Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are pending in this office action.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on November 15, 2024, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to the abstract idea of network security and traffic management. Specifically, the claims describe receiving, processing, and routing traffic flows (east-west and north-south) based on security policies. This falls under the category of "certain organized human activity" and "data manipulation" that has been historically performed by human network administrators or standard automated systems. The claims do not provide an "inventive concept" sufficient to transform the abstract idea into a patent-eligible application. The components (cloud nodes, switches, endpoints) are recited at a high level of generality. The security processing functions (NAC, DNS, DHCP, SIEM) listed in Claim 4 are well-known, routine services in the industry. Performing these routine services in a cloud environment instead of on-premises (as noted in Claim 5) represents a change in the location of the processing, not a fundamental change in the technology of the computer or network itself. As a result, the claims are directed to the abstract idea of managing communication security on a generic computer network and are therefore ineligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chiganmi et al. (U.S. Patent No. 11,412,051) in view of Panchal et al. (U.S. Patent No. 10,819,630).
Regarding claims 1 and 10, Chiganmi et al. teaches a cloud system comprising one or more nodes configured to: responsive to isolating each endpoint of a plurality of endpoints receive east-west and north-south traffic flows associated with the plurality of endpoints from the branch network (col. 11, lines 28-40); perform security processing on the east-west and north-south traffic flows (col. 10, line 54 through col. 11, line 14 and col. 16, lines 3-25); and route the east-west and north-south traffic flows accordingly, subsequent to the security processing (col. 14, lines 10-17).
Chiganmi et al. does not teach in a branch network at Layer 2.
Panchal et al. teaches in a branch network at Layer 2 (col. 19, lines 32-50).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine branching at Layer 2, as taught by Panchal et al., with the method of Chiganmi et al. It would have been obvious for such modifications to ensure that every endpoint in a branch is logically isolated at Layer 2 to prevent unauthorized lateral movement.
Regarding claims 2, 11, and 20, Chiganmi et al. teaches wherein the security processing is based on one or more security applications selectively configured for the east-west and north-south traffic flows (col. 14, lines 25-34).
Regarding claims 3 and 12, Chiganmi et al. teaches wherein the security processing includes secure service edge (SSE) or secure access service edge (SASE) functionality along with one or more additional services (col. 9, lines 1-12).
Regarding claims 4 and 13, Chiganmi et al. teaches wherein the security processing includes any of network access control (NAC), DDI (domain name system (DNS), dynamic host configuration protocol (DHCP), and Internet Protocol (IP) Address Management, network detection and response (NDR), and security information and event management (SIEM) (col. 10, lines 18-45).
Regarding claims 5 and 14, Chiganmi et al. teaches wherein the branch network excludes on premises appliances or security services (col. 3, lines 29-41).
Regarding claims 6 and 15, Chiganmi et al. teaches wherein the east-west and north-south traffic flows are configured through a switch to the cloud system except inter-virtual local area network (VLAN) Layer 2 Broadcast, Unknown Unicast, and Multicast (BUM) which stays local on the branch network (col. 5, line 63 through col. 6, line 26).
Regarding claims 7 and 16, Chiganmi et al. teaches wherein the east-west traffic flows are sent via a switch through the cloud where the east-west traffic flows are between two endpoints on the branch network (col. 5, line 63 through col. 6, line 26).
Regarding claims 8 and 17, Chiganmi et al. as modified by Panchal et al. teaches wherein each of the plurality of endpoints are isolated based on a subnet mask placing each endpoint in its own subnet (see col. 22, line 53 through col. 23, line 20 of Panchal et al.).
Regarding claims 9 and 18, Chiganmi et al. teaches wherein the east-west and north-south traffic flows are received based on encapsulating ethernet traffic inside one of a plurality of Layer 3 tunnels established between the switch and the cloud system (claim 17 and 19).
Regarding claim 19, Chiganmi et al. teaches an edge switch in a branch network including a plurality of endpoints, the edge switch comprising circuitry configured to: isolate each endpoint of a plurality of endpoints (col. 11, lines 28-40); transmit east-west and north-south traffic flows associated with the plurality of endpoints to a cloud system where security processing is performed on the east-west and north-south traffic flows (col. 10, line 54 through col. 11, line 14 and col. 16, lines 3-25); and receive traffic based on the east-west and north-south traffic flows accordingly, subsequent to the security processing (col. 14, lines 10-17).
Chiganmi et al. does not teach in a branch network at Layer 2.
Panchal et al. teaches in a branch network at Layer 2 (col. 19, lines 32-50).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine branching at Layer 2, as taught by Panchal et al., with the method of Chiganmi et al. It would have been obvious for such modifications to ensure that every endpoint in a branch is logically isolated at Layer 2 to prevent unauthorized lateral movement.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863. The examiner can normally be reached Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433