Prosecution Insights
Last updated: July 17, 2026
Application No. 19/052,096

SECURING CONTROL AND USER PLANE SEPARATION IN MOBILE NETWORKS

Non-Final OA §103
Filed
Feb 12, 2025
Priority
Jun 30, 2020 — continuation of 11/689,502 +1 more
Examiner
NIPA, WASIKA
Art Unit
Tech Center
Assignee
Palo Alto Networks Inc.
OA Round
1 (Non-Final)
75%
Grant Probability
Favorable
1-2
OA Rounds
1y 5m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
233 granted / 309 resolved
+15.4% vs TC avg
Strong +29% interview lift
Without
With
+29.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
19 currently pending
Career history
325
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
94.5%
+54.5% vs TC avg
§102
2.2%
-37.8% vs TC avg
§112
1.1%
-38.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 309 resolved cases

Office Action

§103
Detailed Action The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is the initial office action that has been issued in response to patent application, 19/052,096, filed on 02/12/2025. Claims 2-41 are currently pending and have been considered below. Claim 2, 14, 21, 22, 32 and 41 are independent claim. Claim 1 has been cancelled. Information Disclosure Statement The information disclosure statements (IDS's) submitted on 06/16/2025 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Priority This application is a CON of application No. 18/314,023 filed on 05/08/2023 and US Patent No. 12,255,874 B2. Application 18/314,023 is a CON of application No 16/917,490 filed on 06/30/2020 and US Patent No 11,689,502 B2. Drawings The drawings filed on 02/12/2025 are accepted by the examiner. Claim Objections The claim 2, 14, 21 recite “allow set up of the GTP-U tunnel”. The claim has antecedent basis issue. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 2, 14, 21, 22, 32 and 41 are non-provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of application No 16/917,490 (US Patent No 11,689,502 B2). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the patented application contains every element of claims of the instant application. A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a 35 patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). Claims 2, 14, 21, 22, 32 and 41 are non-provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of application 16/917,490 (US Patent No 11,689,502 B2). This is a nonstatutory anticipation type double patenting rejection. This is a non-provisional non-statutory double patenting rejection because the conflicting claims have already got patented. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 2-9, 14-27, 32-37 and 41 are rejected under 35 U.S.C. 103 as being unpatentable over Panchal (US Patent Application No 2021/0136870 A1) in view of Yasukawa (US Patent Application Publication No 2019/0349791 A1). Regarding Claim 2, Panchal discloses a system, comprising: a processor configured to (Panchal, ¶[0080], Fig-8): monitor network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); extract a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and enforce a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced); and obtain an IP address of the user plane and a tunnel endpoint identifier (TEID) range from the network traffic (Panchal, ¶[0068], the address for the endpoint may be identified with a Tunnel Endpoint Identifier (“TEID”), an IP address, and/or a port number); and a memory coupled to the processor and configured to provide the processor with instructions (Panchal, ¶[0080], Fig-8). Panchal does not explicitly teach the following limitation that Yasukawa teaches: allow set up of the GTP-U tunnel matching the TEID range with the IP address (Yasukawa, ¶[0028], ¶[0033], first server 105 establishes a U-plane GTP tunnel (GTP-U). ¶[0044]- ¶[0045], a GTP tunnel can be identified by a TEID. Control server may monitor the TEID assigned by each first server and may select the second server to which the packet is transferred to prevent interference between the GTP tunnel). Panchal in view of Yasukawa are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Yasukawa to include the idea of an integrated solution to include a routing policy defined by a routing table for access limitation. As a result the UE which can access the external private network cannot be limited (Yasukawa, ¶[0050]). Regarding Claim 3, Panchal in view of Yasukawa discloses the system recited in claim 2, wherein the allowing of the GTP-U tunnel comprises to: compare the IP address with the valid range of TEIDs (Panchal, ¶[0068], the address for the endpoint may be identified with a Tunnel Endpoint Identifier (“TEID”), an IP address, and/or a port number. Also Yasukawa, ¶[0042]-¶[0044]). Regarding Claim 4, Panchal in view of Yasukawa discloses the system recited in claim 2, wherein the enforcing of the security policy comprises to: determine whether a rate of PFCP messages is greater than or equal to a message rate threshold (Panchal, ¶[0026], the profile information may include identifiers (e.g., QCI, SPID, ARP, etc.) that identify applications and/or services that are permitted for and/or accessible by the subscriber, identifying information for UE 110 (e.g., MDN, IMSI, IMEI, etc.), bandwidth or data rate thresholds associated with the applications and/or services); and in response to a determination that the rate of PFCP messages is greater than or equal to the message rate threshold, limit the rate of PFCP messages (Panchal, ¶[0026], the profile information may include identifiers (e.g., QCI, SPID, ARP, etc.) that identify applications and/or services that are permitted for and/or accessible by the subscriber, identifying information for UE 110 (e.g., MDN, IMSI, IMEI, etc.), bandwidth or data rate thresholds associated with the applications and/or services). Regarding Claim 5, Panchal in view of Yasukawa discloses the system recited in claim 2, wherein the plurality of parameters extracted from the PFCP message at the security platform further include a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). Regarding Claim 6, Panchal in view of Yasukawa discloses the system recited in claim 2, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced). Regarding Claim 7, Panchal in view of Yasukawa discloses the system recited in claim 2, wherein the processor is further configured to: parse the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0068]). Regarding Claim 8, Panchal in view of Yasukawa discloses the system recited in claim 2, wherein the processor is further configured to: parse the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0032]- ¶[0034]). Regarding Claim 9, Panchal in view of Yasukawa discloses the system recited in claim 2, wherein the security platform monitors network traffic to and/or in a core network for a 5G network to secure control and user plane separation in the mobile network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function). Regarding Claim 14, Panchal discloses a method, comprising: monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network, comprising (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced): obtaining an IP address of the user plane and a tunnel endpoint identifier (TEID) range from the network traffic (Panchal, ¶[0068], the address for the endpoint may be identified with a Tunnel Endpoint Identifier (“TEID”), an IP address, and/or a port number); and Panchal does not explicitly teach the following limitation that Yasukawa teaches: allowing set up of the GTP-U tunnel matching the TEID range with the IP address (Yasukawa, ¶[0028], ¶[0033], first server 105 establishes a U-plane GTP tunnel (GTP-U). ¶[0044]- ¶[0045], a GTP tunnel can be identified by a TEID. Control server may monitor the TEID assigned by each first server and may select the second server to which the packet is transferred to prevent interference between the GTP tunnel). Panchal in view of Yasukawa are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Yasukawa to include the idea of an integrated solution to include a routing policy defined by a routing table for access limitation. As a result the UE which can access the external private network cannot be limited (Yasukawa, ¶[0050]). Regarding Claim 15, Panchal in view of Yasukawa discloses the method recited in claim 14, wherein the allowing of the GTP-U tunnel comprises: comparing the IP address with the valid range of TEIDs (Panchal, ¶[0068], the address for the endpoint may be identified with a Tunnel Endpoint Identifier (“TEID”), an IP address, and/or a port number. Also Yasukawa, ¶[0042]-¶[0044]). Regarding Claim 16, Panchal in view of Yasukawa discloses the method recited in claim 14, wherein the enforcing of the security policy comprises: determining whether a rate of PFCP messages is greater than or equal to a message rate threshold (Panchal, ¶[0026], the profile information may include identifiers (e.g., QCI, SPID, ARP, etc.) that identify applications and/or services that are permitted for and/or accessible by the subscriber, identifying information for UE 110 (e.g., MDN, IMSI, IMEI, etc.), bandwidth or data rate thresholds associated with the applications and/or services); and in response to a determination that the rate of PFCP messages is greater than or equal to the message rate threshold, limiting the rate of PFCP messages (Panchal, ¶[0026], the profile information may include identifiers (e.g., QCI, SPID, ARP, etc.) that identify applications and/or services that are permitted for and/or accessible by the subscriber, identifying information for UE 110 (e.g., MDN, IMSI, IMEI, etc.), bandwidth or data rate thresholds associated with the applications and/or services). Regarding Claim 17, Panchal in view of Yasukawa discloses the method recited in claim 14, wherein the plurality of parameters extracted from the PFCP message at the security platform further include a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). Regarding Claim 18, Panchal in view of Yasukawa discloses the method recited in claim 14, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced). Regarding Claim 19, Panchal in view of Yasukawa discloses the method recited in claim 14, further comprising: parsing the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0068]). Regarding Claim 20, Panchal in view of Yasukawa discloses the method recited in claim 14, further comprising: parsing the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0032]- ¶[0034]). Regarding Claim 21, Panchal discloses a computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network, comprising (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced): obtaining an IP address of the user plane and a tunnel endpoint identifier (TEID) range from the network traffic (Panchal, ¶[0068], the address for the endpoint may be identified with a Tunnel Endpoint Identifier (“TEID”), an IP address, and/or a port number); and Panchal does not explicitly teach the following limitation that Yasukawa teaches: allowing set up of the GTP-U tunnel matching the TEID range with the IP address (Yasukawa, ¶[0028], ¶[0033], first server 105 establishes a U-plane GTP tunnel (GTP-U). ¶[0044]- ¶[0045], a GTP tunnel can be identified by a TEID. Control server may monitor the TEID assigned by each first server and may select the second server to which the packet is transferred to prevent interference between the GTP tunnel). Panchal in view of Yasukawa are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Yasukawa to include the idea of an integrated solution to include a routing policy defined by a routing table for access limitation. As a result the UE which can access the external private network cannot be limited (Yasukawa, ¶[0050]). Regarding Claim 22, Panchal discloses a system, comprising: a processor configured to: monitor network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); extract a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and enforce a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network, comprising to (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced): in the event that the number of PFCP messages monitored over the period of time exceeds a rate limiting threshold, prevent additional PFCP messages from passing through the security platform (Panchal, ¶[0026], the profile information may include identifiers (e.g., QCI, SPID, ARP, etc.) that identify applications and/or services that are permitted for and/or accessible by the subscriber, identifying information for UE 110 (e.g., MDN, IMSI, IMEI, etc.), bandwidth or data rate thresholds associated with the applications and/or service); and a memory coupled to the processor and configured to provide the processor with instructions (Panchal, ¶[0080], Fig-8). Panchal does not explicitly teach the following limitation that Yasukawa teaches: determine a number of PFCP messages monitored over a period of time (Yasukawa, ¶[0038], time stamp indicating data reception time). Panchal in view of Yasukawa are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Yasukawa to include the idea of an integrated solution to include a routing policy defined by a routing table for access limitation. As a result the UE which can access the external private network cannot be limited (Yasukawa, ¶[0050]). Regarding Claim 23, Panchal in view of Yasukawa discloses the system recited in claim 22, wherein the plurality of parameters extracted from the PFCP message at the security platform include a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). Regarding Claim 24, Panchal in view of Yasukawa discloses the he system recited in claim 22, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced). Regarding Claim 25, Panchal in view of Yasukawa discloses the system recited in claim 22, wherein the processor is further configured to: parse the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0032]- ¶[0068]). Regarding Claim 26, Panchal in view of Yasukawa discloses the system recited in claim 22, wherein the processor is further configured to: parse the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0032]- ¶[0034]). Regarding Claim 27, Panchal in view of Yasukawa discloses the system recited in claim 22, wherein the security platform monitors network traffic to and/or in a core network for a 5G network to secure control and user plane separation in the mobile network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function). Regarding Claim 32, Panchal discloses a method, comprising: monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network, comprising: determining a number of PFCP messages monitored over a period of time (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced); and in the event that the number of PFCP messages monitored over the period of time exceeds a rate limiting threshold, preventing additional PFCP messages from passing through the security platform (Panchal, ¶[0026], the profile information may include identifiers (e.g., QCI, SPID, ARP, etc.) that identify applications and/or services that are permitted for and/or accessible by the subscriber, identifying information for UE 110 (e.g., MDN, IMSI, IMEI, etc.), bandwidth or data rate thresholds associated with the applications and/or service). Panchal does not explicitly teach the following limitation that Yasukawa teaches: determine a number of PFCP messages monitored over a period of time (Yasukawa, ¶[0038], time stamp indicating data reception time). Panchal in view of Yasukawa are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Yasukawa to include the idea of an integrated solution to include a routing policy defined by a routing table for access limitation. As a result the UE which can access the external private network cannot be limited (Yasukawa, ¶[0050]). Regarding Claim 33, Panchal in view of Yasukawa discloses the method of claim 32, wherein the plurality of parameters extracted from the PFCP message at the security platform include a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). Regarding Claim 34, Panchal in view of Yasukawa discloses the method of claim 32, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced). Regarding Claim 35, Panchal in view of Yasukawa discloses the method of claim 32, further comprising: parsing the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0068]). Regarding Claim 36, Panchal in view of Yasukawa discloses the method of claim 32, further comprising: parsing the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0032]- ¶[0034]). Regarding Claim 37, Panchal in view of Yasukawa discloses the method of claim 32, wherein the security platform monitors network traffic to and/or in a core network for a 5G network to secure control and user plane separation in the mobile network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function). Regarding Claim 41, Panchal discloses a computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network, comprising (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced): in the event that the number of PFCP messages monitored over the period of time exceeds a rate limiting threshold, preventing additional PFCP messages from passing through the security platform (Panchal, ¶[0026], the profile information may include identifiers (e.g., QCI, SPID, ARP, etc.) that identify applications and/or services that are permitted for and/or accessible by the subscriber, identifying information for UE 110 (e.g., MDN, IMSI, IMEI, etc.), bandwidth or data rate thresholds associated with the applications and/or service). Panchal does not explicitly teach the following limitation that Yasukawa teaches: determining a number of PFCP messages monitored over a period of time (Yasukawa, ¶[0038], time stamp indicating data reception time). Panchal in view of Yasukawa are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Yasukawa to include the idea of an integrated solution to include a routing policy defined by a routing table for access limitation. As a result the UE which can access the external private network cannot be limited (Yasukawa, ¶[0050]). Claim 10-13, 28-31, 38-40 are rejected under 35 U.S.C. 103 as being unpatentable over Panchal (US Patent Application No 2021/0136870 A1) in view of Yasukawa (US Patent Application Publication No 2019/0349791 A1) and further in view of Jain (US Patent Application Publication No 2015/0095969 A1). Regarding Claim 10, Panchal in view of Yasukawa does not disclose the following limitations that Jain teaches: the system recited in claim 2, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031], Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). Panchal in view of Yasukawa and Jain are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Yasukawa and Jain to include the idea of an integrated solution to the distributed denial of service attacks mitigation for a large network by applying attack mitigation policies. Regarding Claim 11, Panchal in view of Yasukawa and Jain discloses the system recited in claim 2, wherein the security platform is configured to perform detection and prevention of Session Endpoint Identifier (SEID) Spoofing attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031], Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). Regarding Claim 12, Panchal in view of Yasukawa and Jain discloses the system recited in claim 2, wherein the processor is further configured to: block the new session from accessing a resource based on the security policy (Jain, ¶[0059], the DDOS attack mitigation appliance may send the granular traffic information, packet drop statistics to the central controller so that the controller may adjust the mitigation policies). Regarding Claim 13, Panchal in view of Yasukawa and Jain discloses the system recited in claim 2, wherein the processor is further configured to: allow the new session to access a resource based on the security policy (Jain, ¶[0024], within the data plane, the DDoS attack mitigation appliance decides whether to drop or to allow incoming packets based on behavioral policies set by the DDoS attack mitigation central controller). Regarding Claim 28, Panchal in view of Yasukawa and Jain discloses the system recited in claim 22, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031], Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). Regarding Claim 29, Panchal in view of Yasukawa and Jain discloses the system recited in claim 22, wherein the security platform is configured to perform detection and prevention of Session Endpoint Identifier (SEID) Spoofing attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031], Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). Regarding Claim 30, Panchal in view of Yasukawa and Jain discloses the system recited in claim 22, wherein the processor is further configured to: block the new session from accessing a resource based on the security policy (Jain, ¶[0059], the DDOS attack mitigation appliance may send the granular traffic information, packet drop statistics to the central controller so that the controller may adjust the mitigation policies). Regarding Claim 31, Panchal in view of Yasukawa and Jain discloses the system recited in claim 22, wherein the processor is further configured to: allow the new session to access a resource based on the security policy (Jain, ¶[0024], within the data plane, the DDoS attack mitigation appliance decides whether to drop or to allow incoming packets based on behavioral policies set by the DDoS attack mitigation central controller). Regarding Claim 38, Panchal in view of Yasukawa and Jain discloses the method of claim 32, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031], Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). Regarding Claim 39, Panchal in view of Yasukawa and Jain discloses the method of claim 32, wherein the security platform is configured to perform detection and prevention of Session Endpoint Identifier (SEID) Spoofing attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031], Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). Regarding Claim 40, Panchal in view of Yasukawa and Jain discloses the method of claim 32, further comprising: allowing or blocking the new session from accessing a resource based on the security policy (Jain, ¶[0024], within the data plane, the DDoS attack mitigation appliance decides whether to drop or to allow incoming packets based on behavioral policies set by the DDoS attack mitigation central controller). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892). Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923. The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /WASIKA NIPA/ Primary Examiner, Art Unit 2433
Read full office action

Prosecution Timeline

Feb 12, 2025
Application Filed
Sep 10, 2025
Response after Non-Final Action
Jun 03, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12677154
ZERO-TOUCH SECURE DNS DEVICE PROVISIONING
3y 0m to grant Granted Jul 07, 2026
Patent 12647408
CONTRIBUTOR VERIFICATION IN A DECENTRALIZED NETWORK
2y 9m to grant Granted Jun 02, 2026
Patent 12647456
PREVENTION OF MAN-IN-THE-MIDDLE PHISHING
2y 1m to grant Granted Jun 02, 2026
Patent 12641119
Systems and Methods for Detection of Phishing Webpages Through Autoencoder Techniques
2y 0m to grant Granted May 26, 2026
Patent 12625953
ADAPTIVE META-ATTACK SYSTEM AND METHOD FOR TARGET TRACKER UNDER AUTONOMOUS DRIVING SCENARIOS
1y 8m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
75%
Grant Probability
99%
With Interview (+29.1%)
2y 10m (~1y 5m remaining)
Median Time to Grant
Low
PTA Risk
Based on 309 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month