DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/16/2020 has been entered.
                                                                            Claim status 
Claims 1, 13, 27 and 31 have been amended. Claims 2, 12, 25, 26, 30, 34 and 35 have been canceled. Claims 1, 3-11, 13-24, 27-29 and 31-33 remain pending in the application.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


The claimed invention is directed to non-statutory subject matter.  The claim does not fall within at least one of the four categories of patent eligible subject matter. 

Claim 24 recites “a computer program comprising instructions …” As such the claim is a computer program per se, which does not fall within one of the four statutory classes. Therefore, the claim is non-statutory. .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 3-6, 11, 13, 22, 24, 27, 28 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Guichard et al. (EP 2680 540 B1, hereinafter Guichard) (cited in IDS submitted on 01/17/2019) in view of Li et al. (US. Pat.  No. 10, 085 132 B2, hereinafter Li).

Regarding claim 1.
           Guichard teaches a method in a Software Defined Network, SDN (Guichard, PCE 8 of Fig.1 acts as SDN as disclosed in ¶ [0033]), the SDN comprising a plurality of resources including Network Elements, NEs (Guichard, Fig. 1, network switches 12A, 12B, 6A, 6B and service node 13 are equivalent to “network elements of network resources”), and network links connecting the NEs (Guichard, Fig. 1 overlay controller 14 equivalent to “network link” connecting switches with PCE 8 and further teaches in ¶ [0024] how the controller 14 “network link” communicates with network switches “network elements resources” to establish a path request made by the client 18 “user” in PCE 8 “SDN”), the method comprising:
              receiving a user generated request to provision an SDN Data path in the SDN, the request comprising performance metrics for the SDN Data path (Examiner interprets latency, jitter and/or QoS are equivalent to performance metrics per Applicant’s Pub. No. 2019/0238454 A1 Specification ¶ [0005] and thus, Guichard teaches in ¶ [0023], client element 18 of Fig. 1 “user” requests a dedicated path based on parameters such as latency, jitter and QoS which are equivalent to applicants “performance metrics” from the path computation element (PCE) element 8 of Fig. 1 through overlay controller element 14 of Fig. 1. (Note that PCE element 8 acts as SDN (software-defined-network) as disclosed in ¶ [0033])),
           assembling a candidate set of resources to provision the SDN Data path (Guichard ¶ [0025], PCE element 8 of Fig. 1 installs forwarding information to the network node and switches elements 12A, B,           
            initiating provision of the SDN Data path in accordance with the received performance metrics using resources selected from the candidate set (Guichard, ¶ [0033], PCE element 8 using software-defined network 3 of Fig. 1 which includes multiple switches those are equivalent to “network elements and set of candidate of network resources” and select a particular network switch 6B (note that switch 6B is one of the “candidate of network resources”) and may configure service engineered path 11 (SEP) to suit a particular service and further teaches in ¶ [0034] that, the service engineered path 11 (SEP) may be configured to accommodate network conditions through provisioning of paths based on certain network requirements for example, bandwidth and QoS etc. Note that “bandwidth” and “QoS” are equivalent to “performance metrics” per Applicant’s Pub. No. 2019/0238454 A1 Specification ¶ [0005]).
             Guichard does not explicitly teach the request comprises a geographic constraint to be applied to resources used in provisioning the SDN Data path; wherein…data path comprises: obtaining a geographic location attribute of resources in the SDN; populating the candidate set with those resources having a geographic location attribute satisfying the received geographic constraint; and wherein at least one of the NEs of the SDN network is implemented via a Virtualized Network Function, VNF, and wherein the geographic location attribute of the NE implemented via a VNF comprises an indication of the physical location of hardware provisioning the VNF.
           However, Li teaches a request comprising a geographic constraint to be applied to resources used in provisioning the SDN Data path (Li, teaches in [Col. 3, lines 44-50] teaches a wireless communication based on acceptable and controllable cost lookup table to limit the geographic zone “geographic constraint” adjustment to provide a service to access network and further teaches in [Col. 
           wherein…data path comprises: obtaining a geographic location attribute of resources in the SDN (Li, [Col. 1, lines 59-61], “the network element 304 obtains a data packet having at least one first parameter (attribute) comprising a geographic location” (note that the network element 304 receives the transmitted data packet “resources” in an application-level functionalities applying SDT (software defined topology equivalent to “SDN”) as disclosed in [Col. 6, lines 45-50]);          
         populating the candidate set with those resources having a geographic location attribute satisfying the received geographic constraint (Li, [Col. 3, lines 45-60], teaches the controllable table lookup equivalent to “populating the candidate set in the lookup table” for costs to determine or satisfy the obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access. Note that dividing the geographic coverage region or zone equivalent to applicants “satisfying geographic constraint”); and
          wherein at least one of the NEs of the SDN network is implemented via a Virtualized Network Function, VNF (Li, [Col. 6, lines 38-40 and 45-48], “an MTC (machine type communication) application element 306 generates data packet to transmit to at least one or more RE (remote equipment) and applying “a logical node is a visualized node that implements one or some application through SDT (Software defined topology functionally equivalent to “SDN”) and NFV ( network function virtualization/Virtualization Network Functionality) techniques”), and wherein the geographic location attribute of the NE implemented via a VNF comprises an indication of the physical location of hardware provisioning the VNF (Li, [Col. 3, lines 12-14 and 44-60], machine type communication system (MTC) performs table look up to find routing information “path” and obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access. Note that 
         Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include a logical node is a visualized node in an application-level functionalities applying SDT (software defined topology functionally equivalent to “SDN”) and NFV (network function virtualization) techniques ([Col. 6, lines 44-50]) of Li into the PCE element 8 which acts as SDN frees the selected paths after identifying paths that are not visible to any one of switches (candidate of network resources) ([0029]) of Guichard. One would have been motivated to do so since this method enables allowing the NFV (i.e., VNF) interconnection hub to provide many-to-many operator interconnections at the NFV (i.e., VNF) interconnection hub or indirect interconnection by providing availability or routing information for on-demand operator-to-operator interconnection outside of the NFV (i.e., VNF) interconnection hub.
Regarding claim 3.
           Guichard in view of Li teaches wherein the geographic location attribute of resources in the SDN is obtained from an SDN controller of the SDN network (Guichard, Fig. 1, and ¶ [0018], provides an overlay controller element 14 which communicates with PCE element 8 “SDN” and further Li teaches in [Col. 1, lines 59-61], network element receives or communicates to obtain a data packet having at least one first parameter (attribute) based on a geographic location).


Regarding claim 4.
     Guichard in view of Li further teaches wherein the request further comprises a level of confidentiality to be applied to the SDN Data path (Guichard ¶ [0030] PCE which acts as SDN “enhanced current state of the network 3 at both the overlay network layer and base network 3, PCE 8 may identify paths that are not visible to any one of network switches 6 or overlay switches 12 having a more limited view” (here the path is not visible equivalent to “the level of confidentiality’ in the SDN path)), and wherein assembling a candidate set of resources to provision the SDN Data path (Guichard ¶ [0025], PCE element 8 of Fig. 1 installs forwarding information to the network node and switches elements 12A, B, 6A, B of Fig. 1 network elements of resources which can be gathered as “candidates of network resources” and further teaches in ¶ [0029] that the PCE element 8 “SDN” determining the path by removing the forwarding information to implement the requested paths by making free the resources for future paths), further comprises: obtaining a level of confidentiality attribute of resources in the SDN (Guichard ¶ [0029]-[0030], PCE element 8 removes the forwarding information and implementing the requested paths and frees the resources for future paths by identifying/obtaining the paths that are not visible to anyone equivalent to “obtaining level of confidentiality”)); and               
populating the candidate set with those resources having a geographic location attribute satisfying the received geographic constraint (Li, [Col. 3, lines 45-60], teaches the controllable table lookup equivalent to “populating the candidate set in the lookup table” for costs to determine or satisfy the obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access. Note that dividing the geographic coverage region or zone equivalent to applicants “satisfying geographic constraint”) and a level of confidentiality attribute in accordance with the level of confidentiality to be applied to the SDN Data path (Guichard ¶ [0030] PCE which acts as SDN “enhanced current state of the network 3 at both the overlay network layer and base network 3, PCE 8 may identify paths that are not visible to any one of network switches 6 or overlay switches 12 having a more limited view” (here the path is not visible equivalent to “the level of confidentiality’ in the SDN path)). 
           Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include controllable table lookup (populating the candidate set in the lookup table) ([Col. 3, lines 45-60]) of Li into Guichard invention. One would have been motivated to do so in order to the SDN controller can allow customers such as administrator, to directly sort traffic on per-packet or per-flow basis for individualized processing, saving cost, improving performance, limiting risk, improving availability and increasing control of the network system.

Regarding claim 5.
          Guichard teaches wherein the level of confidentiality attribute of resources in the SDN is obtained from an SDN controller of the SDN network (Guichard Fig. 1 shows that the PCE element 8 acts as SDN and communicates with overlay controller element 14 “SDN controller “and further teaches in ¶ [0030] that the PCE which acts as SDN communicates with overlay controller “SDN controller” to enhance the current state of the network 3 at both the overlay network layer and base network 3, by not visible to any one of network switches 6 or overlay switches 12 having a more limited view” ((here the path is not visible equivalent to “the level of confidentiality’ in the SDN path)).

Regarding claim 6.
         Guichard teaches causing the level of confidentiality to be applied to the SDN Data path to be stored in an SDN controller of the SDN network (Guichard Fig. 1 shows how overlay controller element 14 and PCE element 8 communicates and further teaches in ¶ [0021] that overlay controller 14 collects and stores the overlay topology information, then provides the overlay topology information to PCE 8 in overlay topology update messages 26. In some examples, overlay controller 14 is a component of PCE 8” (note that the PCE element 8 acts as SDN)).

Regarding claim 11. 
            Guichard in view of Li teaches establishing a modification requirement for the requested SDN Data path (Note that PCE element 8 acts as SDN (software-defined-network) as disclosed in ¶ [0033])) and thus, Guichard teaches in ¶ [0083], PCE element 8 which acts as SDN “modify parameters particular parameters of the target LSP that are exposed for modification and enables a PCE to set parameters for a TE LSP configured within the router… and a PCE to signal computed paths through a multi-topology network, thereby dynamically setting up end-to-end paths as requested by clients”); and initiating provision of the SDN Data path in accordance with the modification requirement using resources selected from the new candidate set (Guichard, teaches in ¶ [0026], how the PCE element 8 modify the forwarding information in overlay switch element 12 which is the selected as a new candidate set among other paths of wherein the forwarding information includes a flow table entries) and modifying the SDN Data path by: if the modification requirement does not change the geographic constraint applied to the SDN Data path (Li, [Col.8, lines 45-63], a logical node is a visualized node in an application-level functionalities applying SDT (software defined topology functionally equivalent to “SDN”)) techniques and element 304 modifying other elements of the packet and re-forms or generates a new packet for the second parameter with the same geographic location), initiating provision of the SDN Data path in accordance with the modification requirement using resources selected from the candidate set (Guichard, teaches in ¶ [0026], how the PCE element 8 modify the forwarding information in overlay switch element 12 (the selected new candidate set among other paths of the resources elements wherein the forwarding information includes a flow table entries); and 
           if the modification requirement changes the geographic constraint applied to the SDN Data path, assembling a new candidate set of resources to provision the SDN Data path in accordance with the changed geographic constraint (Li, [Col. 3, lines 44-50], MTC (machine type communication) uses a table lookup to limit the number of associated geographic zones by adjusting  (modifying) the geographic zoning so that the MTC application further modifying other elements of the packet and element 304 modifying other elements of the packet and re-forms or generates a new packet for the second parameter with the same geographic location as disclosed in [Col. 8, lines 56-67]).
          Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include t MTC (machine type communication) uses a table lookup to limit the number of associated geographic zones by adjusting  (modifying) the geographic zoning ([Col. 3, lines 44-50]) of Li into Guichard. One would have been motivated to do so in order to the SDN controller can allow customers such as administrator, to directly sort traffic on per-packet or per-flow basis for individualized processing, saving cost, improving performance, limiting risk, improving availability and increasing control of the network system.

Regarding claim 13.

 Guichard teaches a method for configuring a Secure Domain SD (Guichard, ¶ [0050]-[0051] computational domain), in a Software Defined Network, SDN (Guichard, [0050]-[0051], one or more overlay network constitute a path computation domain equivalent to “secure domain” in PCE “SDN”), the SDN comprising a plurality of resources including Network Elements, NEs (Guichard, Fig. 1, network switches 12A, 12B, 6A, 6B and service node 13 are equivalent to “network elements of network resources”), and network links connecting the NEs (Guichard, Fig. 1 overlay controller 14 equivalent to “network link” connecting switches with PCE 8 and further teaches in ¶ [0024] how the controller 14 “network link” communicates with network switches “network elements resources” to establish a path request made by the client 18 “user” in PCE 8 “SDN”).
           Guichard does not explicitly teach the method of network elements which comprising: obtaining a geographic location attribute for a resource; comparing the geographic location attribute to entry requirements for the SD; allocating the resource to the SD if the geographic location attribute satisfies the entry requirements; and wherein at least one of the NEs of the SDN network is implemented via a Virtualized Network Function, VNF, and wherein the geographic location attribute of the NE implemented via a VNF comprises an indication of the physical location of hardware provisioning the VNF.
          However, Li teaches network elements which comprising: obtaining a geographic location attribute for a resource (Li, teaches in [Col. 3, lines 44-50] teaches a wireless communication based on acceptable and controllable cost lookup table to limit the geographic zone “geographic constraint” adjustment to provide a service to access network and further teaches in [Col. 6, lines 37-40 and lines 45-48] that a location based transition of packet “resources” to remote equipment (RE) through software defined topology (SDT) which is functionally equivalent to applicants “SDN”); and 
             wherein at least one of the NEs of the SDN network is implemented via a Virtualized Network Function, VNF (Li, [Col. 6, lines 38-40 and 45-48], “an MTC (machine type communication) application element 306 generates data packet to transmit to at least one or more RE (remote equipment) and applying “a logical node is a visualized node that implements one or some application through SDT (Software defined topology functionally equivalent to “SDN”) and NFV (network function virtualization/Virtualization Network Functionality) techniques”), and wherein the geographic location attribute of the NE implemented via a VNF comprises an indication of the physical location of hardware provisioning the VNF (Li, [Col. 3, lines 12-14 and 44-60], machine type communication system (MTC) performs table look up to find routing information “path” and obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access. Note that dividing the geographic coverage region or zone equivalent to applicants “satisfying geographic constraint”) and further teaches in [Col. 6, lines 44-59], MTC performs a location based communication for a transmission of packet to a remote equipment and to a network element 304 in an application-level functionalities applying SDT (software defined topology functionally equivalent to “SDN”) and NFV (network function virtualization/Virtualization Network Functionality) techniques in the physical network infrastructure on a selected NFV-enable network nodes and performed a location based communication).
          Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include a logical node is a visualized node in an application-level functionalities applying SDT (software defined topology functionally equivalent to “SDN”) and NFV (network function virtualization) techniques ([Col. 6, lines 44-50]) of Li into the PCE element 8 which acts as SDN frees the selected paths after identifying paths that are not visible to any one of switches (candidate of network resources) ([0029]) of Guichard. One would have been motivated to do so since this method enables allowing the NFV (i.e., VNF) interconnection hub to provide many-to-many 

 Regarding claim 22.
       Guichard in view of Li further teaches populating the geographic location attribute of the resource into a resource database of a controller of the SDN (Guichard teaches in ¶ [0050], diabase element 54 stores topology information of the network layer and one or more overlay network layers of a network that constitutes a path computation domain for PCE 8 (note that PCE element 8 acts as SDN) and Li further teaches in [Col. 3, lines 45-60] that, the controllable table lookup (populating the candidate set in the lookup table) for costs (attributes or parameter) to determine or satisfy the obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access). 
         Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to associate the method of geographic location of the SDN controller 40 by allowing users to identify and monitoring the threats and attack (i.e., obtain) ([Col. 3, lines 45-60]) of LI into Guichard invention. One would have been motivated to do so in order to manage searching, adding, updating, and deleting of flow entries in flow tables so that the flow table manager easily confirms that new flow rules are correctly inserted into the flow tables in efficient manner.
Regarding claims 24 and 31.
Claims 24 and 31 incorporate substantively all the limitations of claim 13 in computer program instruction form and is rejected under the same rationale.
Regarding claim 27.
 incorporates substantively all the limitations of claim 1 in apparatus form and is rejected under the same rationale.
Regarding claim 28.
Claim 28 incorporates substantively all the limitations of claim 4 in apparatus form and is rejected under the same rationale.

Claims 7-10, 14-21, 23, 29, 32 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Guichard in view of Li , further in view of Hu et al. (US. Pub. No. 2017/0324781 A1, hereinafter Hu).

Regarding claim 7. Guichard in view of Li further teaches a method as claimed in claim 4.
            Guichard further teaches wherein users of the SDN are associated with at least one level of confidentiality (Guichard, ¶ [0030], the PCE element 8 identifying the paths that are restricted or not visible to the anyone of the network switches or overlay switches by allowing network operators to reconcile multiple conflicting application path access request and prioritizing the application path request for dedicated paths), the method further comprising, on receipt of the user generated request to provision an SDN Data path in the SDN (Guichard, ¶ [0023]-[0024],client element 18 of Fig. 1 (user or user device) requests a dedicated path and parameters such as latency, jitter and QoS from the path computation element (PCE) element 8 of Fig. 1 through overlay controller element 14 of Fig. 1).
          Guichard in view of Li does not explicitly teach comparing the level of confidentiality to be applied to the SDN Data path with each level of confidentiality associated with the user generating the request; and if the level of confidentiality to be applied to the SDN Data path corresponds to at least one of the levels of confidentiality associated with the user generating the request, proceeding to assemble a candidate set of resources to provision the SDN Data path.
wherein users of the SDN are associated with at least one level of confidentiality comparing the level of confidentiality to be applied to the SDN Data path with each level of confidentiality associated with the user generating the request (Hu teaches in Fig. 1 and ¶ [0035] that how the confidentiality and security level applied in the SDN controller and policy creator (user security request generator) and how the SDN controller operating system performs or causing the security privilege level of the role of the creator (policy creator generates the user request) of the security policy, can be stored and processed and protected in a trusted environment as disclosed in ¶ [0045]); and 
           if the level of confidentiality to be applied to the SDN Data path corresponds to at least one of the levels of confidentiality associated with the user generating the request, proceeding to assemble a candidate set of resources to provision the SDN Data path (Hu teaches in ¶ [0035] that how the level of role attributes configuring to specify the security privilege level given (assign) to each role set by the module 128 so that the security privilege levels of roles can be set (proceeding to compare) as follows: security administrator -L5 (highest); general administrator -L4; user -L2; and guest -L1. The role with higher security privilege level is given more rights to access the SDN controller. For example, the policy created by the creator role of guest (level of confidentiality associated with user) will be replaced by the policy created by the creator role of security administrator). 
           Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the method of storing different security policies and security privilege level of role of the creator ([0045]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to ensure that senility data processed and protected in a trusted environment in efficient manner.   

Regarding claim 8. Guichard in view of Li further teaches a method as claimed in claim 4.
wherein initiating provision of the SDN Data path in accordance with the received performance metrics using resources performance metrics using resources selected from the candidate set comprises updating routing table entries for the resources (Guichard in ¶ [0029], the PCE element 8 which acts as SDN frees the selected paths after identifying paths that are not visible to any one of switches (candidate of network resources) based on the requested dedicated path and parameters or attributes such as latency, jitter and QoS as disclosed in ¶ [0024]) and further Guichard teaches in ¶ [0074] that how different instances in a separate routing table and other routing information can be used for updating the forwarding information 192 with each of routing instances 194. In this respect, routing instances 194 each include separate forwarding information for use by data plane 172B in forwarding traffic in accordance with the corresponding routing instance to be updated). 
          Guichard in view of Li does explicitly teach wherein the method further comprises: applying the level of confidentiality to be applied to the SDN Data path to the updated routing table entries.
            However, Hu teaches about flow table manager and a flow table in security system in SDN wherein the method further comprises: applying the level of confidentiality to be applied to the SDN Data path to the updated routing table entries (Hu teaches in ¶ [0031] and [0037] that how to use or apply a confidentiality level and a flow of table in the SDN system by providing different modules to control the flow table and the security confidentiality and updating, and deleting of flow entries in flow tables 134).
          Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include different modules such as security confidentiality, flow table and flow manager table modules ([0031] and [0037]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to manage searching, adding, updating, and deleting of flow entries in flow tables so that the flow table manager easily confirms that new flow rules are correctly inserted into the flow tables.

Regarding claim 9.
            Hu further teaches wherein users of the SDN are associated with at least one level of confidentiality (Hu teaches in ¶ [0035] that how the user and gust are associated in a specified security privilege level), and wherein users of the SDN are associated with at least one level of confidentiality (Hu teaches in ¶ [0035] that how the user and gust are associated based on a privilege security level in a role with higher security privilege level in order to access the SDN controller), and wherein applying the level of confidentiality to be applied to the SDN Data path to the updated routing table entries (Hu teaches in ¶ [0025] about “security privilege level of role attribute is used to specify different security privilege levels for different roles of policy creators. Hierarchical levels from the highest to the lowest may be L5, L4, L3, L2, L1, and L0 in the SDN) and further the security privilege level attributes uses the flow table manager to manage searching, adding, updating, and deleting of flow entries in flow tables 134 as disclosed in ¶ [0036]-[0037]), comprises allowing access to the updated routing table entries to only those users having an associated level of confidentiality that corresponds to the level of confidentiality to be applied to the SDN Data path (Hu teaches in [0025], that the “hierarchical levels from the highest to the lowest may be L5, L4, L3, L2, L1, and L0. The role with the relatively higher security privilege level is given more rights to access the SDN controller...”).
          Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include different modules such as security confidentiality, flow table and flow manager table modules ([0025] and [0036]-[0037]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to manage searching, adding, updating, and deleting of flow entries in flow tables so that the flow table manager easily confirms that new flow rules are correctly inserted into the flow tables.

Regarding claim 10. 
wherein users of the SDN are associated with at least one level of confidentiality (Hu teaches in ¶ [0025], that the “hierarchical levels from the highest to the lowest may be L5, L4, L3, L2, L1, and L0. The role with the relatively higher security privilege level is given more rights to access the SDN controller...”),and wherein applying the level of confidentiality to be applied to the SDN Data path to the updated routing table entries comprises allowing visibility of the updated routing table entries to only those users having an associated level of confidentiality that corresponds to the level of confidentiality to be applied to the SDN Data path (Hu teaches in ¶ [0037], “the flow table manager 132 is configured to manage searching, adding, updating of flow entries in flow tables 134 checks if a new flow rule is in conflict with an old (previous) flow rule before inserting new flow rules” in order to the hierarchical level of the security privilege can be determined relatively to the higher security privilege level and given more rights to access the SDN controller as disclosed in ¶ [0025]).
           Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include different modules such as security confidentiality, flow table and flow manager table modules ([0025] and [0037]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to manage searching, adding, updating, and deleting of flow entries in flow tables so that the flow table manager easily confirms that new flow rules are correctly inserted into the flow tables.

Regarding claim 14. Guichard in view of Li teaches a method as claimed in claim 13.
          Guichard in view of Li further teaches the method of: obtaining a level of confidentiality attribute for the resource (Guichard ¶ [0029]-[0030], PCE element 8 removes the forwarding information and implementing the requested paths and frees the resources for future paths by identifying/obtaining the paths that are not visible to anyone (level of confidentiality)); and allocating the resource to the SD if the geographic location attribute and the level of confidentiality attribute satisfy the entry requirements (Li, [Col. 3, lines 45-60], teaches the controllable table lookup (populating the candidate set in the lookup table) for costs (attributes or parameter) to determine or satisfy the obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access). While Guichard in view of Li teaches the SD (secured domain) system Guichard in view of Li does not explicitly teach comparing the level of confidentiality attribute to entry requirements for the SD.
        However, Hu teaches comparing the level of confidentiality attribute to entry requirements for the SD (Hu teaches in Fig. 1 and ¶ [0035] that how the confidentiality and security level applied in the SDN controller and policy creator (user security request generator) and how the SDN controller operating system performs or causing the security privilege level of the role of the creator (policy creator generates the user request) of the security policy, can be stored and processed and protected in a trusted environment as disclosed in ¶ [0045]). 
           Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include confidentiality and security level applied in the SDN controller and policy creator (user security request generator) ([0035]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to automatically and promptly reacting to new security attacks, and supporting packet data scan detection in SDN system.

Regarding claim 15. 
         Hu further teaches wherein the level of confidentiality attribute of a resource is associated with at least one other attribute of the resource (Hu teaches in ¶ [0031] and [0037] the confidentiality level and the flow entries in flow tables 134. The flow table manager 132 confirms that new flow rules are correctly inserted into the flow tables 134). 


Regarding claim 16.
       Li in view of Hu further teaches wherein the level of confidentiality attribute of the resource is associated with the geographic location attribute of the resource (Li teaches in [Col. 3, lines 45-60], teaches the controllable table lookup (populating the candidate set in the lookup table) for costs (attributes or parameter) to determine or satisfy the obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access) and further teaches in ¶ [0031] and [0037] the confidentiality level and the flow entries in flow tables 134. The flow table manager 132 confirms that new flow rules are correctly inserted into the flow tables 134).
             Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the flow table manager 132 confirms that new flow rules are correctly inserted into the flow tables 134 ([0031] and [0037]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to manage searching, adding, updating, and deleting of flow entries in flow tables so that the flow table manager easily confirms that new flow rules are correctly inserted into the flow tables in efficient manner.

Regarding claim 17. Guichard in view of Li further in view of Hu teaches a method as claimed in claim 14.
             Li in view of Hu further teaches wherein users of the SDN are associated with at least one level of confidentiality (Hu teaches in ¶ [0025], that the “hierarchical levels from the highest to the lowest may be L5, L4, L3, L2, L1, and L0. The role with the relatively higher security privilege level is given more rights to access the SDN controller...”), wherein the geographic location attribute and level of confidentiality attribute of a resource are allocated to the resource by a user, and wherein obtaining the geographic location attribute and level of confidentiality attribute for the resource (Li teaches in [Col. 3, lines 45-60], teaches the controllable table lookup (populating the candidate set in the lookup table) for costs (attributes or parameter) to determine or satisfy the obtained limited geographic region or zone to provide network access resources by dividing the coverage of the network access) and further teaches in ¶ [0031] and [0037] the confidentiality level and the flow entries in flow tables 134. The flow table manager 132 confirms that new flow rules are correctly inserted into the flow tables 134) further comprises: comparing the level of confidentiality attribute of the resource to the or each level of confidentiality associated with the user, and if the level of confidentiality attribute of the resource corresponds to at least one of the levels of confidentiality associated with the user(Hu teaches in Fig. 1 and ¶ [0035] that how the confidentiality and security level applied in the SDN controller and policy creator (user security request generator) and how the SDN controller operating system performs or causing the security privilege level of the role of the creator (policy creator generates the user request) of the security policy, can be stored and processed and protected in a trusted environment as disclosed in ¶ [0045]). Guichard in view of Li teaches about SD (secured domain system) but Guichard in view of Li does not explicitly teach proceeding to compare the geographic location attribute and level of confidentiality attribute of the resource to entry requirements for the SD.
proceeding to compare the geographic location attribute and level of confidentiality attribute of the resource to entry requirements for the SD (Hu teaches that how the level of role attributes configuring to specify the security privilege level given (i.e., assign) to each role set by the module 128 so that the security privilege levels of roles can be set (i.e., proceeding to compare) as follows: security administrator -L5 (highest); general administrator -L4; user -L2; and guest -L1. The role with higher security privilege level is given more rights to access the SDN controller. For example, the policy created by the creator role of guest (i.e., level of confidentiality associated with user) will be replaced by the policy created by the creator role of security administrator in ¶ [0035] see also ¶ [0036] and [0044], role of the policy creator). 
         Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the method of storing different security policies and security privilege level of role of the creator ([0045]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to ensure that sensitive data processed and protected in a trusted environment in efficient manner.

Regarding claim 18.
          Guichard in view of Li teaches DNS (SD) but Guichard in view of Li does not explicitly teach if the resource is allocated to the SD, allowing access to the resource only to those users having an associated level of confidentiality that corresponds to the level of confidentiality attribute of the resource. 
         However, Hu further teaches if the resource is allocated to the SD, allowing access to the resource only to those users having an associated level of confidentiality that corresponds to the level of confidentiality attribute of the resource (Hu teaches in ¶ [0031] and [0037] that how the user and gust are associated with or related to the security level associated, how to use or apply a confidentiality level 
          Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include different modules such as security confidentiality, flow table and flow manager table modules ([0031] and [0037]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to manage searching, adding, updating, and deleting of flow entries in flow tables so that the flow table manager easily confirms that new flow rules are correctly inserted into the flow tables.

Regarding claim 19.
        Guichard in view of Li teaches DNS (SD) but Guichard in view of Li does not explicitly teach if the resource is allocated to the SD, allowing visibility of the resource only to those users having an associated level of confidentiality that corresponds to the level of confidentiality attribute of the resource.
      However, Hu teaches if the resource is allocated to the SD, allowing visibility of the resource only to those users having an associated level of confidentiality that corresponds to the level of confidentiality attribute of the resource (Hu teaches in ¶ [0031] and ¶ [0037] that how the user and gust are associated with or related to the security level associated and the SDN controller associated with the corresponding level of confidentiality by providing flow table manager, flow table module and confidentiality module and allowing a log process for a trusted execution environment in ¶ [0031] and [0037]). 


Regarding claim 20.
         Guichard further teaches determining whether an assigned role of the user is compatible with configuring a resource for the SD (Guichard ¶ [0025], “a requested path for traffic may traverse only the base network domain as a simple network route, for instance, from network switch 6A to network switch 6B. However, some paths may traverse multiple domains”).
          Guichard in view of Li does not explicitly teach if the assigned role of the user is compatible with configuring a resource for the SD, proceeding to compare the level of confidentiality attribute of the resource to .
        However, Hu teaches if the assigned role of the user is compatible with configuring a resource for the SD, proceeding to compare the level of confidentiality attribute of the resource to (Hu teaches that how the level of role attributes configuring to specify the security privilege level given (i.e., assign) to each role set by the module 128 so that the security privilege levels of roles can be set (i.e., proceeding to compare) as follows: security administrator -L5 (highest); general administrator -L4; user -L2; and guest -L1. The role with higher security privilege level is given more rights to access the SDN controller. For example, the policy created by the creator role of guest (i.e., level of confidentiality associated with user) will be replaced by the 
         Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the method of storing different security policies and security privilege level of role of the creator ([0045]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to ensure that sensitive data processed and protected in a trusted environment in efficient manner.

Regarding claim 21.
      Hu further teaches wherein the assigned role of the user is comprised within a hierarchy of roles including user and administrator roles (Hu teaches in ¶ [0025]that the hierarchical levels from the highest to the lowest may be L5, L4, L3, L2, L1, and L0. The role with the relatively higher security privilege level is given more rights to access the SDN controller which includes security administrator -L5 (highest); general administrator -L4; user -L2; and guest -L1).     
            Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the method of setting the roles in the hierarchical levels from the highest to the lowest ([0025]) of Hu into Guichard in view of Li invention. One would have been motivated to do so in order to ensure that sensitive data processed and protected in a trusted environment in efficient manner.

Regarding claim 23.
            Guichard in view of Li further teaches populating the level of confidentiality attribute of the resource into a resource database of a controller of the SDN (Guichard teaches in ¶ [0050], diabase element 54 stores topology information of the network layer and one or more overlay network layers of 
         Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the controllable table lookup (populating the candidate set in the lookup table) for costs ([Col. 3, lines 45-60]) of Li into a network that constitutes a path computation domain for PCE 8, further in view of Hu invention. One would have been motivated to do so in order to ensure that sensitive data processed and protected in a trusted environment in efficient manner.

Regarding claim 29.
Claim 29 incorporates substantively all the limitations of claim 7 in apparatus form and is rejected under the same rationale.
Regarding claim 32.
Claim 32 incorporates substantively all the limitations of claim 14 in apparatus form and is rejected under the same rationale.
Regarding claim 33.
Claim 33 incorporates substantively all the limitations of claim 17 in apparatus form and is rejected under the same rationale.
Response to Arguments
        Applicant’s arguments with respect to the previous claims 1-35 (dated on 12/16/2020, Remarks
Pages, 12-15) have been considered but are moot based on the new ground of rejection and thus, the arguments do not apply to current combination of the references being used in the current rejection.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BERHANU SHITAYEWOLDETSADIK whose telephone number is (571)270-7142.  The examiner can normally be reached on M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached on 5712723865.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BERHANU SHITAYEWOLDETADIK/Examiner, Art Unit 2455

/EMMANUEL L MOISE/Supervisory Patent Examiner, Art Unit 2455