Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments

Applicant's arguments filed 2/8/2021 have been fully considered but they are not persuasive.
On page 9 of the Applicant’s Response, Applicant:  “In contrast, amended Claim 1 now teaches monitoring network traffic associated with network addresses of physical networks that are further associated with gateway identifiers (GIDs) for gateway computers in associated overlay networks that are employed to prevent direct access and visibility of the physical networks and their associated network traffic from members of the overlay network. Thus, amended Claim 1 is neither anticipated nor made obvious under 35 U.S.C. §102(a)(l)(a)(2) over the Mattes reference.“.
Examiner respectfully disagrees with Applicant’s argument.  The ISA's unique identity may be employed to establish secure communications paths in the secure private network. For example, a unique identity may be used to validate that the ISA is enabled to participate in network communication in the secure private network. Also, in at least one of the various embodiments, the unique identity may be used as a key or part of a key used to encrypt communication over the secure connections.  Thus the gateways 1303, i.e. ISAs, maintain access and routing in the VPN 1307 where devices 1302 access devices 1306 via private tunnels between ISAs; i.e. preventing direct access or visibility of the underlying physical networks; maintenance of the tunneling is monitored and provided by the ISAs and management server 1310.
.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 2-6, 8, 10-13, 15, and 17-19 is/are rejected under 35 U.S.C. 102(a)(1)(a)(2) as being anticipated by Mattes et al. (US 2016/0036861) (“Mattes”).
For claims 1, 8, and 15; Mattes discloses:  managing communication over one or more networks using one or more network computers, wherein execution of instructions by the one or more network computers (paragraph 81:  ISA that is being used to enable the outside computer to communicate with the secure private network) perform the method comprising: monitoring network traffic for a network, wherein the network traffic is associated with one or more network addresses and is further associated with one or more gateway identifiers (GIDs) for one or more gateway computers in an associated overlay network (paragraph 81, 155, 166:  the ISA's unique identity may be employed to establish secure communications paths in the secure private network. For example, a unique identity may be used to validate that the ISA is enabled to participate in network communication in the secure private network. Also, in at least one of the various embodiments, the unique identity may be used as a key or part of a key used to encrypt communication over the secure connections); that are employed to prevent direct access and visibility of the one or more physical networks and their associated network traffic from one or more members of the overlay network; (paragraph 154-159, 165-179, fig. 13, fig. 14:  the gateways 1303 maintain access and routing in the VPN 1307 where devices 1302 access devices 1306 via private tunnels between ISAs; i.e. preventing direct access or visibility of the underlying physical networks; maintenance of the tunneling is monitored and provided by the ISAs and management server 1310); providing one or more metrics associated with the one or more gateway computers based on the monitoring of the network traffic and the one or more GIDs (paragraph 168:  the gateway computer may provide the credentials from the unauthenticated source node computer along with the intercepted communication to a management platform server computer); generating one or more events based on one or more affirmative comparisons of the one or more metrics to one or more event rules (paragraph 169-175:  a management platform server computer may authenticate the source node and/or the communication based on the credentials and the intercepted communication); and employing one or more characteristics of the one or more events to execute one or more actions based on the one or more events (paragraph 176-178:  capability characteristics, such as, speed/cycle-rate, size, capacity, physical location, temperature, maintenance history, engineering tolerances, or the like, or combination thereof may be used to determine the target gateway computer and/or the target node computer).
For claims 3, 10, and 17; Mattes discloses:  determining one or more node computers that connect to the one or more gateway computers; and generating an event that includes information about the node computer, including, one or more of a GID, a media access control (MAC) address, a network address, a hostname, a cryptographic key, or a security certificate (paragraph 103-104:  client computers 1002-1005 may uniquely identify themselves through any of a variety of mechanisms, including an Internet Protocol (IP) address, a phone number, Mobile Identification Number (MIN), an electronic serial number (ESN), or other device identifier. Such information may be provided in a network packet, or the like, sent between other client computers, management platform server computer 1016, industrial security computers 1018, operations computers 1020, or other computers…Client computers 1002-1005 may further be configured to include a client application that enables an end-user to log into an end-user account that may be managed by another computer, such as management platform server computer 1016, industrial security computers 1018, operations computers 1020, or the like).
For claims 4, 11, and 18; Mattes discloses:  employing one or more relay computers configured in the overlay network to provide a communication path between two or more gateway computers in the overlay network (paragraph 107:  Wireless network 1008 may further employ a plurality of access technologies including 2nd (2G), 3rd (3G), 4th (4G) 5th (5G) generation radio access for cellular systems, WLAN, Wireless Router (WR) mesh, and the like).
For claims 5 and 12; Mattes discloses:  employing the one or more characteristics of the one or more events to execute the one or more actions is performed local to a network computer that is monitoring the network traffic (paragraph 177:  capability characteristics, such as, speed/cycle-rate, size, capacity, physical location, temperature, maintenance history, engineering tolerances, or the like, or combination thereof may be used to determine the target gateway computer and/or the target node computer).
For claims 6, 13, and 19; Mattes discloses:  monitoring one or more devices in the overlay network, wherein the devices include one or more of an individual network device, a group of network devices, or at least one network device that is associated with the one or more gateway computers (paragraph 46:  ISA 115 may include data collection device 155 that may be arranged to collect data, such as network performance or traffic data, from network 130).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2, 9, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mattes in view of Moriconi et al. (US 6,158,010) (“Moriconi”).
For claims 2, 9, and 16; Mattes discloses the subject matter in claim 1 as described above in the office action.  Mattes discloses:  one or more monitoring rules and one or more event rules; and wherein monitoring the network traffic is based on the one or more monitoring rules, and wherein executing the one or more actions is based on the one or more event rules (paragraph 169-178).
the network computer as a management platform computer that provides one or more monitoring rules and one or more event rules (column 4, lines 1-49:  The central policy server automatically distributes (over the network) only the relevant portion of the enterprise policy to each remote service).  Thus it would have been obvious to the person of ordinary skill in the art at the time of the invention to implement the policy distribution as described by Moriconi in the private networks as described by Mattes.  The motivation is to improve secure access.

Claims 7, 14, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mattes in view of Kozat et al. (US 2018/0124183) (“Kozat”).
For claim 7, 14, and 20; Mattes discloses the subject matter in claim 1 as described above in the office action.
Mattes does not expressly disclose, but Kozat from similar fields of endeavor teaches:  executing the one or more actions further comprises: executing one or more of an ordered sequence of sub-actions that are based on a type of the one or more events, or one or more scripts (paragraph 35:  The ECA engine 216 may receive a policy rule that specifies an event to be observed, monitored, or measured by the NE 210, a condition statement that is to be satisfied, and an action or a sequence of actions that are to be taken if the condition statement is satisfied when the event is observed).  Thus it would have been obvious to the person of ordinary skill in the art at the time of the invention to implement the policy method as described by Kozat in the private networks as described by Mattes.  The motivation is to improve policy execution.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Mattes et al. (US 2014/0282850); Mattes discloses the use of ISAs which overlay core networks and implement secure tunnels to provide communications between logical networks.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN D BLANTON whose telephone number is (571)270-3933.  The examiner can normally be reached on 7am-6pm EST, Mon-Thu.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Faruk Hamza can be reached on 571-272-7969.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/JOHN D BLANTON/Primary Examiner, Art Unit 2466