DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see remarks, filed 3/26/2021, with respect to statutory requirements under 35 U.S.C. 101 have been fully considered and are persuasive, see for example page 8 paragraph 4-5.  The 35 U.S.C. 101 rejection of claim 20 has been withdrawn.
Applicant’s arguments, see remarks, filed 3/26/2021, with respect to statutory requirements under 35 U.S.C. 112 have been fully considered and are persuasive, see for example page 9 paragraph 1-2.  The 35 U.S.C. 112 rejection of claims 5 and 15 has been withdrawn. 
Applicant’s arguments, see remarks, filed 3/26/2021, with respect to claims over prior art have been fully considered and are persuasive, see for example page 12 paragraph 1-2.  The 35 U.S.C. 103 rejection of claim 1-20 has been withdrawn. 
Allowable Subject Matter
Claim 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance:
The prior art, Yamada (US 2015/0200910), discloses a control apparatus including a storage in which information indicating a plurality of sets of addresses is stored; and a controller configured to execute a procedure including: obtaining a first address and information on a port that receives first data, from a first switch that receives the first data of 
The prior art, Stiekes et al (US 2016/0308905), discloses a system including a policy engine. The policy engine may receive a context of an application to request a set of network traffic and provide a policy rule to a network device of a network path. Likewise, the system may identify a party and a requested behavior of the service and maintain a context to determine a policy rule to regulate a set of network traffic associated with the service based on the party and the requested behavior. Similarly the system may also comprise steps of receiving a service request and an authentication, identifying a party, identifying a behavior, and deploying a policy to a network device of a network based on the party and the behavior.
Furthermore, prior made of record and not relied upon, Clark et al (US 10,367,811), discloses network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.
Likewise, prior made of record and not relied upon, Carolan et al (2003/0208596) discloses a system delivering services in a secure manner is disclosed. The system includes a network that delivers services to end users. The network includes a service module that supports a service. The service module can deliver more than one service. The network also includes a load balancing switch to provide a virtual internet protocol address for the service. A data packet enclosing a request for the service is routed by the load balancing switch. The network also includes a distribution module coupled to the service module and routes the data packet to the load balancing switch. The network also includes a security module to determine if the data packet is authorized for the virtual internet protocol address. If so, then the service is provided to the end user. If not, security measures are taken to deny the end user access to the services.
Similarly, prior made of record and not relied upon, McGrew et al (US 2016/0234234) discloses the arranging traffic flows in a network, and using the capabilities for inspection, recording, and enforcement around the network, in a way that makes the best use of the resources. A software defined network ( SDN) interface between the network and security applications exposes a programmatic way to control security resources around the network such that they are optimally utilized. The SDN interface prioritizes and optimizes the use of security elements in the network. Security requests with corresponding priorities are used by a network controller to direct traffic flows through appropriate security elements, such as recording, inspection, or enforcement elements. The configuration of traffic flows is optimized with respect to the capacity of the communication links, as well as the priority of the respective security requests.
Also, prior made of record and not relied upon, Yang (US 2017/0237655) discloses  a software defined network ( SDN) controller configuring a Layer-three gateway for a network segment in a hybrid network device within a SDN network, receive a Packet-in message encapsulated with a Layer-three data packet from a SDN network device, calculate an optimum path from source media access control (MAC) address of the data packet to destination MAC address of the data packet, and issue a flow entry to each network device in the optimum path. Subsequently, each network device may forward the data packet based on the flow entry.
Also, prior made of record and not relied upon, Suzuki et al (US 2019/0036817), discloses a transport network control apparatus includes a unit configured to acquire, from a cloud management system configured to manage a first base and a second base that are connected via a transport network configured to provide a layer 2 connection service, a MAC address to be used for a frame that is transmitted from any one of the bases, a unit configured to compute, on the transport network, a forwarding path for forwarding the frame between the first and second bases using the MAC address as a destination, and a unit configured to set, in a forwarding node on the transport network, a forwarding rule for causing the frame to be forwarded along the computed forwarding path.
In the same field of endeavor, prior made of record and not relied upon, Hill et al (US 2019/0089742), discloses creating, visualizing, and simulating a threat based whitelisting security policy and security zones for networks. The technology may be implemented by providing a graphical user interface (GUI) on a network orchestration and security platform that facilitates creation and visualization of security zones and security policies for networks.
Lastly, prior made of record and not relied upon, Shen et al (US 2020/0374220) discloses a downstream packet sending method, a downstream packet forwarding method, a downstream packet sending apparatus, and a downstream packet forwarding apparatus. The downstream packet sending method in this application includes: configuring a downstream forwarding path of a downstream packet for a terminal device; generating a source MAC address based on the downstream forwarding path, where the source MAC address is used to indicate the downstream forwarding path; and sending the downstream packet to a forwarding switch, where the downstream packet includes the source MAC address. This application can reduce costs, improve efficiency, and simplify network traffic.
However, the prior art and pertinent prior art do not expressly disclose a  SDN switch that: receives from the controller via the control plane interface a plurality of communication flows; receives from the controller via the control plane interface an address store comprising information associated with the first device and the second device; forwards traffic between the first device and the second device according to the plurality of communication flows; receives an address resolution protocol (ARP) request from the first device for information associated with the second device; determines that the first device is authorized to communicate with the second device based on the plurality of communication flows; and generates a response to the ARP request comprising the information associated with the second device based on the address store.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948.  The examiner can normally be reached on Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KENDALL DOLLY/Primary Examiner, Art Unit 2436