Prosecution Insights
Last updated: July 17, 2026
Application No. 19/200,447

SYSTEMS AND METHODS FOR IMPROVING FUNCTIONALITY AND REMOTE MANAGEMENT OF COMPUTING RESOURCES DEPLOYED IN A CONTROLLED HIERARCHICAL NETWORK

Non-Final OA §103
Filed
May 06, 2025
Priority
Oct 14, 2022 — continuation of 12/335,145
Examiner
SHIN, KYUNG H
Art Unit
Tech Center
Assignee
Microsoft Technology Licensing, LLC
OA Round
1 (Non-Final)
82%
Grant Probability
Favorable
1-2
OA Rounds
1y 9m
Est. Remaining
93%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allowance Rate
796 granted / 970 resolved
+22.1% vs TC avg
Moderate +11% lift
Without
With
+10.8%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
21 currently pending
Career history
984
Total Applications
across all art units

Statute-Specific Performance

§101
0.8%
-39.2% vs TC avg
§103
86.4%
+46.4% vs TC avg
§102
11.6%
-28.4% vs TC avg
§112
0.2%
-39.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 970 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 1. Claims 1 - 20 are pending. Claims 1, 14, 20 are independent. File date on 5-6-2025. Claim Rejections - 35 USC § 103 2. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 3. Claims 1, 11, 14, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner et al. (Patent No. WO 2012/062365 A1) in view of Kung et al (US PGPUB No. 20180234459). Regarding Claim 1, 14, 20, Hochleitner discloses a computer-implemented method for onboarding a hierarchical network to a cloud computing system and a system and a non-transitory computer-readable storage medium, comprising: a) maintaining a hierarchical network that includes a top network level and a lower network level, wherein the top network level and the lower network level are isolated from each other, and wherein the top network level communicates with the lower network level via a top network level gateway service and a secure connection. (Hochlietner page 3, l 20 - page 4, l 11: The object is achieved by a method for data transmission in a hierarchical data network; bidirectional data transmission in a hierarchical data network is described, which comprises at least one higher-level data processing device and at least one subordinate data processing device (multiple levels for network communications); wherein at the beginning of a data transfer between the higher-level data processing device and one of the subordinate data processing devices, the respective data-supplying data processing device; query telegram to the respective data-receiving data processing device is sent and the data-receiving data processing device thereupon a response message to the data-supplying data processing device sends, which is the available in the data-receiving data processing device at this time storage capacity for data telegrams includes, whereupon the data-supplying data processing device as many as possible Data telegrams sends that this storage capacity is not exceeded) Hochlietner does not explicitly disclose for b) onboarding a top network level remote agent to the top network level, and for c) mapping the top network level to the cloud computing system, and for d) onboarding a lower network level remote agent to the lower network level, and for e) mapping the lower network level to the cloud computing system, wherein the mapping of the hierarchical network preserves a hierarchical relationship between the top network level and the lower network level. However, Kung discloses wherein generating a mapping of the hierarchical network on the cloud computing system by: b) onboarding a top network level remote agent to the top network level; (Kung ¶ 052: The same types of information agents communicate in a way similar to communications taking place over IP networks using, for example, TCP connections. As indicated by arrows 238, 240 and 242, messages are sent between the contextual security platforms in the agents (onboard remote agents). This information preferably includes receiving from the agents information similar to the exchanged with the cloud service providers namely information on the resource and data flows to and from the resource, as represented by arrows 238 and 240. It also preferably includes the ability to configure native security mechanisms that are part of that resource by sending messages to the agent containing configuration information, as represented by arrow 242.; (agents controlling communication between network objects at different levels)) c) mapping the top network level to the cloud computing system; (Kung ¶ 014: In yet another aspect of a representative security system, the processes automatically map application level security policy specifications into network level security enforcement rules that are provisioned automatically to one or more network security enforcement mechanisms at different points of the system infrastructure, including network devices, operating systems, hypervisors, and public and private cloud provider.; (mapping between network level and cloud service)) d) onboarding a lower network level remote agent to the lower network level; (Kung ¶ 052: The same types of information agents communicate in a way similar to communications taking place over IP networks using, for example, TCP connections. As indicated by arrows 238, 240 and 242, messages are sent between the contextual security platforms in the agents (onboard remote agents). This information preferably includes receiving from the agents information similar to the exchanged with the cloud service providers namely information on the resource and data flows to and from the resource, as represented by arrows 238 and 240. It also preferably includes the ability to configure native security mechanisms that are part of that resource by sending messages to the agent containing configuration information, as represented by arrow 242.; (agents controlling communication between network objects at different levels))) and e) mapping the lower network level to the cloud computing system, wherein the mapping of the hierarchical network preserves a hierarchical relationship between the top network level and the lower network level. (Kung ¶ 014: In yet another aspect of a representative security system, the processes automatically map application level security policy specifications into network level security enforcement rules that are provisioned automatically to one or more network security enforcement mechanisms at different points of the system infrastructure, including network devices, operating systems, hypervisors, and public and private cloud provider.) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for b) onboarding a top network level remote agent to the top network level, and for c) mapping the top network level to the cloud computing system, and for d) onboarding a lower network level remote agent to the lower network level, and for e) mapping the lower network level to the cloud computing system, wherein the mapping of the hierarchical network preserves a hierarchical relationship between the top network level and the lower network level as taught by Kung. One of ordinary skill in the art would have been motivated to employ the teachings of Kung for the benefits achieved from the flexibility of a system that enables multiple networking configurations to communicate utilizing the operational network environment. (Kung ¶ 052; ¶ 014) Furthermore, for Claim 14, Kung discloses wherein a processor; and a computer memory including instructions that, when executed by the processor, cause the system to perform operations. (Kung ¶ 035: The systems and processes described below are implemented using software programs running on programmable computers. A programmable computer is a machine that is, in general terms, typically comprised of at least memory for storing one or more programs of instructions and a processor, such as a central processing unit (CPU), for performing a sequence of arithmetical and logical operations based on the program instructions stored or otherwise read or received by the computer.) Furthermore, for Claim 20, Kung discloses wherein a non-transitory computer-readable storage medium comprising instructions that, when executed by a processor, cause a computing device to carry out operations. (Kung ¶ 035: The systems and processes described below are implemented using software programs running on programmable computers. A programmable computer is a machine that is, in general terms, typically comprised of at least memory for storing one or more programs of instructions and a processor, such as a central processing unit (CPU), for performing a sequence of arithmetical and logical operations based on the program instructions stored or otherwise read or received by the computer.) Regarding Claim 11, Hochleitner-Kung discloses the computer-implemented method of claim 1, further comprising providing data generated by a service from a first gateway service on the lower network level to a second gateway service on the top network level via a first secure connection. (Hochlietner page 3, l 20 - page 4, l 11: The object is achieved by a method for data transmission in a hierarchical data network; bidirectional data transmission in a hierarchical data network is described, which comprises at least one higher-level data processing device and at least one subordinate data processing device (multiple levels for network communications); wherein at the beginning of a data transfer between the higher-level data processing device and one of the subordinate data processing devices, the respective data-supplying data processing device; query telegram to the respective data-receiving data processing device is sent and the data-receiving data processing device thereupon a response message to the data-supplying data processing device sends, which is the available in the data-receiving data processing device at this time storage capacity for data telegrams includes, whereupon the data-supplying data processing device as many as possible Data telegrams sends that this storage capacity is not exceeded) 4. Claims 2, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Li et al (US PGPUB No. 20180234459). Regarding Claims 2, 18, Hochleitner-Kung discloses the computer-implemented method of claim 1 and the system of claim 14. Hochleitner does not explicitly disclose the lower network level does not have a line-of-sight communication path with the cloud computing system. However, Li discloses wherein the lower network level does not have a line-of-sight communication path with the cloud computing system. (Li col 15: if the anomaly is categorized as being heavy foliage (no direct line of sight for communication), the recommendation may include trimming a tree that is blocking the line-of-sight path between two network nodes. Another example of a treatment may be a micro re-planning, which may be an installation of an additional network node. As an example and not by way of limitation, if a tree is blocking a line-of-sight path between network node A and network node B, an additional network node C may be installed in a location that has a line-of-sight path to both network node A and network node B. Communications may then “hop” from network node A to network C, and finally to network node B. In particular embodiments, alternative network nodes may already be installed and running on the millimeter-wave communication network. In such a situation, a treatment may be to re-route signals to avoid blockages. As an example and not by way of limitation, if a communication link is currently established between network node A and network node B, but the line-of-sight path unexpectedly becomes blocked by a tree or other object, the network management system may access the network topology and identify another network node C that has a line-of-sight path to both network node A and network node B. Communications may then “hop” from network node A to network C, and finally to network node B.) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochleitner for the lower network level does not have a line-of-sight communication path with the cloud computing system as taught by Li. One of ordinary skill in the art would have been motivated to employ the teachings of Li for the benefits achieved from the flexibility of a system utilizing multiple communication techniques such as line of site communication paths and workarounds. (Li col 15) 5. Claims 3, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Holland et al (US PGPUB No. 20100280636). Regarding Claim 3, Hochleitner-Kung discloses the computer-implemented method of claim 1. Hochleitner does not explicitly disclose generating mapping of hierarchical network enables cloud computing system to control hierarchical network while preserving security standards. However, Holland discloses wherein generating the mapping of the hierarchical network enables the cloud computing system to control the hierarchical network while preserving security standards required by the hierarchical network. (Holland ¶ 035: NAT module 322 maps packets received from devices connected to BAS controller 300 to another device connected to BAS controller 300 (e.g., a remote client requesting data from the device). NAT module 322 may use information stored in an address table to conduct its activity., In another embodiment NAT module 322 maps an address (e.g., logical port) for a device connected to BAS controller 300 to another address space or port using another suitable mapping method. NAT module 322 may be configured to hide the ports or address space for the devices via its activity.; ¶ 065: Network communications module 802 may include security certified portion 820 configured to adhere to such certifications or standards without further configuration and security) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochleitner for generating mapping of hierarchical network that enables cloud computing system to control hierarchical network while preserving security standards as taught by Holland. One of ordinary skill in the art would have been motivated to employ the teachings of Holland for the benefits achieved from the enhance security of a system adhering to security standards as network associated information is managed. (Holland ¶ 035; ¶ 065) Regarding Claim 19, Hochleitner-Kung discloses the system of claim 14, Hochleitner does not explicitly disclose generating mapping of hierarchical network enables cloud computing system to update hierarchical network while preserving security standards. However, Holland discloses wherein generating the mapping of the hierarchical network enables the cloud computing system to update the hierarchical network while preserving security standards required by the hierarchical network. (Holland ¶ 035: NAT module 322 maps packets received from devices connected to BAS controller 300 to another device connected to BAS controller 300 (e.g., a remote client requesting data from the device). NAT module 322 may use information stored in an address table to conduct its activity., In another embodiment NAT module 322 maps an address (e.g., logical port) for a device connected to BAS controller 300 to another address space or port using another suitable mapping method. NAT module 322 may be configured to hide the ports or address space for the devices via its activity.; ¶ 065: Network communications module 802 may include security certified portion 820 configured to adhere to such certifications or standards without further configuration and security) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochleitner for generating mapping of hierarchical network enables cloud computing system to update hierarchical network while preserving security standards as taught by Holland. One of ordinary skill in the art would have been motivated to employ the teachings of Holland for the benefits achieved from the enhance security of a system adhering to security standards as network associated information is managed. (Holland ¶ 035; ¶ 065) 6. Claims 4, 5 are rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Holland et al (US PGPUB No. 20100280636) and Griffin et al (US Patent No. 11,848,857). Regarding Claim 4, Hochleitner-Kung discloses the computer-implemented method of claim 1. Hochleitner does not explicitly disclose mapping the hierarchical network. However, Holland discloses wherein the mapping the hierarchical network. (Holland ¶ 035: NAT module 322 maps packets received from devices connected to BAS controller 300 to another device connected to BAS controller 300 (e.g., a remote client requesting data from the device). NAT module 322 may use information stored in an address table to conduct its activity., In another embodiment NAT module 322 maps an address (e.g., logical port) for a device connected to BAS controller 300 to another address space or port using another suitable method. NAT module 322 may be configured to hide the ports or address space for the devices via its activity.; ¶ 065: Network communications module 802 may include security certified portion 820 configured to adhere to such certifications or standards without further configuration and security) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochleitner for mapping the hierarchical network as taught by Holland. One of ordinary skill in the art would have been motivated to employ the teachings of Holland for the benefits achieved from the enhance security of a system adhering to security standards as network associated information is managed. (Holland ¶ 035; ¶ 065) Hochleitner does not explicitly disclose including resources and services at the top network level and the lower network level of the hierarchical network. However, Griffin discloses wherein includes resources and services at the top network level and the lower network level of the hierarchical network. (Griffin col 6, ll 14-34: operation of the cluster may involve the execution of a plurality of the compute nodes; As new capacity is needed, new compute nodes may be added to the cluster; When capacity is to be reduced, compute nodes may be removed from the cluster; adding new compute nodes may include spawning new containers and/or VMs to execute a service; As new compute nodes and/or services are added (or deleted), the presence (or absence) of the service is tracked by the API gateway so that access to the services can be maintained; the API gateway serves as a front-end (e.g., a gateway) to the compute nodes; As new compute nodes are added (or removed), the API gateway keeps track of the services that are added (or removed) as well as their associated APIs;; (resources (network nodes) and services maintaine with hierarchical network)) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for including resources and services at the top network level and the lower network level of the hierarchical network as taught by Griffin. One of ordinary skill in the art would have been motivated to employ the teachings of Griffin for the benefits achieved from the flexibility of a system that enables the addition and deletion of network nodes within a processing cluster associated with a network environment. (Griffin col 6, ll 14-34) Regarding Claim 5, Hochleitner-Kung discloses the computer-implemented method of claim 1. Hochleitner does not explicitly disclose mapping of the hierarchical network. However, Holland discloses wherein the cloud computing system the mapping of the hierarchical network. (Holland ¶ 035: NAT module 322 maps packets received from devices connected to BAS controller 300 to another device connected to BAS controller 300 (e.g., a remote client requesting data from the device). NAT module 322 may use information stored in an address table to conduct its activity., In another embodiment NAT module 322 maps an address (e.g., logical port) for a device connected to BAS controller 300 to another address space or port using another suitable mapping method. NAT module 322 may be configured to hide the ports or address space for the devices via its activity.) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochleitner for mapping the hierarchical network as taught by Holland. One of ordinary skill in the art would have been motivated to employ the teachings of Holland for the benefits achieved from the enhance security of a system adhering to security standards as network associated information is managed. (Holland ¶ 035; ¶ 065) Hochleitner does not explicitly disclose update the hierarchical network utilizing mapping information. However, Griffin discloses wherein the cloud computing system can update the hierarchical network utilizing mapping information of the hierarchical network. (Griffin col 6, ll 14-34: operation of the cluster may involve the execution of a plurality of the compute nodes; As new capacity is needed, new compute nodes may be added to the cluster; When capacity is to be reduced, compute nodes may be removed from the cluster; adding new compute nodes may include spawning new containers and/or VMs to execute a service; As new compute nodes and/or services are added (or deleted), the presence (or absence) of the service is tracked by the API gateway so that access to the services can be maintained; the API gateway serves as a front-end (e.g., a gateway) to the compute nodes; As new compute nodes are added (or removed), the API gateway keeps track of the services that are added (or removed) as well as their associated APIs;) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for update the hierarchical network utilizing mapping information as taught by Griffin. One of ordinary skill in the art would have been motivated to employ the teachings of Griffin for the benefits achieved from the flexibility of a system that enables the addition and deletion of network nodes within a processing cluster associated with a network environment. (Griffin col 6, ll 14-34) 7. Claims 6, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Griffin et al (US Patent No. 11,848,857) and Wojcik et al (US PGPUB No. 20230132690). Regarding Claims 6, 16, Hochleitner-Kung discloses the computer-implemented method of claim 1 and the system of claim 14. Hochlietner does not explicitly disclose adding endpoint to first gateway service on the lower network level comprises adding endpoint. However, Griffin discloses wherein: a) receiving, from the cloud computing system, a control message to add a new endpoint for a service on the lower network level; (Griffin col 6, ll 14-34: operation of the cluster may involve the execution of a plurality of the compute nodes; As new capacity is needed, new compute nodes may be added to the cluster; When capacity is to be reduced, compute nodes may be removed from the cluster; adding new compute nodes may include spawning new containers and/or VMs to execute a service; As new compute nodes and/or services are added (or deleted), the presence (or absence) of the service is tracked by the API gateway so that access to the services can be maintained; the API gateway serves as a front-end (e.g., a gateway) to the compute nodes; As new compute nodes are added (or removed), the API gateway keeps track of the services that are added (or removed) as well as their associated APIs; col 6, ll 41-49: The API gateway may examine the request to determine one or more APIs to which the request should be forwarded; Upon determining the correct one or more APIs, the API gateway may forward the request (or a portion of the request) to the one or more APIs of the associated service; The API gateway also receives any response (e.g., a result) of the request from the one or more APIs, and forwards the response to the client computing device) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for adding endpoint to first gateway service on the lower network level comprises adding endpoint as taught by Griffin. One of ordinary skill in the art would have been motivated to employ the teachings of Griffin for the benefits achieved from the flexibility of a system that enables the addition and deletion of network nodes within a processing cluster associated with a network environment. (Griffin col 6, ll 14-34) Hochlietner does not explicitly disclose for b) automatically adding the new endpoint at a first gateway service on the lower network level and a second gateway service on the top network level. However, Wojcik discloses wherein for b) in response to receiving the control message, automatically adding the new endpoint at a first gateway service on the lower network level and a second gateway service on the top network level. (Wojcik ¶ 015, ll 1-21: The pods may each represent a single instance of a process running in the Kubernetes cluster; The pods may each contain one or more containers, such as Docker containers; The container registry may be configured to manage docker images, perform vulnerability analysis and generally manage accessibility within the Kubernetes cluster; ¶ 075, ll 9-13: Security provides identity verification for cloud consumers and tasks, as well as protection for data and other resources; User portal provides access to the cloud computing environment for consumers and system administrators) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for b) automatically adding the new endpoint at a first gateway service on the lower network level and a second gateway service on the top network level as taught by Wojcik. One of ordinary skill in the art would have been motivated to employ the teachings of Wojcik for the benefits achieved from the flexibility of a system that enables the utilization of Kubernetes cluster in the processing of data within a network environment. (Wojcik ¶ 014, ll 1-20) 8. Claims 7, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Griffin et al (US Patent No. 11,848,857). Regarding Claims 7, 17, Hochleitner-Kung discloses the computer-implemented method of claim 6 and the system of claim 16. Hochleitner does not explicitly disclose inspect updated data of the service on the lower network level of the hierarchical network by passing the updated data through gateway services. However, Griffin discloses wherein further comprising utilizing a computing device on the cloud computing system to inspect updated data of the service on the lower network level of the hierarchical network by passing the updated data through gateway services at different network levels of the hierarchical network. (Griffin col 6, ll 14-34: operation of the cluster may involve the execution of a plurality of the compute nodes; As new capacity is needed, new compute nodes may be added to the cluster; When capacity is to be reduced, compute nodes may be removed from the cluster; adding new compute nodes may include spawning new containers and/or VMs to execute a service; As new compute nodes and/or services are added (or deleted), the presence (or absence) of the service is tracked by the API gateway so that access to the services can be maintained; the API gateway serves as a front-end (e.g., a gateway) to the compute nodes; As new compute nodes are added (or removed), the API gateway keeps track of the services that are added (or removed) as well as their associated APIs; col 6, ll 41-49: The API gateway may examine the request to determine one or more APIs to which the request should be forwarded; Upon determining the correct one or more APIs, the API gateway may forward the request (or a portion of the request) to the one or more APIs of the associated service; The API gateway also receives any response (e.g., a result) of the request from the one or more APIs, and forwards the response to the client computing device) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for inspect updated data of the service on the lower network level of the hierarchical network by passing the updated data through gateway services as taught by Griffin. One of ordinary skill in the art would have been motivated to employ the teachings of Griffin for the benefits achieved from the flexibility of a system that enables the addition and deletion of network nodes within a processing cluster associated with a network environment. (Griffin col 6, ll 14-34) 9. Claims 8, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Wojcik et al (US PGPUB No. 20230132690). Regarding Claim 8, Hochleitner-Kung discloses the computer-implemented method of claim 1. Hochleitner does not explicitly disclose for a) lower network level includes a first Kubernetes cluster that includes a first gateway service as a first application programming interface (API) gateway, and for b) top network level includes a second Kubernetes cluster that includes a second gateway service as a second API gateway, and for c) first Kubernetes cluster performs different functions than second Kubernetes cluster. a) the lower network level includes a first Kubernetes cluster that includes a first gateway service as a first application programming interface (API) gateway pod; b) the top network level includes a second Kubernetes cluster that includes a second gateway service as a second API gateway pod; (Wojcik ¶ 014, ll 1-20: The system includes a plurality of users which are connected via a gateway to a cloud implementation of Kubernetes cluster which may be configured to implement one or more services, microservices or applications for the plurality of users; The Kubernetes cluster includes a worker pool having a plurality of worker nodes, each running a plurality of deployed pods; The deployment for the worker pool is shown connected to a container registry which may be located inside or outside of the cloud implementation; The deployment for the worker pool may further be connected via one or more connections to one or more outside services for adapting, supplementing or otherwise impacting the one or more services, microservices, or applications; ¶ 015, ll 1-5: The gateway may represent many different kinds of load balancing and routing in the Kubernetes cluster, and may accept HTTP requests; The gateway may include APIs or other functionality for impacting data flow into the Kubernetes cluster) and c) the first Kubernetes cluster performs different functions than the second Kubernetes cluster. (Wojcik ¶ 015, ll 8-16: The Kubernetes cluster may be any set of nodes that run containerized applications; While a single worker pool is shown within the Kubernetes cluster, a plurality of worker pools are contemplated running any number of services, microservices and/or applications (different functions); The pods may each be a small deployable unit of computing that you can manage within the Kubernetes cluster; (Kubernetes cluster running multiple services or functions)) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for a) lower network level includes a first Kubernetes cluster that includes a first gateway service as a first application programming interface (API) gateway, and for b) top network level includes a second Kubernetes cluster that includes a second gateway service as a second API gateway, and for c) first Kubernetes cluster performs different functions than second Kubernetes cluster as taught by Wojcik. One of ordinary skill in the art would have been motivated to employ the teachings of Wojcik for the benefits achieved from the flexibility of a system that enables the utilization of Kubernetes cluster in the processing of data within a network environment. (Wojcik ¶ 014, ll 1-20) Regarding Claim 15, Hochleitner-Kung discloses the system of claim 14. Hochlietner does not explicitly disclose top network level includes a second Kubernetes cluster that performs different functions than first Kubernetes cluster. However, Wojcik discloses wherein: the lower network level includes a first Kubernetes cluster; and the top network level includes a second Kubernetes cluster that performs different functions than the first Kubernetes cluster. (Wojcik ¶ 015, ll 8-16: The Kubernetes cluster may be any set of nodes that run containerized applications; While a single worker pool is shown within the Kubernetes cluster, a plurality of worker pools are contemplated running any number of services, microservices and/or applications; The pods may each be a small deployable unit of computing that you can manage within the Kubernetes cluster) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for top network level includes a second Kubernetes cluster that performs different functions than first Kubernetes cluster as taught by Wojcik. One of ordinary skill in the art would have been motivated to employ the teachings of Wojcik for the benefits achieved from the flexibility of a system that enables the utilization of Kubernetes cluster in the processing of data within a network environment. (Wojcik ¶ 014, ll 1-20) 10. Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Bosch et al. (US PGPUB No. 20220222335) and Wojcik et al (US PGPUB No. 20230132690). Regarding Claim 9, Hochleitner-Kung discloses the computer-implemented method of claim 8, wherein the first gateway service comprises: a) an ingress controller for forwarding incoming data between API gateway pods on different network levels of the hierarchical network; (Hochlietner page 3, l 20 - page 4, l 11: The object is achieved by a method for data transmission in a hierarchical data network; bidirectional data transmission in a hierarchical data network is described, which comprises at least one higher-level data processing device and at least one subordinate data processing device (multiple levels for network communications); wherein at the beginning of a data transfer between the higher-level data processing device and one of the subordinate data processing devices, the respective data-supplying data processing device; query telegram to the respective data-receiving data processing device is sent and the data-receiving data processing device thereupon a response message to the data-supplying data processing device sends, which is the available in the data-receiving data processing device at this time storage capacity for data telegrams includes, whereupon the data-supplying data processing device as many as possible Data telegrams sends that this storage capacity is not exceeded) Hochlietner does not explicitly disclose for b) a domain name service (DNS) configuration manager for determining when an incoming piece of data corresponds to an external service. However, Bosch discloses: b) a domain name service (DNS) configuration manager for determining when an incoming piece of data from another API gateway service on another network level of the hierarchical network corresponds to an external service; (Bosch ¶ 036, ll 1-27: policies may also be directed to Uniform Resource Locators (URLs) associated with the API service, one or more hypertext transfer protocol (HTTP) operations associated with the API service, and/or one or more defined categories of data transmitted across an API interface to the API service; policies may dictate how domain names in URLs are resolved, e.g., which DNS service is used, what protocol is used to protect the DNS requests (e.g., DNS over TLS, DNS over HTTPS); Policies may also be directed to the protocols used for communications underlying the API service, e.g., HTTP, HTTP over TLS, HTTP over QUIC; Policies may further be directed to the physical location of network connections, e.g., inside an enterprise, inside a trusted cloud provider, over the open internet; (DNS domain name resolution)) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for b) a domain name service (DNS) configuration manager for determining when an incoming piece of data corresponds to an external service as taught by Bosch. One of ordinary skill in the art would have been motivated to employ the teachings of Bosch for the benefits achieved from the flexibility of a system that enables the utilization of security techniques such as TLS procedures. (Bosch ¶ 036, ll 1-27) Hochlietner does not explicitly disclose for c) a messaging publication and subscription list that includes which control messages to read from a control message queue; and d): a resource control plane that includes an automatically updated list of authorized endpoints for services running on lower network level of hierarchical network. However, Wojcik discloses: c) a messaging publication and subscription list that includes which control messages to read from a control message queue; d) a resource control plane that includes an automatically updated list of authorized endpoints for services running on the lower network level of the hierarchical network. (Wojcik ¶ 015, ll 1-21: The pods may each represent a single instance of a process running in the Kubernetes cluster; The pods may each contain one or more containers, such as Docker containers; The container registry may be configured to manage docker images, perform vulnerability analysis and generally manage accessibility within the Kubernetes cluster; ¶ 075, ll 9-13: Security provides identity verification for cloud consumers and tasks, as well as protection for data and other resources; User portal provides access to the cloud computing environment for consumers and system administrators) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for c) a messaging publication and subscription list that includes which control messages to read from a control message queue; and d): a resource control plane that includes an automatically updated list of authorized endpoints for services running on lower network level of hierarchical network as taught by Wojcik. One of ordinary skill in the art would have been motivated to employ the teachings of Wojcik for the benefits achieved from the flexibility of a system that enables the utilization of Kubernetes cluster in the processing of data within a network environment. (Wojcik ¶ 014, ll 1-20) 11. Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Bosch et al. (US PGPUB No. 20220222335) and Wojcik et al (US PGPUB No. 20230132690) and Griffin et al. (US Patent No. 11,848,857). Regarding Claim 10, Hochleitner-Kung-Bosch-Wojcik discloses the computer-implemented method of claim 9. Hochleitner does not explicitly disclose adding an endpoint to the first gateway service on the lower network level. However, Griffin discloses wherein further comprising adding an endpoint to the first gateway service on the lower network level. (Griffin col 6, ll 14-34: operation of the cluster may involve the execution of a plurality of the compute nodes; As new capacity is needed, new compute nodes may be added to the cluster; When capacity is to be reduced, compute nodes may be removed from the cluster; adding new compute nodes may include spawning new containers and/or VMs to execute a service; As new compute nodes and/or services are added (or deleted), the presence (or absence) of the service is tracked by the API gateway so that access to the services can be maintained; the API gateway serves as a front-end (e.g., a gateway) to the compute nodes; As new compute nodes are added (or removed), the API gateway keeps track of the services that are added (or removed) as well as their associated APIs; col 6, ll 41-49: The API gateway may examine the request to determine one or more APIs to which the request should be forwarded; Upon determining the correct one or more APIs, the API gateway may forward the request (or a portion of the request) to the one or more APIs of the associated service 170; The API gateway also receives any response (e.g., a result) of the request from the one or more APIs 172, and forwards the response to the client computing device) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for adding an endpoint to the first gateway service on the lower network level as taught by Griffin. One of ordinary skill in the art would have been motivated to employ the teachings of Griffin for the benefits achieved from the flexibility of a system that enables the addition and deletion of network nodes within a processing cluster associated with a network environment. (Griffin col 6, ll 14-34) 12. Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Bosch et al. (US PGPUB No. 20220222335). Regarding Claim 12, Hochleitner-Kung discloses the computer-implemented method of claim 1. Hochlietner does not explicitly disclose secure connection comprises a transport layer security (TLS) secure connection between first gateway service and second gateway service. However, Bosch discloses wherein the secure connection comprises a transport layer security (TLS) secure connection between a first gateway service on the lower network level and a second gateway service on the top network level that utilizes signed certificates. (Bosch ¶ 036, ll 1-27: policies may also be directed to Uniform Resource Locators (URLs) associated with the API service, one or more hypertext transfer protocol (HTTP) operations associated with the API service, and/or one or more defined categories of data transmitted across an API interface to the API service; policies may dictate how domain names in URLs are resolved, e.g., which DNS service is used, what protocol is used to protect the DNS requests (e.g., DNS over TLS, DNS over HTTPS); Policies may also be directed to the protocols used for communications underlying the API service, e.g., HTTP, HTTP over TLS, HTTP over QUIC; Policies may further be directed to the physical location of network connections, e.g., inside an enterprise, inside a trusted cloud provider, over the open internet; ¶ 027, ll 10-13: TLS information associated with the external API service 1, including its version and certificates; (TLS certificates)) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for secure connection comprises a transport layer security (TLS) secure connection between first gateway service and second gateway service as taught by Bosch. One of ordinary skill in the art would have been motivated to employ the teachings of Bosch for the benefits achieved from the flexibility of a system that enables the utilization of security techniques such as TLS procedures. (Bosch ¶ 036, ll 1-27) 13. Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Hochleitner in view of Kung and further in view of Park et al. (US Patent No. 10,250,619). Regarding Claim 13, Hochleitner-Kung discloses the computer-implemented method of claim 1. Hochlietner does not explicitly disclose hierarchical network adheres to a Purdue Reference Architecture Model. However, Park discloses wherein the hierarchical network adheres to a Purdue Reference Architecture Model. (Park col 10, ll 5-17: The vertical consistency analyzer can be configured to perform an analysis of a state indicated by one or more of said physical-level signals at a first level (refer to FIGS. 2 and 3 for example, Level 0 of the Purdue reference model) with respect to a corresponding state indicated by a derived state provided at or associated with a higher level (refer to FIGS. 2 and 3, for example, Levels 1 or 2 of the Purdue reference model); The horizontal consistency analyzer can be configured to perform a horizontal state estimation analysis of the states of a plurality of the physical-level signals or signals at a same reference level) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hochlietner for hierarchical network adheres to a Purdue Reference Architecture Model as taught by Park. One of ordinary skill in the art would have been motivated to employ the teachings of Park for the benefits achieved from the flexibility of a system that enables the utilizations of multiple processing models such as the Purdue Reference Architecture. (Park col 10, ll 5-17) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kyung H Shin whose telephone number is (571)272-3920. The examiner can normally be reached M - F: 12pm - 8pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon H Hwang can be reached at 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KYUNG H. SHIN/ Primary Examiner Art Unit 2447 PNG media_image1.png 200 400 media_image1.png Greyscale
Read full office action

Prosecution Timeline

May 06, 2025
Application Filed
Jun 26, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683761
CONFIDENTIAL AUTOMATED SPEECH RECOGNITION
1y 10m to grant Granted Jul 14, 2026
Patent 12659320
EDGE-BASED THREAT INTELLIGENCE SHARING
2y 5m to grant Granted Jun 16, 2026
Patent 12657402
Systems and methods for utilizing Large Language Models (LLMs) for improving machine learning models in network and computer security
2y 6m to grant Granted Jun 16, 2026
Patent 12659332
SECURE PLATFORM FOR PROCESSING DATA
2y 2m to grant Granted Jun 16, 2026
Patent 12647357
ATTESTATION LOGIC ON MEMORY FOR MEMORY DIE VERIFICATION
3y 5m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
82%
Grant Probability
93%
With Interview (+10.8%)
2y 11m (~1y 9m remaining)
Median Time to Grant
Low
PTA Risk
Based on 970 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month