DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This office action has been changed in response to the amendment filed on 12/16/2020.  
Claims 1, 5, 8, 12, 15 and 19 have been amended.  

Information Disclosure Statement
The information disclosure statement filed on 1/7/2021 has been considered.  

Response to Arguments
Applicant's arguments filed 12/16/2020 have been fully considered but they are not persuasive.
In response to the Applicant’s argument that Kokkula does not disclose establishing an interactive session between the appliance and a mobile device (Page 9), the Examiner agrees.  
	However, Mohan describes establishing a session with a mobile device, wherein the session is an interactive session between the apparatus and the mobile device.  (Page 4 [0028] “any one or more of subscriber devices 16 may request authorization and data services by sending a session request to a gateway device such as SD-WAN 
In response to the Applicant’s argument that Kokkula does not disclose “filtering, during the interactive session with the mobile device”, the Examiner agrees.  
	However, Mohan discloses filtering, during the interactive session with the mobile device, the SD-WAN policies.  (Page 5 [0039] i.e. updating the profiles for the packet size and burst size of the data flows)
Apologies for not attempting an Interview/Examiner’s Amendment to incorporate claim 5 into claim 1; the Examiner ran into time constraints.  This incorporation can occur after Final though. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 8-11 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Kokkula et al. (US-2017/0111233 hereinafter, Kokkula) in view of Mohan et al. (US-2020/0153701 hereinafter, Mohan).
	Regarding claim 1, Kokkula teaches an apparatus (Fig. 2A [200] and Fig. 1B [158A]), comprising:
	one or more processors; (Fig. 2A [221])
	one or more computer-readable non-transitory storage media (Fig. 2A [228]) coupled to the one or more processors (Fig. 2A [via 250]) and comprising instructions that, when executed by the one or more processors, cause the apparatus to perform operations comprising:
		receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network; (Page 3 [0029] “SD-WAN”, Page 5 [0041] and Pages 5-6 [0046])
		establishing a session with a mobile device; (Page 9 [0070] and Fig. 4 [402])
		receiving information associated with the mobile device in response to establishing the session with the mobile device; (Pages 5-6 [0046] “specific user”)
		filtering the SD-WAN policies based on the first group identity and the information associated with the mobile device to generate SD-WAN device-specific policies; (Pages 5-6 [0046] “traffic profile can be dynamically updated or a different traffic profile can be selected in real-time” … for “a specific user” and “whether the user subscribes to a certain level of network service”) and
		communicating the SD-WAN device-specific policies to the mobile device.  (Page 9 [0067] “report generation module 370 is configured to generate an output, such 340, an output of decision module, or a combination of both. The output can be provided as part of a web service, and can also be transmitted by interface 318N to another device (e.g., a client device) or to another processes for, for example, displaying, and/or for further analysis”)
	Kokkula differs from the claimed invention by not explicitly reciting wherein the session is an interactive session between the apparatus and the mobile device, receiving authentication, authorization and accounting (AAA) information from an AAA server, also filtering the SD-WAN policies based on the AAA information, filtering during the interactive session with the mobile device and that the apparatus is a gateway.  
	In an analogous art, Mohan teaches a method and system for predicting and evaluating application quality for efficient transmission routing (Abstract) that includes having a gateway device that is an SD-WAN appliance (Fig. 1 [18]), establishing a session with a mobile device, wherein the session is an interactive session between the apparatus and the mobile device (Fig. 1 [16] and Page 4 [0028] “any one or more of subscriber devices 16 may request authorization and data services by sending a session request to a gateway device such as SD-WAN appliance 18 or router 8.”), using a AAA server to authenticate the subscriber device requesting network access (Page 4 [0028]) in order to authenticate and authorize the use of specific network services, filtering during the interactive session with the mobile device (Page 5 [0039] i.e. updating the profiles for the packet size and burst size of the data flows) provided by the network along device specific service chains based on a particular subscriber service profile.  (Page 4 [0027 & 0031])

	Regarding claim 2, Kokkula in view of Mohan teaches the operations further comprising:
	receiving updated SD-WAN policies from the component of the SD-WAN network; (Kokkula Page 5 [0042] and Pages 5-6 [0046])
	filtering the updated SD-WAN policies based on the information associated with the mobile device to generate updated SD-WAN device-specific policies; (Kokkula Pages 5-6 [0046]) and
	communicating the updated SD-WAN device-specific policies to the mobile device.  (Kokkula Pages 5-6 [0046] “the association between the traffic profile and the aforementioned parameters can be updated dynamically based on, for example, the current network load. For example, if there is a spike in the network load, the traffic profile can be dynamically updated (or a different traffic profile can be selected), in real-time, for a particular type of network traffic, application, and/or a specific user to adapt to the spike”)

	receiving updated information associated with the mobile device; (Kokkula Page 5 [0045] and Pages 5-6 [0046])
	filtering the updated SD-WAN policies based on the information associated with the mobile device to generate updated SD-WAN device-specific policies; (Kokkula Pages 5-6 [0046]) and
	communicating the updated SD-WAN device-specific policies to the mobile device.  (Kokkula Pages 5-6 [0046] “the association between the traffic profile and the aforementioned parameters can be updated dynamically based on, for example, the current network load. For example, if there is a spike in the network load, the traffic profile can be dynamically updated (or a different traffic profile can be selected), in real-time, for a particular type of network traffic, application, and/or a specific user to adapt to the spike”)
	Regarding claim 4, Kokkula in view of Mohan teaches wherein the SD-WAN policies comprise at least one of the following types of policies:
	access policies;
	segmentation-based policies; (Kokkula Pages 5-6 [0046])
	flow classification policies; or
	path selection policies.  
	Regarding claims 8-11, the limitations of claims 8-11 are rejected as being the same reasons set forth above in claims 1-4.  
.  
	










Claims 6, 7, 13, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kokkula in view of Mohan as applied to claims 1, 8 and 15 above, and further in view of NetScaler SD-WAN 9.2 June 14, 2017.
	Regarding claim 6, Kokkula in view of Mohan differs from the claimed invention by not explicitly reciting the apparatus is a virtual routing and forwarding (VRF) enterprise Internet Protocol Security (IPsec) gateway.  
	With respect to “the component of the SD-WAN network is a VRF SD-WAN edge router”, this is a separate device from the “The apparatus” and accordingly, does not carry patentable weight when determining the structure of “The apparatus” and will not be considered further.  
	In an analogous art, NetScaler SD-WAN 9.2 disclosures the NetScaler SD-WAN appliance is capable of virtual routing and forwarding (VRF) enterprise Internet Protocol Security (IPsec) gateway.  (inherent feature of a NetScaler SD-WAN, see included Citrix Product Documentation, Page 333 VRF and IPsec tunnels)
	 Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to be motivated to implement the NetScaler SD-WAN 9.2 teachings when using the invention of Kokkula in view of Mohan since the Citrix document is the “How-To” for operating a NetScaler SD-WAN appliance.  (See Page 332)

	the apparatus is a VRF enterprise Secure Sockets Layer/Transport Layer Security SSL/DTLS gateway.  (NetScaler Pages 332 & 382)
	Regarding claim 13, Kokkula in view of Mohan differs from the claimed invention by not explicitly reciting the apparatus is a virtual routing and forwarding (VRF) enterprise Internet Protocol Security (IPsec) gateway; and
	the component of the SD-WAN network is a VRF SD-WAN edge router.
	In an analogous art, NetScaler SD-WAN 9.2 disclosures the NetScaler SD-WAN appliance is capable of virtual routing and forwarding (VRF) enterprise Internet Protocol Security (IPsec) gateway; (inherent feature of a NetScaler SD-WAN, see included Citrix Product Documentation, Page 333 VRF and IPsec tunnels) and
	the component of the SD-WAN network is a VRF SD-WAN edge router.  (Page 478 “There are various different deployment modes available for NetScaler SD-WAN product placement in a network. In the above example, SD-WAN is being deployed as an overlay on top of existing networking infrastructure. For new sites, SD-WAN Administrators may choose to deploy the NetScaler SD-WAN in Edge or Gateway Mode deployment, eliminating the need for a WAN edge router and firewall, and consolidating the network needs of edge routing and firewall onto the NetScaler SD-WAN solution”)
	 Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to be motivated to implement the NetScaler SD-WAN 9.2 
	Regarding claim 14, the limitations of claim 14 are rejected as being the same reasons set forth above in claim 7.  
	Regarding claim 20, the limitations of claim 20 are rejected as being the same reasons set forth above in claim 6.

Allowable Subject Matter
Claims 5, 12 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  The Examiner was unable to find the combination of dependent claim 5 (or 12/19 respectively) with independent claim 1 (or 8/15, respectively).  

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW C SAMS whose telephone number is (571)272-8099.  The examiner can normally be reached on M-F 8:30-5 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lester Kincaid can be reached on (571)272-7922.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Matthew C Sams/Primary Examiner, Art Unit 2646