Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Notice of Allowance is in response reply filed by Applicant on 1/8/2021 and amendments authorized Applicant on 1/28/2021.  Claims 2, 8 and 13 have been canceled.   Claims 1, 3-7, 9-12 and 14-18 are pending. 

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Applicant’s representative David Kim on 1/27/2021.
The application has been amended as follows: 
1.	(Currently Amended) A computing system, comprising: 
a plurality of network security devices, each network security device being a device to scan packets or portions thereof directed to the network security device by a network switch to detect malicious activity in network traffic;
the network switch configured to direct network traffic; and 
a controller coupled to the network switch, wherein the controller is to monitor differing capabilities of each network security device of the plurality of network security devices and to create at least one policy that determines a destination of the network traffic or a portion thereof based on the differing capabilities, the controller to instruct the network switch in directing network traffic to the plurality of network security devices by:
wherein the first policy instructs the network switch to split the first portion of the network traffic between the first network security device and a second network security device,
creating a second policy to divert a second portion of the network traffic to [[a]]the second network security device selected by the pre-filtering of the network traffic based on the network traffic-related characteristics of the packets that match capabilities of the second network security device, the capabilities of the second network security device being different from the capabilities of the first network security device, and
transmitting the first policy and the second policy to the network switch effectuating the pre-filtering of the traffic. 

2.	(Canceled)

6.	(Currently Amended) A method for directing network traffic, comprising: 
receiving network traffic in a switch; 
receiving, in the switch, instructions from a controller including a first policy to direct a first portion of the network traffic to a first network security device of a pool of network security devices, the first network security device configured to receive packets or portions thereof directed to the first network security device by the switch, for packet inspection, wherein the first network security device is selected by pre-filtering the network traffic based on network traffic-related characteristics of the packets matching  capabilities of the first network security device and on capabilities, and wherein each network security device is a device that scans packets to detect malicious activity in network traffic, wherein the controller is to monitor differing capabilities of each network security device of the pool of network , wherein first policy instructs the switch to split the first portion of the network traffic between the first network security device and a second network security device; 
receiving, in the switch, instructions from the controller including a second policy to direct a second portion of the network traffic to [[a]]the second network security device of the pool of network security devices, the second network security device configured to receive packets or portions thereof directed to the second network security device by the switch, for packet inspection, wherein the second network security device is selected by the pre-filtering of the network traffic based on the network traffic-related characteristics of the packets that match capabilities and workload of the second network security device, the capabilities of the second network security device being different from the capabilities of the first network security device; and 
diverting the portion of the network traffic to at least one of the first or second network security devices of the pool of network security devices according to the first or the second policy received from the controller.

8.	(Canceled)

11.	(Currently Amended) A tangible, non-transitory, computer-readable medium comprising instructions that direct a controller to: 
monitor network traffic in a network switch; 
select a first network security device from a plurality of network security devices, the first network security device configurable to receive packets or portions thereof directed to the first network security device by the network switch, to receive a first portion of the network traffic for scanning based on network traffic-related characteristics of the packets making up the network traffic that match capabilities and workload of the first network security device and on capabilities, wherein the first policy instructs the network switch to split the first portion of the network traffic between the first network security device and a second network security device;
select [[a]]the second network security device from the plurality of network security devices, the second network security device configurable to receive packets or portions thereof directed to the second network security device by the network switch, to receive a second portion of the network traffic for scanning based on network traffic-related characteristics of the packets making up the network traffic that match capabilities and workload of the second network security device and on capabilities,, the capabilities of the second network security device being different from the capabilities of the first network security device;
monitor differing capabilities of the first network security device and the second network security device;
generate one or more policies to instruct the network switch in directing the network traffic or a portion thereof to the first network security device and second network security device based on the differing capabilities; and
transmit the one or more policies to a network switch.

13.	(Canceled) 

Allowable Subject Matter
Claims 1, 3-7, 9-12 and 14-18 are allowed.
The following is an examiner’s statement of reasons for allowance: 
	Applicant's arguments/amendments filed on 1/8/2021 and amendments authorized by Applicant on 1/27/2021 make the record is clear regarding reasons for allowance. See MPEP 1302.14(1). According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (e) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for 
	A final search was conducted by Examiner on 1/28/2021 and the closest prior art failed to teach “the network switch configured to direct network traffic; and a controller coupled to the network switch, wherein the controller is to monitor differing capabilities of each network security device of the plurality of network security devices and to create at least one policy that determines a destination of the network traffic or a portion thereof based on the differing capabilities, the controller to instruct the network switch in directing network traffic to the plurality of network security devices by: creating a first policy to divert a first portion of the network traffic to a first network security device selected by pre-filtering the network traffic based on network traffic-related characteristics of the packets that match capabilities of the first network security device, wherein the first policy instructs the network switch to split the first portion of the network traffic between the first network security device and a second network security device.”  As conventional means to filter network focus on filtering to handle workloads and on specific types of attacks, where the instant application recites a means to filtering network traffic based on capabilities of devices and the usage of splitting traffic.  As a result the claims are in condition for Allowance.
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661.  The examiner can normally be reached on Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/           Primary Examiner, Art Unit 2439