Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
Claims 1-9, 25-26, and 34-41 are presented for examination.



Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/11/2020 and 09/06/2019 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.


Drawings
The drawings filed on 09/09/2019 are accepted by the examiner.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


1.	Claims 1 and 25-26 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Duggirala et al. (WO Publication No. WO 2015/053850 A1, hereinafter “Duggirala”).

Regarding claim 1, Duggirala teaches a data processing method, comprising: acquiring a first data packet in a local client network; determining sensitive data in the first data packet (Duggirala, (para. [0026-0027]), the data packet from the first virtual machine VMl to the second virtual machine VM2 would contain a source IP address (i.e. sensitive data) of 192.168.10.74 and a destination IP address (i.e. sensitive data) of 192.168.10.130 as shown at step 201. This packet is intercepted ….. the AON layer indexes the location table 230 by the source logical IP address and the destination logical IP address(es) and retrieves their corresponding physical IP addresses); masking the sensitive data in the first data packet, and then generating a second data packet from the first data packet; and sending the second data packet generated (Duggirala, (para. [0027]), the AON layer then replaces (i.e. masking) the logical IP addresses (source and destination) in the header of the original data packet with the retrieved physical IP addresses; (para. [0028]), the transformed data packet (i.e. generated second data packet) is then transmitted over the physical network).  

Regarding claim 25, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

Regarding claim 26, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


2.	Claims 2-8, 34-41 rejected under 35 U.S.C. 103 as being unpatentable over Duggirala et al. as applied to claims 1 and 25-26 respectively, further in view of Gross et al. (US Pub No. 2015/0009995, hereinafter “Gross”).

Regarding claim 2, Duggirala does disclose, the method of claim 1, wherein the determining of the sensitive data in the first data packet comprises: 
determining, from a configured sensitive data mapping table, a first mapping table entry matching sensitive data mapping information of the first data packet; wherein a mapping table entry in a sensitive data mapping table records an item of sensitive data mapping information (Duggirala, (para. [0026-0027]), tthis packet is intercepted ….. the AON layer indexes the location table 230 by the source logical IP address and the destination logical IP address(es) and retrieves their corresponding physical IP addresses). 

 does not explicitly disclose but the analogous art Gross discloses, determining the sensitive data in the first data packet based upon sensitive data positioning information recorded in the first mapping table entry determined, 
[wherein a mapping table entry in a sensitive data mapping table records an item of sensitive data mapping information,] an item of sensitive data positioning information and a correspondence between the item of sensitive data mapping information and the item of sensitive data positioning information (Gross, (para. [0005]), … add a first logical context tag having a first length to the packet's header, …; (para. [0166]), the header includes a set of fields that contains information used for routing the packet through a network. Switching elements may determine switching decisions based on the fields contained in the header and may, in some cases, modify some or all of the header fields. Some embodiments determine switching decisions based on flow entries in the switching elements' forwarding tables), and wherein the sensitive data mapping information includes keyword information for determining sensitive data; and the sensitive data positioning information is usable to indicate a position of sensitive data in a data packet including the sensitive data mapping information (Gross, (para. [0174]), the packet is processed against a logical L2 (layer 2) table to determine a logical outport, which corresponds to a logical port of the logical switching element through which the packet is to be sent. As shown by arrows pointing from the fields below to the stage 1240, the L2 table operates on the 16-bit logical inport field and the 32-bit VRF field of the packet's 64-bit logical context tag in addition to the destination MAC address of the packet).  
before the effective filing date of the claimed invention to modify the invention of Duggirala by including positioning information in table taught by Gross for the advantage of preventing tenant-hopping attacks (Gross, (para. [0161])).

Regarding claim 3, the combination of Duggirala-Gross does disclose the method of claim 2, further comprising: receiving an item of sensitive data mapping information (Duggirala, (para. [0027]), the AON layer then replaces (i.e. masking) the logical IP addresses (source and destination) in the header of the original data packet with the retrieved physical IP addresses) and an item of sensitive data positioning information corresponding to the sensitive data mapping information, wherein the sensitive data mapping information received has not been configured (Gross, (para. [0005]), … add a first logical context tag having a first length to the packet's header, …; (para. [0166]), the header includes a set of fields that contains information used for routing the packet through a network. Switching elements may determine switching decisions based on the fields contained in the header and may, in some cases, modify some or all of the header fields. Some embodiments determine switching decisions based on flow entries in the switching elements' forwarding tables); adding a mapping table entry in the sensitive data mapping table, and recording in the added mapping table entry the sensitive data mapping information received, the sensitive data positioning information received and a correspondence between the sensitive data mapping information received and the sensitive data positioning information received (Gross, (para. [0180]), the managed switching element 1310 identifies a record indicated by an encircled 1 (referred to as "record 1") in the forwarding tables that implements the context mapping of the stage 1340. The record 1 identifies the packet 1330's logical context based on the inport, which is the VIF through which the packet 1330 is received from the VM 1).  

Regarding claim 4, the combination of Duggirala-Gross does disclose the method of claims 1, wherein the masking of the sensitive data in the first data packet includes replacing the sensitive data in the first data packet; and, after the replacing of the sensitive data in the first data packet (Duggirala, (para. [0027]), the AON layer then replaces (i.e. masking) the logical IP addresses (source and destination) in the header of the original data packet with the retrieved physical IP addresses), recording a first replacement data item, wherein the first replacement data item includes: the sensitive data replaced in the first data packet, replacement data used to replace the sensitive data in the first data packet, and a correspondence between the sensitive data replaced in the first data packet and the replacement data used (Gross, (para. [0181] and figure 13), based on the logical context and/or other fields stored in the packet 1330's header, the managed switching element 1310 identifies a record indicated by an encircled 2 (referred to as "record 2") in the forwarding tables that implements the ingress ACL of the stage 1350).  

Regarding claim 5, the combination of Duggirala-Gross does disclose the method of claim 4, further comprising, after sending the second data packet generated: receiving Gross, (para. [0182-0183] and figure 13), the managed switching element 1310 identifies, based on the logical context and/or other fields stored in the packet 1330's header, a record indicated by an encircled 3 (referred to as "record 3") in the forwarding tables that implements the logical L2 forwarding of the stage 1360. The record 3 identifies the logical port of the logical switching element, which is implemented by the managed switching elements 1310 and 1320, to which the packet 1330 is to be forwarded. The record 3 also specifies that the packet 1330 be further processed by the forwarding tables (e.g., by sending the packet 1330 to a dispatch port). Also, the record 3 specifies that the managed switching element 1310 store the logical context in the set of fields of the packet 1330's header).  

Regarding claim 6, the combination of Duggirala-Gross does disclose the method claims 1, wherein the masking of the sensitive data in the first data packet comprises: subjecting the sensitive data in the first data packet to a masking operation (Duggirala, (para. [0027]), the AON layer then replaces (i.e. masking) the logical IP addresses (source and destination) in the header of the original data packet with the retrieved physical IP addresses); and recording, after the subjecting the sensitive data in the first data packet to the masking operation a first Gross, (para. [0166, 0181] and figure 13), Switching elements may determine switching decisions based on the fields contained in the header and may, in some cases, modify some or all of the header fields. Some embodiments determine switching decisions based on flow entries in the switching elements' forwarding tables; based on the logical context and/or other fields stored in the packet 1330's header, the managed switching element 1310 identifies a record indicated by an encircled 2 (referred to as "record 2") in the forwarding tables that implements the ingress ACL of the stage 1350).
  
Regarding claim 7, the combination of Duggirala-Gross does disclose the method of claim 6, further comprising, after the sending of the second data packet generated: receiving the second data packet, returned after the sending; acquiring the sensitive data that has undergone the masking operation in the second data packet; determining the first masking operation item based upon the acquired sensitive data that has undergone the masking operation; and restoring the sensitive data replaced in the first data packet according to the first masking operation item (Gross, (para. [0166, 0181] and figure 13), Switching elements may determine switching decisions based on the fields contained in the header and may, in some cases, modify some or all of the header fields. Some embodiments determine switching decisions based on flow entries in the switching elements' forwarding tables; based on the logical context and/or other fields stored in the packet 1330's header, the managed switching element 1310 identifies a record indicated by an encircled 2 (referred to as "record 2") in the forwarding tables that implements the ingress ACL of the stage 1350).  

Regarding claim 8, the combination of Duggirala-Gross does disclose the method of claims 1, further comprising: generating a masking tag, wherein one of the masking tag is used to identify whether the second data packet comprises masked sensitive data, or the masking tag is used to identify a data type of masked sensitive data in the second data packet (Gross, (para. [0046, 0111, 0167, 0173]), the managed non-edge forwarding element 415 decapsulates the packet and extracts, from the packet's header, a logical context tag. The managed non-edge forwarding element 415 then processes the packet based on the logical context tag. The managed non-edge forwarding element 415 then encapsulates the packet with its own 32-bit rich context data and forwards it to the managed edge forwarding element 415); and sending the masking tag (Duggirala, (para. [0028]), the transformed data packet (i.e. generated second data packet) is then transmitted over the physical network).  

Regarding claim 9, the combination of Duggirala-Gross does disclose the method of claim 8, wherein the sending the masking tag comprises one of: sending the masking Gross, (para. [0046, 0167, 0173]), the managed non-edge forwarding element 415 decapsulates the packet and extracts, from the packet's header, a logical context tag. The managed non-edge forwarding element 415 then processes the packet based on the logical context tag. The managed non-edge forwarding element 415 then encapsulates the packet with its own 32-bit rich context data and forwards it to the managed edge forwarding element 415; (para. [0111]), the tunnel option or rich logical context tag includes various option metadata, including a type 805, length 810, critical option 815, and a set of option control flags 820).

Claims 10-34 are cancelled.

Claims 27-33 are cancelled.

Regarding claim 34, the substance of the claimed invention is similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.

Regarding claim 35, the substance of the claimed invention is similar to that of claim 4. Accordingly, this claim is rejected under the same rationale.

Regarding claim 36, the substance of the claimed invention is similar to that of claim 6. Accordingly, this claim is rejected under the same rationale.

Regarding claim 37, the substance of the claimed invention is similar to that of claim 8. Accordingly, this claim is rejected under the same rationale.

Regarding claim 38, the substance of the claimed invention is similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.

Regarding claim 39, the substance of the claimed invention is similar to that of claim 4. Accordingly, this claim is rejected under the same rationale.

Regarding claim 40, the substance of the claimed invention is similar to that of claim 6. Accordingly, this claim is rejected under the same rationale.

Regarding claim 41, the substance of the claimed invention is similar to that of claim 8. Accordingly, this claim is rejected under the same rationale.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI	whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST.    If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeffrey L. Nickerson can be reach on (469) 295-9235. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.


/MORSHED MEHEDI/Primary Examiner, Art Unit 2432