DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted was filed after the mailing date.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-3, 5-10, 12-17, 19-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rahman (US 20070091875 A1).

Regarding claim 1, Rahman teaches:
A device, comprising: one or more processors; and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause the device to perform operations [Figure 1 shows mobile device with modules including 140a implemented with processors ¶0022] comprising: 
detecting, by a mobile agent of the device [Figure 1 shows 140a see Figure 2 mobile agent module on device], a request to route traffic to a service associated with an application [¶0038-42, 140a shows the modules on a mobile device for labeling and generating data, and ¶0051-55 teaches application 112 and module 140 on mobile device generate and therefore detect a request to route traffic for an application service];
identifying, by the mobile agent, an application identifier associated with the application [¶0038-42, wherein for unlabeled traffic pertaining to an application, ALSRGW 140 in mobile device identifies the session based on port information considered application identifier]; 
selecting, by the mobile agent and using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes one or more routes [¶0039-42, label selected using a routing table, including information indicating how to reach an ASP considered route see tables 148. 141]; 
and routing, by the mobile agent, the traffic to the service associated with the application using the label [¶0039-42, sending packet on outgoing session to ASP via 144 Figure 2 with the label on session to terminating server].

Regarding claim 2, Rahman teaches:
The device of Claim 1, wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services [See ¶0057 and Figure 7, wherein an exemplary model includes a firewall and the labels support firewall services e.g. accessing data behind-the-firewall without the firewall opening a hole].

Regarding claim 3, Rahman teaches:
The device of Claim 1, wherein a head-end node: receives the label [¶0052-55, ALSRGW 140b receives data with labels]; maintains one or more policies in a policy table [¶0052-55 head end node maintains table GLSPM 147 with entries]; and uses the one or more policies and the label to route the traffic to the service associated with the application [¶0052-55, sending and receiving data based on the label, forwarded over session 123].



Regarding claim 5, Rahman teaches:
The device of Claim 1, wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN); a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label [¶0058 wherein an exemplary model includes labels within a VPN thus associated with VPN].

Regarding claim 6, Rahman teaches:
The device of Claim 1, wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service [Figure 7, firewall-protected enterprise model ¶0057 considered private enterprise service ¶0022].

Regarding claim 7, Rahman teaches:
The device of Claim 1, the operations further comprising: maintaining, by the mobile agent, a policy table comprising one or more policies [¶0039-40 mapping table at ALSRGW based on port of session considered policies]; and mapping, by the mobile agent, the application identifier associated with the application to the label using the one or more policies [¶0038-45, unlabeled data labeled based on table with policy].

Regarding claim 8, Rahman teaches:
A method, comprising: detecting [Figure 1 shows 140a see Figure 2 mobile agent module on device] a request to route traffic to a service associated with an application  [¶0038-42, 140a shows the modules on a mobile device for labeling and generating data, and ¶0051-55 teaches application 112 and module 140 on mobile device generate and therefore detect a request to route traffic for an application service]; identifying an application identifier associated with the application [¶0038-42, wherein for unlabeled traffic pertaining to an application, ALSRGW 140 in mobile device identifies the session based on port information considered application identifier]; selecting, using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes one or more routes [¶0039-42, label selected using a routing table, including information indicating how to reach an ASP considered route see tables 148, 141]; and routing the traffic to the service associated with the application using the label [¶0039-42, sending packet on outgoing session to ASP via 144 Figure 2].

Regarding claim 9, Rahman teaches:
The method of Claim 8, wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services [See ¶0057 and Figure 7, wherein an exemplary model includes a firewall and the labels support firewall services e.g. accessing data behind-the-firewall without the firewall opening a hole].

Regarding claim 10, Rahman teaches:
The method of Claim 8, wherein a head-end node: receives the label [¶0052-55, ALSRGW 140b receives data with labels]; maintains one or more policies in a policy table [¶0052-55 head end node maintains table GLSPM 147 with entries]; and uses the one or more policies and the label to route the traffic to the service associated with the application [¶0052-55, sending and receiving data based on the label, forwarded over session 123].

Regarding claim 12, Rahman teaches:
The method of Claim 8, wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN) a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label [¶0058 wherein an exemplary model includes labels within a VPN thus associated with VPN].


The method of Claim 8, wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service [Figure 7, firewall-protected enterprise model ¶0057 considered private enterprise service ¶0022].

Regarding claim 14, Rahman teaches:
The method of Claim 8, further comprising: maintaining a policy table comprising one or more policies [¶0039-40 mapping table at ALSRGW based on port of session considered policies]; and mapping the application identifier associated with the application to the label using the one or more policies [¶0038-45, unlabeled data labeled based on table with policy].

Regarding claim 15, Rahman teaches:
One or more computer-readable non-transitory storage media embodying instructions that, when executed by a processor, cause the processor to perform operations [Figure 1 shows mobile device with modules including 140a implemented with processors ¶0022] comprising: detecting [Figure 1 shows 140a see Figure 2 mobile agent module on device] a request to route traffic to a service associated with an application  [¶0038-42, 140a shows the modules on a mobile device for labeling and generating data, and ¶0051-55 teaches application 112 and module 140 on mobile device generate and therefore detect a request to route traffic for an application service]; identifying an application identifier associated with the application [¶0038-42, wherein for unlabeled traffic pertaining to an application that was requested to be initiated, ALSRGW 140 in mobile device identifies the session based on port information considered application identifier];  selecting, using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes one or more routes [¶0039-42, label selected using a routing table, including information indicating how to reach an ASP considered route see tables 148. 141]; and routing the traffic to the service associated with the application using the label [¶0039-42, sending packet on outgoing session to ASP via 144 Figure 2].

Regarding claim 16, Rahman teaches:
The one or more computer-readable non-transitory storage media of Claim 15, wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services [See ¶0057 and Figure 7, wherein an exemplary model includes a firewall and the labels support firewall services e.g. accessing data behind-the-firewall without the firewall opening a hole].

Regarding claim 17, Rahman teaches:
The one or more computer-readable non-transitory storage media of Claim 15, wherein a head-end node: receives the label [¶0052-55, ALSRGW 140b receives data with labels]; maintains one or more policies in a policy table [¶0052-55 head end node maintains table GLSPM 147 with entries]; and uses the one or more policies and the label to route the traffic to the service associated with the application [¶0052-55, sending and receiving data based on the label, forwarded over session 123]..


Regarding claim 19, Rahman teaches:
The one or more computer-readable non-transitory storage media of Claim 15, wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN) a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label [¶0058 wherein an exemplary model includes labels within a VPN thus associated with VPN].

Regarding claim 20, Rahman teaches:
The one or more computer-readable non-transitory storage media of Claim 15, wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a [Figure 7, firewall-protected enterprise model ¶0057 considered private enterprise service ¶0022].

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 4, 11, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rahman (US 20070091875 A1) in view of Stahura et al. (“Stahura”) (US 20160173440 A1).

Regarding claim 4, Rahman teaches:
The device of Claim 1, the operations further comprising: receiving, by the mobile agent, a request; and using the application identifier to map the request to the label [¶0052-55 application request assigned to a label based on the application and mapping at mobile device 140a, thus request is received by modules of 140a that map the request to a label for transmission].
Rahman teaches a request but does not teach a DNS request.
Stahura teaches wherein the request is a Domain Name System (DNS) request [¶0027-31, remote device wherein request “received” at mobile agent comprising labels added to the received DNS request see ¶0010, ¶0015-23 Figure 1, 3 wherein request received at modules from DNS messenger 164].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to teach adding a label. Rahman teaches a request is received at a module of the mobile agent 140a for transmission to establish a label session with a server see Figure 2, ¶0052-55. Rahman does not teach this is a DNS request however it would have been obvious to modify Rahman to teach a DNS request as in Stahura as Stahura teaches DNS requests comprising specific labels as generated and received at different modules of a remote device for purposes of obtaining mappings from a domain name to a corresponding IP address ¶0010.

Regarding claim 11, Rahman teaches:
The method of Claim 8, further comprising: receiving a request; and using the application identifier to map the request to the label [¶0052-55 application request assigned to a label based on the application and mapping at mobile device 140a, thus request is received by modules of 140a that map the request to a label for transmission].
Stahura teaches wherein the request is a Domain Name System (DNS) request [¶0027-31, remote device wherein request “received” at mobile agent comprising labels added to the received DNS request see ¶0010, ¶0015-23 Figure 1, 3 wherein request received at modules from DNS messenger 164].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to teach adding a label. Rahman teaches a request is received at a module of the mobile agent 140a for transmission to establish a label session with a server see Figure 2, ¶0052-55. Rahman does not teach this is a DNS request however it would have been obvious to modify Rahman to teach a DNS request as in Stahura as Stahura teaches DNS requests comprising specific labels as generated and received at different modules of a remote device for purposes of obtaining mappings from a domain name to a corresponding IP address ¶0010.

[¶0052-55 application request assigned to a label based on the application and mapping at mobile device 140a, thus request is received by modules of 140a that map the request to a label for transmission].
Rahman teaches a request but does not teach a DNS request.
Stahura teaches wherein the request is a Domain Name System (DNS) request [¶0027-31, remote device wherein request “received” at mobile agent comprising labels added to the received DNS request see ¶0010, ¶0015-23 Figure 1, 3 wherein request received at modules from DNS messenger 164].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to teach adding a label. Rahman teaches a request is received at a module of the mobile agent 140a for transmission to establish a label session with a server see Figure 2, ¶0052-55. Rahman does not teach this is a DNS request however it would have been obvious to modify Rahman to teach a DNS request as in Stahura as Stahura teaches DNS requests comprising specific labels as generated and received at different modules of a remote device for purposes of obtaining mappings from a domain name to a corresponding IP address ¶0010.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Salkintzis (US 20160142963 A1) Figure 3-4 teach apply a label to traffic based on attributes from network.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY L. VOGEL whose telephone number is (303)297-4322.  The examiner can normally be reached on Monday-Friday 8AM-4:30 PM ET.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Edan Orgad can be reached on 571-272-7884.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JAY L VOGEL/             Examiner, Art Unit 2478