpatentable over Asawa et al. (US20220053375A1) in view of Mesnier et al. (US20220188028A1) and Maheve et al. (US20220272117A1). Regarding claim 1, Asawa discloses a method for dynamically instantiating a network function on a network, comprising (para [0024] shows an automation mechanism that may instantiate new services and configure CNFs (cloud-native network functions)): receiving, at a first network node, data packets ([Abstract] shows responsive to a network service request for service location identifiers, data from data sources may be processed; para [0045-0046] shows in order to meet the QoS (e.g., packet loss) dedicated bandwidth 244 may be established); determining, by the first network node, that the data packets include at least first and second characteristics (para [0008] shows the data may include indicia of data characteristics corresponding to one or more other data sources; para [0064] shows cellular network control system 301-1 may analyze the data characteristics to create or develop a data model corresponding to the one or more requests; para [0093] shows Load and Traffic characteristics); determining a type of the source based on the first and second characteristics (para [0008] shows indicia of data characteristics corresponding to one or more other data sources; para [0061] shows the information may include details such as data sources, type and latency of data, etc.; para [0062] shows the one or more source requests may include service location identifiers and/or quality of service (QoS) parameters); caching the data packets in a cache until the type of source is determined (para [0013] shows the indicia of data characteristics from the external entity may be collected (e.g., cached) over time; para [0052] shows the data model may be particularized to the particular client and requests, being a function of the data collected and analyzed; para [0061] shows the information may include details such as data sources, type and latency of data, etc.); based on determining the type of source, forwarding the data packets from the cache to a separate data lake available to other processing elements of the network (para [0060] shows a data lake may be determined by the network orchestrator 450 when a dynamic slice or service is instantiated and/or needed); determining, based on the first and second characteristics and based further on determining the type of the source that an additional network function is needed (para [0058] shows instantiating network slices, network services, and/or CNFs to be controlled as a function of the data characteristics); determining a type of the source based on the first and second characteristics (para [0008] shows indicia of data characteristics corresponding to one or more other data sources; para [0061] shows the information may include details such as data sources, type and latency of data, etc.; para [0062] shows the one or more source requests may include service location identifiers and/or quality of service (QoS) parameters); loading, by the processor, a node model for the additional network function (para [0028] shows onboarding using the cellular network model and the data model to instantiate a network slice and/or one or more network services as a function of the data characteristics; para [0058] shows instantiating network slices, network services, and/or CNFs to be controlled as a function of the data characteristics); instantiating the additional network function on the processor based on the node model (para [0028] shows onboarding using the cellular network model and the data model to instantiate a network slice and/or one or more network services as a function of the data characteristics); processing the data packets based using the additional network function (para [0061] shows cellular network control system 301-1 may get one or more types of slices, services, and/or CNF corresponding to the one or more source requests); and automatically destroying the additional network function on the processor upon detection of a trigger (para [0022] shows a process is terminated when its operations are completed; para [0025] shows network orchestration including onboarding, instantiating, operating and terminating the services as well as managing their life cycles; para [0130] shows cellular network control system 301-1 may continue to detect network changes and/or client data use changes). Asawa fails to teach: the first network node comprises a neuromorphic processor; the data packets are received through a first zero trust interface at the first network node, the data packets are sent to the cache through a second zero trust interface, and the data packets are forwarded to the separate data lake through a secure interface. However, Mesnier discloses the first network node comprises a neuromorphic processor (para [0525] shows “network function virtualization” (or NFV); para [0651] shows the node 5850 may be embodied by neuromorphic hardware.) It would have been obvious to one of ordinary skill in the at the time the invention was effectively filed to modify the method of Asawa with the teaching of Mesnier in order to accomplish one or more specialized tasks. These tasks may include AI processing (including machine learning, training, inferencing, and classification operations), visual data processing, network data processing, object detection, rule analysis, or the like. (Mesnier; para [0651]). Asawa-Mesnier as combined fails to teach: the data packets are received through a first zero trust interface at the first network node, the data packets are sent to the cache through a second zero trust interface, and the data packets are forwarded to the separate data lake through a secure interface. However Maheve, in an analogous art (para [0002] shows network security in zero trust network environments; para [0032] shows a client such as an endpoint 22 outside the enterprise facility; para [0085] shows a Zero Trust Network Access (ZTNA) environment relies on authentication of endpoints 144 on a resource-by-resource basis), discloses: the data packets are received through a first zero trust interface [zero trust endpoint access to a gateway] at the first network node [ZTNA gateway] (para [0003] shows ZTNA assume that there is no implicit trust applied to users and devices trying to access enterprise resources. Instead, a typical ZTNA solution provide a software-defined perimeter for enterprise resources by separately authenticating each endpoint to each requested resource; para [0007] shows an endpoint in a zero trust network access environment (e.g., through a first zero trust interface) to a gateway to access a zero trust application of an enterprise network), the data packets are sent to the cache through a second zero trust interface [gateway to threat management facility] (para [0007, 0096] shows a connection (e.g., through a second zero trust interface) of the gateway to the threat management facility to facilitate authenticating users as well as verifying if a request for access is allowed; para [0008] shows storing connection information in a memory associated with the threat management facility; para [0030] shows the identity provider may offer user authentication as a service; para [0088] shows the connection data storage facility 224 may maintain the data in this storage facility 224 for managing and/or monitoring the integrity of connections between end users and protected resources), and the data packets are forwarded [if the user has been authenticated] to the separate data lake [protected data store] through a secure interface [encrypted WebSocket channel] (para [0082] shows an endpoint 144 may be separated from a protected resource 214 such as a data store by a gateway 210; the gateway manages access to the protected resource 214; para [0097] shows traffic for the protected resource 214 can be sent over an encrypted WebSocket channel if the user has been authenticated.) It would have been obvious to one of ordinary skill in the at the time the invention was effectively filed to modify the method of Asawa-Mesnier regarding an agile automation mechanism that may instantiate new CNFs (cloud-native network functions) responsive to security operations (Asawa; para [0024]) with the teaching Maheve regarding instantiating a new ZTNA gateway for providing secure access to a protected resource 214 (Maheve; para [0083]) in order to ensure network security in cloud-based and zero trust network environments (Maheve; para [0002]). Regarding claim 2, Asawa-Mesnier-Maheve as applied to claim 1 discloses the trigger comprises expiration of a period of nonuse of the additional network function (Asawa; para [0022] shows a process is terminated when its operations are completed; para [0048] shows a particular client may have a reserved “slice” of the available radio resource blocks; when user equipment of the client are not using their reserved bandwidth, the bandwidth may be used to service user equipment of other client; para [0025] shows network orchestration including terminating the services as well as managing their life cycles; para [0053] shows each component of the cellular network periodically sends status data to cellular network control system; para [0130] shows while cellular network control system 301-1 may instantiate particular slices, cellular network control system 301-1 may continue to detect network changes and/or client data use changes.) Regarding claim 3, Asawa-Mesnier-Maheve as applied to claim 1 discloses: sending a notification to a monitoring system; and receiving approval from the monitoring system prior to forwarding the data packets from the cache to the separate data lake (Maheve; para [0082] shows an endpoint 144 may be separated from a protected resource 214 such as a data store by a gateway 210; the gateway manages access to the protected resource 214; para [0097] shows traffic for the protected resource 214 can be sent over an encrypted WebSocket channel if the user has been authenticated.) Regarding claim 4, Asawa-Mesnier-Maheve as applied to claim 1 discloses the data packets are received by the first network node from a source device, further comprising causing the node model for the additional network function to be installed at the source device (Maheve; para [0126] shows the method 700 may include creating a supplemental drive image for the managed device. The supplemental drive image may include configuration information and the one-time passcode for registering the managed device. In general, the base image may be configured to boot using data from a second drive. By mounting the supplemental drive image as the second drive, the base image may be used to boot a virtual (or physical) device, and may use configuration information from the supplemental drive image when booting. Thus, a standard or universal base image may be customized for each new instance by using the supplemental drive image to provide custom or unique configuration information.) Regarding claims 5-6, claims 5-6 are directed to a system. Claims 5-6 require limitations that are similar to those recited in the method claims 1-2 to carry out the method steps. And since the references of Asawa-Mesnier-Maheve combined teach the system that carries out the method including limitations required to carry out the method steps, therefore method claims 5-6 would have also been obvious in view of the method disclosed in Asawa-Mesnier-Maheve combined. Furthermore, Asawa-Mesnier-Maheve as combined discloses memory, operatively connected to the neuromorphic processor and containing instructions that, when executed by the neuromorphic processor, cause the first network node to perform a method (Mesnier; para [0651-0657]). Regarding claim 7, Asawa-Mesnier-Maheve as applied to claim 5 discloses the method further comprises: determining, by the first network node, whether the additional network function is available on a second node (Asawa; para [0062] shows the one or more requests may include one or more service location identifiers that the control system may map to one or more radio service locations. Service location identifiers may include any suitable indicator of location for the requested slice(s) and/or service(s)); and when the additional network function is available on the second network node, determining whether a network distance from the first network node to the second network node is greater than a threshold latency (Asawa; para [0062] shows maximum latency (per user equipment or average) by location (to a particular server system)); wherein instantiating the additional network function on the neuromorphic processor is based on determining that the network distance from the first network node to the second network node is greater than the threshold latency (Asawa; para [0062] shows the network slice and/or the one or more network services provided by cellular network control system 301-1 may correspond to the network slice conforming to the one or more parameters and the one or more service location identifiers.) Citation of Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. McNamee et al. (US20170104609A1) discloses in para [0068] the virtualized network function (VNF) manager component 152 may create and deploy a plurality of VNF components 112 that collectively make up the entire end-to-end network for a service; para [0071] shows each of the VNF components 112 to implement a specific network function; para [0072] shows the VNF components 112 may be virtualized routers, virtualized gateways, etc.; para [0180] shows a VNF components may be instantiated for a service requested by a client. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAN DOAN whose telephone number is (571)270-0162. The examiner can normally be reached Monday - Friday 8am - 5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie, can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TAN DOAN/Primary Examiner, Art Unit 2445