DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This action is responsive to an amendment filed on 02/16/2021
Claims 1, 8 and 15-16 have been amended.
Claims 3 and 10 have been canceled.
Claims 1-2, 4-9 and 11-20 are pending for examination.

Response to Arguments
Applicant's arguments filed 02/16/2021, with respect to the rejection of the pending claims under 35 U.S.C. §103 have been fully considered.
Applicant argues that Zheng does not teach the amended limitations "to automatically configure the security policy and authentication functionality, the user being non-privileged signs into a virtual managed virtual switch application installed on the computer and registered with a cloud-based application defined networking controller using an authentication operation" of  independent claims 1, 8, and 15 (pages 10-11).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. §103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 4, 6-9, 11, 13-17 and 19-20  are rejected under 35 U.S.C. 103 as being unpatentable over Marvin et al.  NPL: “Extending Software Defined Networking to End User Devices” (hereinafter “Marvin”) in view of Liang, CN .


Regarding Claim 1, Marvin teaches a method for extending managed switching network in a computing environment ([Abstract] Software Defined Networking (SDN) …deployed on mobile devices to benefit end users, mobile service providers, and business enterprises. …presents a generalized architecture for mobile SDN switching, where controllers and switches may be located in the mobile device operating system (OS), service provider networks, and/or enterprise data centers. [3rd page, 1st column, lines 24-26], Extending Software Defined Networking (SDN) controllers to the mobile device enhances secure programmatic network automation by proxying the control of virtual and physical switches on the network), comprising: implementing security policy and authentication functionality in a virtualization layer of a virtual switch locally installed on a computer of a user for network switching in a network ([3rd page, 1st column, lines 7-13] The SDN virtual switch is at the core of supporting SDN capabilities in the mobile device ...The SDN virtual switch enables programmatic network automation, security isolation, monitoring, and quality of service control for the device’s multiple network interfaces. It also allows data path selection for standalone and cloud-based applications. Mobile device SDN can enforce mobility rd page, 1st column, lines 24-26] Extending Software Defined Networking (SDN) controllers to the mobile device enhances secure programmatic network automation by proxying the control of virtual and physical switches on the network. [3rd page, 2nd column, lines 38-40], enhanced SDN controller / proxy would provide role-based authorization and security constraint enforcement. [4th page, 1st column, lines 10-26] …because of the need for very robust and secure mobile networking ... the initial mobile SDN deployments will use only a single SDN controller in a single location (likely integrated into the mobile device’s operating system along with the SDN switch). …this mobile OS SDN controller would then provide secure proxy functionality to other controllers such as SDN message authentication, authorization, and accounting ...extending SDN capabilities to mobile devices and their apps …enhanced control and programmability of network forwarding functions increases the manageability of networks and, in turn, the ability to respond to security events on networks. [2nd page, 2nd column, lines 15-24], Mobile SDN can securely segment traffic between apps, preventing visibility between virtual networks. It can also be used to enforce security properties on selected virtual networks, such as required use of 256 bit AES encryption of app traffic. In the case of mobile virtualization, SDN can provide a specified level of security for a shared connection for all the apps contained within a given virtual machine).
automatically configure the security policy and authentication functionality of a SDN virtual switch locally installed on a mobile device of a user, however, Marvin does not explicitly teach, but Liang teaches the user being non-privileged signs into a virtual managed virtual switch application installed on the computer ([Page 2, Summary of the invention], …create a regular account and namely represent one virtual switch of establishment, user finally configures and need to log in switch operating system by regular account, performing relevant configuration operation, user is by creating regular account and configuring the mode of this account association attributes and reach to divide in logic virtual switch. …user logs in switch operating system eventually through regular account, reaches to divide in logic virtual switch. [Page 3, Para. 3-5] After switch power-up initializing completes, required for checking account authority (manager's account, regular account. …. Regular account:…User finally configures also to be needed to log in switch operating system by regular account, performs relevant configuration operation).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Marvin in order to allow a regular user to log into switch operating system to configure the virtual switch as disclosed by Liang. Because it would allow configuring virtual switch related to the user privilege.
registered with a cloud-based application defined networking controller using an authentication operation ([Last page, 1st column, para. 2-3], After all the virtual switches were configured, an SDN controller have installed on the host machine. …All the virtual switches running inside the virtual machines were registered to this controller. After registration the switches became controller aware and all the configurations we have done directly into the switches using the command line interface can be done now using the GUI interface provided by the Open Daylight controller).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Marvin in view of Liang in order to register virtual switch with an SDN controller as disclosed by Costache. Because it would allow the controller to take appropriate decisions for the packet received by the switch that do not match any entry in the flow table [Costache, Last page, 1st column, para. 6]. 

Regarding Claim 2, Marvin teaches the method of claim 1, further including installing the virtual switch on the computer of the user for extending the security policy and authentication functionality of the network switching to the virtualization layer, wherein the network is a private network ([Abstract] rd page, 1st column, lines 7-13] The SDN virtual switch is at the core of supporting SDN capabilities in the mobile device ...The SDN virtual switch enables programmatic network automation, security isolation, monitoring, and quality of service control for the device’s multiple network interfaces. It also allows data path selection for standalone and cloud-based applications. Mobile device SDN can enforce mobility and routing policies. ([3rd page, 1st column, lines 7-13] The SDN virtual switch is at the core of supporting SDN capabilities in the mobile device ...The SDN virtual switch enables programmatic network automation, security isolation, monitoring, and quality of service control for the device’s multiple network interfaces. It also allows data path selection for standalone and cloud-based applications. Mobile device SDN can enforce mobility and routing policies. ...virtual switches allow distribution of service across multiple and independent virtual switches, thereby 

Regarding Claim 4, Marvin teaches the method of claim 1, further including retrieving application-defined network configurations from the network ([7th page, 1st column, 21-24] A network security application gathers SDN network configuration, statistics, and capabilities from network).

Regarding Claim 6, while, Marvin teaches SDN controllers and their respective switches set up and maintain the network states to implement security monitoring, malware detection, and security responses [7th page, 1st column, lines 3-6], however, Marvin in view of Liang do not explicitly teach, but Costache teaches configuring the virtual switch using application-defined network configurations received from the network ([Last page, 1st column, para. 2-3], After registration the switches became controller aware and all the configurations done directly into the switches can be done now using the GUI interface provided by the Open Daylight controller).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Marvin and Liang in order to configure the virtual switch using GUI interface provided by the Open Daylight 

Regarding Claim 7, Marvin teaches the method of claim 1, further including: …or configuring the virtual network to establish one or more tunnels to a virtual local area network ("VLAN)1 ([3rd page, 1st column, lines 15-20], virtual switches allow distribution of service across multiple and independent virtual switches, thereby supporting the creation of all network types such as virtual local area networks (VLANs) (including trunking), and virtual private networks (VPNs) through multiple tunneling protocols (i.e. GRE, IPSec)).

Regarding Claim 8, Marvin teaches a system for extending managed switching network in a computing environment, comprising: one or more computers with executable instructions that when executed cause the system to ([Figs. 2 and 3], Fig 2 illustrates SDN capabilities on Mobile Devices Architecture which includes special processing cores and memories implement secure encryption techniques). 


Claims 9, 11, 13 and 14 are rejected for the same rationale of claims 2, 4, 6 and 7, respectively.
Regarding Claim 15, Marvin teaches a computer program product for, by a processor, extending managed switching network in a computing environment, the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions ([Figs. 2 and 3], Fig 2 illustrates SDN capabilities on Mobile Devices Architecture which includes special processing cores and memories implement secure encryption techniques). 
The rest of the limitations of Claim 15 are rejected under the same rationale of Claim 1.

Claims 16, 17, 19 and 20 are rejected for the same rationale of claims 2, 4, 6 and 7, respectively.

Claims  5, 12 and 18 are rejected under 35 U.S.C. §103 as being unpatentable over Marvin in view of Liang and Costache, further in view of  .

Regarding Claim 5, Marvin in view of Liang and Costache do not explicitly teach, however, Wenyu teaches the method of claim 1, further including consuming networking access in a virtual environment as a service ([Abstract and 2nd para under Introduction], Wenyu proposes a new Network function virtualization (NFV)-based service, virtual network integration as a service (VNIaaS), which is positioned to serve enterprise users. [Page 117, 2nd para under Related Work section], VNIaaS integrates functions of both networks and cloud applications to create an end-to-end service that spans multiple domains).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate  Wenyu’s proposed  new BFV-based service, virtual network integration as a service (VNIaaS) with Marvin’s SDN capable virtual switch, because it would allow enterprise network administrators to construct and monitor virtual enterprise network as necessary [Wenyu, Abstract].

Claims 12 and 18 are rejected for the same rationale of claim 5.

Prior Art of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The examiner has additionally cited the following references on the PTO-892 :
NPL: “An Open Framework to Enable NetFATE (Network Functions At The Edge)”, by Lombardo et al. 
Lombardo teaches virtual switch running at the Customer Premises Equipment (CPE) nodes, when a client connects to one of the available Customer Premises Equipment (CPE) node, the CPE node requests login credentials to the user through the captive portal mechanism, and sends them to the Radius server running on the Orchestrator server; once identified, the Orchestrator migrates the personal virtual firewall to the CPE node.
Automatically configure Virtual Switch, after user login to a virtual switch application is well-known in the art as evidenced by the cited prior art. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD YOUSUF A MIAN whose telephone number is (571)272-9206.  The examiner can normally be reached on Monday-Friday 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PETER-ANTHONY PAPPAS can be reached on 571-272-
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/MOHAMMAD YOUSUF A. MIAN/Examiner, Art Unit 2448                                                                                                                                                                                                        
/AARON N STRANGE/Primary Examiner, Art Unit 2419                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Note; since the claimed "or" is a selective "or", examiner considers only  the claimed "one or more tunnels to a virtual local area network (VLAN)"