Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
2.	Claims 1, 3-4, 8, 10-11, 15, 17 and 22 are amended. Claims 21 and 23 are cancelled. Claims 1, 3-8, 10-15, 17-20 and 22 are pending. 

Response to Arguments
With regards to applicant’s arguments, filed on 12/17/2020, with respect to claims1, 8 and 15, the arguments are considered but are not persuasive. The applicant asserts that the combination of Matthews, Garrett, Imai and Levine does not teach or suggest: “establishing a first virtual customer network on a server, wherein the first virtual customer network is unique to the first account of the first customer and is implemented by a single virtual machine on the server” and “establishing a second virtual customer network on the server, wherein the second virtual customer network is unique to a second account of a second customer and is implemented by the single virtual machine on the server”. Examiner respectfully disagrees.
The combination of Matthews, Garrett, Imai and Levine, specifically Levine discloses that user device may access the host computer 105 via domain infrastructure 110. A request to domain infrastructure 110 is transmitted from client computer 140, through network connection 130, Internet 145 and physical network connection 115, to domain infrastructure 110. Domain infrastructure 110 communicates with client computer 140 via a network connection, that is by Therefore, the domain infrastructure 110 is interpreted to be the second customer network, since it performs all the functions performed by the virtual customer network] (See Levine; Par. [21]-[24] and Fig. 2)

Further Levine discloses that VPN management router 235 routes all relevant traffic from domain infrastructure 110 through secured virtual network connections 120, 150 and 180, to reach host computer 105. (See Levine; Par. [30]) The data travels from client computer 140, through network connection 130 to Internet 145, through physical network connection 115 into domain infrastructure 110. In domain infrastructure 110, the data travels from physical network connection 115, to access manager 220, through switch 205, to VPN management router 235, and out of domain infrastructure 110 to secured virtual network connection 120. [Therefore, the management virtual machine 330 of Levine has two connections to two different virtual customer networks [Customer Network 170 & Domain infrastructure 110] via VPN virtual switch 370 and LAN bridge 335] (See Levine; Par. [39], [45] and Fig. 1)
Therefore, for the reasons shown above, the combination of Matthews, Garrett, Imai and Levine clearly teaches the claimed invention. Therefore, the rejection of claims 1, 3-8, 10-15, 17-20 and 22 is sustained.


Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1, 4, 8, 11, 15 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Matthews et al. (US. Publication No. 2009/0046728 A1) in view of Garrett et al. (US. Publication No. 2002/0013844 A1) in view of Imai (US. Publication No. 2010/0036913 A1) and further in view of Levine et al. (US. Publication No. 2011/0270953 A1).
Regarding claim 1, Matthews discloses One or more non-transitory computer-readable media storing computer-executable instructions that, responsive to execution by one or more computer processors (See Abstract and Fig. 9 of Matthews for a reference to program storage device readable, tangibly embodying a program of instructions executable by the service processing switch to perform method for providing customized application layer services to a plurality of subscribers of a service provider), cause operations to be performed comprising:
receiving a request to provision a customer premises device (See Par. [7], [46], [65], [72] of Matthews for a reference to each VR 210 is the equivalent of an independent hardware router. SMS 221 running on SP network 200 allows ease of service provisioning (dynamically adding additional processors/processing power when needed, reducing the processors/processing power used for VPN 410 when not needed));
See Par. [39], [72] of Matthews for a reference to the ISP is typically a company that provides internet services  to a plurality of customers including customer A and customer B. Services can be provisioned via the SMS system's simple point and click menus, as well as requested directly by the customer via the CNM system);
providing the first network-based service to the customer premises device via the respective module of the first virtual customer network  (See Par. [8], [38] of Matthews for a reference to one or more virtual private networks (VPNs) running on one or more carrier-class platforms that scale to provide cost-effective solutions for internet service providers (ISPs). In particular, security services such as firewalls can be provided by the ISPs for services they provide to their customers, wherein a plurality of customers are hosted on a single network of processors).
Matthews does not explicitly disclose identifying walled-garden information comprising customer information associated with the customer premises device and including an indication of one or more network-based services to which a first account of a first customer is subscribed; transmitting the walled-garden information to a L2 layer device remote from the customer premises device; establishing a first virtual customer network on a server, wherein the first virtual customer network is unique to the first account of the first customer and is implemented by a single virtual machine on the server, the first virtual customer network comprising a first module corresponding to a first network-based service of the one or more network-based services and configured to provide, at least in part, the first network-based service to the first establishing a second virtual customer network on the server, wherein the second virtual customer network is unique to a second account of a second customer and is implemented by the single virtual machine on the server; the second virtual customer network comprising a second module corresponding to a second network-based service of the one or more network-based services and configured to provide, at least in part, the second network-based service to the second account of the second customer of the access network; selecting, from the plurality of virtual customer networks, the first virtual customer network based at least in part on the request;
However, Garrett discloses identifying walled-garden information comprising customer information associated with the customer premises device and including an indication of one or more network-based services to which a first account of a first customer subscribed (See Par. [33]-[34] of Garrett for a reference to that upon successful service subscription, the registration server 162 updates a customer registration database 163. The configuration server 161 uses the registration information (Walled Garden Information) to activate the service. A DHCPDISCOVER message including a "svc-id" option field that identifies the service to which the network access device has been subscribed and from which service is desired is sent by the network);
transmitting the walled-garden information to a L2 layer device remote from the customer premises device (See Par. [34]-[35], [38] and Fig. 7 & 8 of Garrett for a reference to the network access device 710 sends out a DHCPREQUEST directed to the DHCP server which requests the IP address of the customer premises device. The DHCP server commits to assigning the IP address to the network access device, commits the binding to persistent storage, and transmits a DHCPACK message containing the configuration parameters for the device 710).
Thus it would be obvious for one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Garrett and Matthews. The motivation of combination would be facilitating the dynamic allocation, assignment, and reassignment of IP addresses to the plurality of network access devices based on customer subscriptions to particular services. (Garrett; Par. [22])
The combination of Matthews and Garrett does not explicitly disclose establishing a first virtual customer network on a server, wherein the first virtual customer network is unique to the first account of the first customer and is implemented by a single virtual machine on the server, the first virtual customer network comprising a first module corresponding to a first network-based service of the one or more network-based services and configured to provide, at least in part, the first network-based service to the first account of the first customer of an access network; establishing a second virtual customer network on the server, wherein the second virtual customer network is unique to a second account of a second customer and is implemented by the single virtual machine on the server; the second virtual customer network comprising a second module corresponding to a second network-based service of the one or more network-based services and configured to provide, at least in part, the second network-based service to the second account of the second customer of the access network; selecting, from the plurality of virtual customer networks, the first virtual customer network based at least in part on the request.
However, Imai discloses establishing a first virtual customer network and establishing a second virtual customer network on the server (See Par. [37], [40]-[41] and Fig. 2 of Imai for a reference to a plurality of server 20 that establish a VPN connection with the customer device to set up a virtual intranet for the customer. Multiple VPNs are established, each is associated with a different customer IP address (Different customer account)), the first virtual customer network comprising a first module (Fig. 9; Server 20 a; 40 A Customer Service Processing Section A) corresponding to a first network-based service of the one or more network-based services and configured to provide, at least in part, the first network-based service to the first account of the first customer of an access network (See Par. [36]-[37], [40]-[41] and Fig. 2 of Imai for a reference to the first server (Server 20 a) implements a first virtual machine that is configured to provide a pool of services to the customer device), and the second virtual customer network comprising a second module (Fig. 9; Server 20 y; 40 A Customer Service Processing Section B) corresponding to a second network-based service of the one or more network-based services and configured to provide, at least in part, the second network-based service to the second account of the second customer of the access network (See Par. [37], [40]-[43] and Fig. 2 of Imai for a reference to the second server (Server 20 y) implements a second virtual machine that is configured to provide a second pool of services to the customer device):
selecting, from the plurality of virtual customer networks, the first virtual customer network based at least in part on the request (See Par. [40]-[41], [52]-[55] and Fig. 7 & 8 of Imai for a reference to the service administration table 10F of the administration manager, indicates which servers 20 is selected to provide the service to the customer, based on the service program type requested by the customer).
Imai; Par. [4]-[5])
The combination of Matthews, Garrett and Imai does not explicitly disclose wherein the first virtual customer network is unique to the first account of the first customer and is implemented by a single virtual machine on the server; and wherein the second virtual customer network is unique to a second account of a second customer and is implemented by the single virtual machine on the server.
However, Levine discloses wherein the first virtual customer network is unique to the first account of the first customer (See Par. [39]-[43] and Fig. 3 of Levine for a reference to the management VM has a first connection to VPN switch 370, which provides connectivity of the user to customer device 160 through a virtual customer network) and is implemented by a single virtual machine on the server (See Par. [43] and Fig. 3 of Levine for a reference to Management Virtual machine 330 that has two connections to two different customer networks via VPN virtual switch 370 and LAN bridge 335), and wherein the second virtual customer network is unique to a second account of a second customer (See Par. [39]-[43] and Fig. 3 of Levine for a reference to the management VM has a second connection to the LAN bridge 335, which is directly connected to network bridge 305, which is connected t0 the virtual customer network 170) and is implemented by the single virtual machine on the server See Par. [43] and Fig. 3 of Levine for a reference to Management Virtual machine 330 that has two connections to two different customer networks via VPN virtual switch 370 and LAN bridge 335).
Thus it would be obvious for one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Levine, Imai, Garrett and Matthews. The motivation of combination would be improving the system’s performance by managing the system’s resources in an efficient manner, when implementing a plurality of virtual customer networks by a single virtual machine. (Levine; Par. [14])

Regarding claim 4, the combination of Matthews, Garrett and Imai does not explicitly disclose the operations further comprising: generating the single virtual machine, wherein the plurality of virtual customer networks form at least part of the single virtual machine.
However, Levine discloses generating the single virtual machine (See Fig. 3; Management Virtual Machine 330), wherein the first virtual customer network and the second virtual customer networ form at least part of the single virtual machine (See Par. [43] and Fig. 3 of Levine for a reference to Management Virtual machine 330 that has two connections to two different customer networks via VPN virtual switch 370 and LAN bridge 335).
Thus it would be obvious for one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Levine, Imai, Garrett and Matthews. The motivation of combination would be improving the system’s performance by managing the Levine; Par. [14])
Regarding claim 8, the claim is interpreted and rejected for the same reason as set forth in claim 1.
Regarding claim 11, the claim is interpreted and rejected for the same reason as set forth in claim 4.
Regarding claim 15, the claim is interpreted and rejected for the same reason as set forth in claim 1, including a system, comprising:  at least one network interface (See Matthews; Fig. 1; Ethernet interfaces for management traffic); at least one memory storing computer-executable instructions (See Matthews; Fig. 9; 936); and at least one processor communicatively coupled to the at least one network interface and the at least one memory and configured to access the at least one memory (See Matthews; Fig. 9; 935).
Regarding claim 22, the combination of Matthews, Garrett and Imai does not explicitly disclose wherein the first virtual customer network is unique to a first customer premises device associated with the first customer and the second virtual customer network is unique to a second customer premises device associated with the second customer.
However, Levine discloses wherein the first virtual customer network is unique to a first customer premises device associated with the first customer and the second virtual customer network is unique to a second customer premises device associated with the second customer (See Par. [39]-[43] and Fig. 3 of Levine for a reference to the management VM has a first connection to VPN switch 370, which provides connectivity of the user to customer device 160 through a virtual customer network, and has a second connection to the LAN bridge 335, which is directly connected to network bridge 305, which is connected t0 the virtual customer network 170).
Thus it would be obvious for one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Levine, Imai, Garrett and Matthews. The motivation of combination would be improving the system’s performance by managing the system’s resources in an efficient manner, when implementing a plurality of virtual customer networks by a single virtual machine. (Levine; Par. [14])
 	
5.	Claims 3, 5-7, 10, 12-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Matthews et al. (US. Publication No. 2009/0046728 A1) in view of Garrett et al. (US. Publication No. 2002/0013844 A1) in view of Imai (US. Publication No. 2010/0036913 A1) in view of Levine et al. (US. Publication No. 2011/0270953 A1) and further in view of Poirer et al. (US. Publication No. 2013/0173797 A1).
Regarding claim 3, the combination of Matthews, Garrett, Imai and Levine, specifically Mathews discloses wherein the customer premises device is a first customer premises device (See Par. [40] and Fig. 1 of Matthews for a reference to customer A 117), the operations further comprising: 
receiving a request to provision a second customer premises device (See Par. [7], [46], [65], [72] of Matthews for a reference to each VR 210 is the equivalent of an independent hardware router. SMS 221 running on SP network 200 allows ease of service provisioning (dynamically adding additional processors/processing power when needed, reducing the processors/processing power used for VPN 410 when not needed)); 
accessing stored subscriber data associated with at least one of first virtual customer network and the second virtual customer network (See Par. [42], [46] of Matthews for a reference to CNMS 222 provides such services as providing subscribers (customers) visibility to services. The system defines subscribers’ credentials and enables customized services on a subscriber-by-subscriber basis to meet each subscriber’s individual needs); 
the combination of Matthews, Garrett, Imai and Levine does not explicitly disclose generating a representation of the stored subscriber data based at least in part on a modeling language; formatting the representation of the stored subscriber data based at least in part on one or more characteristics associated with the access network, and transmitting the formatted representation of the subscriber data to the L2 layer device remote from the second customer premise device
However, Poirer discloses generating a representation of the stored subscriber data based at least in part on a modeling language (See Par. [57] of Poirer for a reference to VCPE component 430 may contact AAA server 520 and may transmit subscriber and/or device credentials, such as an identifier associated with computing device 412. Communication 620 may be used to authenticate premises 410 or computing devices 416); 
formatting the representation of the stored subscriber data based at least in part on one or more characteristics associated with the access network (See Par. [59]  of Poirer for a reference to subsequent communications by computing device 416 may be subject to network address translation in which the assigned local IP address is translated into a public IP address for communications performed externally to the local network of computing device 416); and 
transmitting the formatted representation of the subscriber data to the L2 layer device remote from the second customer premise device (See Par. [57]-[58]  of Poirer for a reference to VCPE component 430 that contact AAA server 520 and transmits subscriber and/or device credentials, such as an identifier associated with computing device 412).
Thus it would be obvious for one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Poirer, Levine, Imai, Garrett and Matthews. The motivation of combination would be increasing the system’s throughput and providing enhanced security against unsolicited inbound traffic.  (Poirer; Par. [48])
Regarding claim 5, the combination of Matthews, Garrett, Imai and Levine does not explicitly disclose wherein the first virtual customer network comprises at least one of: a first routing layer, a first firewall layer, or a first application layer, and wherein the second virtual customer network comprises at least one of: a second routing layer, a second firewall layer, or a second application layer.
However, Poirer discloses wherein the first virtual customer network comprises at least one of: a first routing layer, a first firewall layer, or a first application layer (See Par. [16] of Poirer for a reference to a simplified switching CPE device, such as device that provides a local wireless connection and provides layer 2 switching functionality, may be installed at the premises of a broadband customer. Functions traditionally handled by CPE devices, such as firewall, layer 3 routing, and dynamic host configuration protocol (DHCP) functions, may be performed as network services), and wherein the second virtual customer network comprises at least one of: a second routing layer, a second firewall layer, or a second application layer  (See Par. [50] and Fig. 5 of Poirer for a reference to providing layer 2 switching/routing functionality , firewall, layer 3 routing, and dynamic host configuration protocol (DHCP) functions, may be installed at the premises of a broadband customer).
Thus it would be obvious for one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Poirer, Levine, Imai, Garrett and Matthews. The motivation of combination would be increasing the system’s throughput and providing enhanced security against unsolicited inbound traffic.  (Poirer; Par. [48])
Regarding claim 6, the combination of Matthews, Garrett, Imai and Levine, specifically Matthews discloses wherein the virtual customer network comprises the first application layer, and wherein the first application layer comprises configuration data indicative of one or more configuration settings associated with the first network-based service (See Par. [69] of Matthews for a reference to dynamically reallocating resources of the service processing switch between the first partition and the second partition based on comparative processing demands of the first set of customized application layer services and the second set of customized application layer services), and wherein the second virtual customer network comprises the second application layer, and wherein the second application layer comprises configuration data indicative of one or more configuration settings associated with the second network-based service of the one or more network-based services (See Par. [69] of Matthews for a reference to dynamically reallocating resources of the service processing switch between the first partition and the second partition based on comparative processing demands of the first set of customized application layer services and the second set of customized application layer services).
Regarding claim 7, the combination of Matthews, Garrett, Imai and Levine does not explicitly disclose wherein the one or more network-based services comprise at least one of: digital video recording services, parental control services, or virus detection services.
However, Poirer discloses wherein the one or more network-based services comprise at least one of: digital video recording services, parental control services, or virus detection services See Par. [52], [60] of Poirer for a reference to additional parameters, relating to a premises 410 may be directly received from computing devices 416 at the premises 410, such as parameters received through UPnP, which may be used to customize services provided to computing devices 416 or to increase service granularity. Application server 710 may provide services such as, media services, storage services, voice over IP, or other services to premises 410). 
Thus it would be obvious for one of ordinary skills in the art before the effective filing date of the claimed invention to combine the teachings of Poirer, Levine,  Imai, Garrett and Matthews. The motivation of combination would be increasing the system’s throughput and providing enhanced security against unsolicited inbound traffic.  (Poirer; Par. [48])
Regarding claim 10, the claim is interpreted and rejected for the same reason as set forth in claim 3.
Regarding claim 12, the claim is interpreted and rejected for the same reason as set forth in claim 5.

Regarding claim 14, the claim is interpreted and rejected for the same reason as set forth in claim 7.
Regarding claim 17, the claim is interpreted and rejected for the same reason as set forth in claim 3.
Regarding claim 18, the claim is interpreted and rejected for the same reason as set forth in claim 5.
Regarding claim 19, the claim is interpreted and rejected for the same reason as set forth in claim 6.
Regarding claim 20, the claim is interpreted and rejected for the same reason as set forth in claim 7.
Conclusion

Van der Merwe et al. (US 2013/0054763 A1) discloses methods and apparatus to configure virtual private mobile networks with virtual private networks. 
Ranganathan et al.  (US 2012/0014284 A1) discloses a method providing an efficient allocation of protection capacity for network connections and/or services through virtualized shared protection capacity.
Barzilay et al. (US 2014/0280434 A1) discloses a method related to cloud computing.

7.	Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

8.	Any inquiry concerning this communication from the examiner should be directed to RASHA FAYED whose telephone number is (571) 270-3804. The examiner can normally be reached on M-F 8:00AM-4:30PM.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Un Cho can be reached on (571)272-7919.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/R. F./
Examiner, Art Unit 2413
/UN C CHO/Supervisory Patent Examiner, Art Unit 2413