DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Amendment

Applicant’s amendment filed on 3/10/2021 has been entered. Claims 1, 5, 8 and 15 have been amended. Claims 1-20 are still pending in this application, with claims 1, 8 and 15 being independent.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 5-6, 8, 12-13, 15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Sood et al. (US 2018/0159880, hereinafter Sood) in view of Banerjee et al. (US 2016/0294870, hereinafter Banerjee).

Regarding claim 1, Sood discloses an apparatus comprising: a processor; and a memory coupled with the processor, the memory storing executable instructions that when executed by the 
Obtaining a request to create a first virtual network function of a plurality of virtual network functions on a first worker node [see Sood paragraph 36, receiving a request to on-board (create) new VNF, paragraph 38, a computing node (worker node) being any physical and/or virtual processing and storage resources used for VNF]; 
Based on the request, updating a filter for the first worker node for the first virtual network function, wherein the filter filters data traffic from or to the plurality of virtual network functions within the first worker node, wherein the first worker node is a virtual machine [see Sood Fig. 4, NFV security architecture, paragraph 123, activating the filtering policy at the computing nodes, the filtering policy allows network traffic to be filtered]; 
Based on the virtual network function, obtaining security rules for data traffic associated with the first virtual network function [see Sood paragraph 28, implementing security policy rules and security monitoring rules for the network traffic for which the NFV security agents is monitoring], wherein the security rules are updated periodically based on factors that comprise intrusions detected by a remote user plane orchestrator or remote filters; and
Based on the security rules for data traffic associated with the first virtual network function, denying, by the filter, a first packet of the data traffic [see Sood paragraph 123, filtering the network traffic, paragraph 124, blocking certain network traffic based on security policy].
Sood does not expressly disclose the features of wherein the security rules are updated periodically based on factors that comprise intrusions detected by a remote user plane orchestrator or remote filters.
However, in the same or similar field of invention, Banerjee discloses a system (Banerjee Figure 1) which includes a server system, network (which may include a virtual network), firewall, etc. An intrusion detection service at the service provider (see Banerjee Figure 6) may monitor the network for malicious activities or policy violation. It may correlate network log data and generate updates to set of security policies and provide the updated set of policies to the firewall or other devices (see Banerjee 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood to have the features of wherein the security rules are updated periodically based on factors that comprise intrusions detected by a remote user plane orchestrator or remote filters; as taught by Banerjee. The suggestion/motivation would have been to improve network logging in a network with virtual computer system services (Banerjee paragraph 0015). 

Regarding claim 5, Sood and Banerjee disclose the apparatus of claim 1. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; based on detecting that the data traffic of the first type reaches the first threshold, generating an alert associated with data traffic security [Banerjee discloses that analysis and/or metrics may include alarms configured to transmit notifications in response to detected events, such as traffic is above a threshold (see Banerjee paragraph 0029)]; and based on the alert, sending a message to update security rules to restrict traffic for data traffic of a second virtual network function [Banerjee further discloses that network log information or notification may include various information associated with a flow, such as an action. The action may include a variety of actions taken by a firewall or other device implemented by resource service provider such as access or deny data (see Banerjee paragraph 0030). Network log data may be correlated and updates to security policies may be provided to the firewall and other devices (see Banerjee paragraph 0053)]. In addition, the same motivation is used as the rejection of claim 1.

Regarding claim 6, Sood and Banerjee disclose the apparatus of claim 1. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; and based on the detecting that the data traffic of the first type reaches the first threshold, sending a message to update security rules for data traffic of a second virtual network function [Banerjee discloses that analysis and/or metrics may include alarms configured to transmit notifications in response to detected events, such as traffic is above a threshold (see Banerjee paragraph 0029). 

Regarding claim 8, Sood discloses a computer readable storage medium storing computer executable instructions that when executed by a computing device cause said computing device to effectuate operations [See Sood paragraphs 0127-0128, software executed on hardware as an embodiment. A computing node may be embodied on any type of computing device which may include a processor, memory, etc. (see Sood paragraphs 0038-0040)] comprising: 
Obtaining a request to create a first virtual network function of a plurality of virtual network functions on a first worker node [see Sood paragraph 36, receiving a request to on-board (create) new VNF, paragraph 38, a computing node (worker node) being any physical and/or virtual processing and storage resources used for VNF]; 
Based on the request, updating a filter for the first worker node for the first virtual network function, wherein the filter filters data traffic from or to the plurality of virtual network functions within the first worker node, wherein the first worker node is a virtual machine [see Sood Fig. 4, NFV security architecture, paragraph 123, activating the filtering policy at the computing nodes, the filtering policy allows network traffic to be filtered]; 
Based on the virtual network function, obtaining security rules for data traffic associated with the first virtual network function [see Sood paragraph 28, implementing security policy rules and security monitoring rules for the network traffic for which the NFV security agents is monitoring], wherein the 
Based on the security rules for data traffic associated with the first virtual network function, denying, by the filter, a first packet of the data traffic [see Sood paragraph 123, filtering the network traffic, paragraph 124, blocking certain network traffic based on security policy].
Sood does not expressly disclose the features of wherein the security rules are updated periodically based on factors that comprise intrusions detected by a remote user plane orchestrator or remote filters.
However, in the same or similar field of invention, Banerjee discloses a system (Banerjee Figure 1) which includes a server system, network (which may include a virtual network), firewall, etc. An intrusion detection service at the service provider (see Banerjee Figure 6) may monitor the network for malicious activities or policy violation. It may correlate network log data and generate updates to set of security policies and provide the updated set of policies to the firewall or other devices (see Banerjee paragraph 0053). Furthermore, the system checks periodically for additional log information to be published and may transmit the information in real time (Banerjee paragraph 0055).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood to have the features of wherein the security rules are updated periodically based on factors that comprise intrusions detected by a remote user plane orchestrator or remote filters; as taught by Banerjee. The suggestion/motivation would have been to improve network logging in a network with virtual computer system services (Banerjee paragraph 0015).

Regarding claim 12, Sood and Banerjee disclose the computer readable storage medium of claim 8. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; and based on the detecting that the data traffic of the first type reaches the first threshold, sending a message to update security rules for data traffic of a second virtual network function [Banerjee discloses that analysis and/or metrics may include alarms configured to transmit notifications in response to detected events, such as traffic is above a threshold (see Banerjee paragraph 0029). Banerjee further discloses that network log information or notification 

Regarding claim 13, Sood and Banerjee disclose the computer readable storage medium of claim 8. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; and based on the detecting that the data traffic of the first type reaches the first threshold, sending a message to update security rules for data traffic of a second virtual network function [Banerjee discloses that analysis and/or metrics may include alarms configured to transmit notifications in response to detected events, such as traffic is above a threshold (see Banerjee paragraph 0029). Banerjee further discloses that network log information or notification may include various information associated with a flow, such as an action. The action may include a variety of actions taken by a firewall or other device implemented by resource service provider such as access or deny data (see Banerjee paragraph 0030). Network log data may be correlated and updates to security policies may be provided to the firewall and other devices (see Banerjee paragraph 0053)], wherein the second virtual network function is based on an image of the first virtual network function [Sood discloses that NFV architecture may include one or more instances of components such as controller, orchestrator, etc., and they may be mirrored (Sood paragraph 0053). VNF instances and components may be executing on same platform (Sood paragraphs 0067-0068); indicating VNFs based on same image]. In addition, the same motivation is used as the rejection of claim 8. 

Regarding claim 15, Sood discloses an apparatus comprising: a processor; and a memory coupled with the processor, the memory storing executable instructions that when executed by the processor cause the processor to effectuate operations [See Sood paragraphs 0127-0128, software executed on hardware as an embodiment. A computing node may be embodied on any type of computing device which may include a processor, memory, etc. (see Sood paragraphs 0038-0040)] comprising: 

Based on the alert, updating or creating a filter for the first worker node for the first virtual network function, wherein the filter filters data traffic from or to the of plurality virtual network functions within the first worker node, wherein the first worker node is a virtual machine [see Sood Fig. 4, NFV security architecture, paragraph 123, activating the filtering policy at the computing nodes, the filtering policy allows network traffic to be filtered]; 
Based on the virtual network function, obtaining security rules for data traffic associated with the first virtual network function [see Sood paragraph 28, implementing security policy rules and security monitoring rules for the network traffic for which the NFV security agents is monitoring], wherein the security rules are updated periodically based on factors that comprise intrusions detected by a remote user plane orchestrator or remote filters; and 
Based on the security rules for data traffic associated with the first virtual network function, denying, by the filter, a first packet of the data traffic [see Sood paragraph 123, filtering the network traffic, paragraph 124, blocking certain network traffic based on security policy].
Sood does not expressly disclose the features of wherein the security rules are updated periodically based on factors that comprise intrusions detected by a remote user plane orchestrator or remote filters.
However, in the same or similar field of invention, Banerjee discloses a system (Banerjee Figure 1) which includes a server system, network (which may include a virtual network), firewall, etc. An intrusion detection service at the service provider (see Banerjee Figure 6) may monitor the network for malicious activities or policy violation. It may correlate network log data and generate updates to set of security policies and provide the updated set of policies to the firewall or other devices (see Banerjee paragraph 0053). Furthermore, the system checks periodically for additional log information to be published and may transmit the information in real time (Banerjee paragraph 0055).


Regarding claim 19, Sood and Banerjee disclose the apparatus of claim 15. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; and based on the detecting that the data traffic of the first type reaches the first threshold, sending a message to update security rules for data traffic of a second virtual network function [Banerjee discloses that analysis and/or metrics may include alarms configured to transmit notifications in response to detected events, such as traffic is above a threshold (see Banerjee paragraph 0029). Banerjee further discloses that network log information or notification may include various information associated with a flow, such as an action. The action may include a variety of actions taken by a firewall or other device implemented by resource service provider such as access or deny data (see Banerjee paragraph 0030). Network log data may be correlated and updates to security policies may be provided to the firewall and other devices (see Banerjee paragraph 0053)]. In addition, the same motivation is used as the rejection of claim 15.

Regarding claim 20, Sood and Banerjee disclose the apparatus of claim 15. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; and based on the detecting that the data traffic of the first type reaches the first threshold, sending a message to update security rules for data traffic of a second virtual network function [Banerjee discloses that analysis and/or metrics may include alarms configured to transmit notifications in response to detected events, such as traffic is above a threshold (see Banerjee paragraph 0029). Banerjee further discloses that network log information or notification may include various information associated with a flow, such as an action. The action may include a variety of actions taken by a firewall or other device implemented by resource service provider such as access or deny data (see Banerjee .

Claims 2-3, 9-10 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Sood in view of Banerjee, and further in view of Paczkowski et al. (US 9,578,664, hereinafter Paczkowski). 

Regarding claim 2, Sood and Banerjee disclose the apparatus of claim 1. Sood and Banerjee do not expressly disclose that the first virtual network function comprises a serving gateway.
However, in the same or similar field of invention, Paczkowski discloses a serving gateway virtualized network function on a virtual computing environment (see Paczkowski column 23, lines 33+).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first virtual network function comprises a serving gateway; as taught by Paczkowski. The suggestion/motivation would have been to increase network security for especially sensitive communication transactions (Paczkowski column 1 lines 26-36 and 40-60).

Regarding claim 3, Sood and Banerjee disclose the apparatus of claim 1. Sood and Banerjee do not expressly disclose wherein the first virtual network function comprises a packet data network gateway.
However, in the same or similar field of invention, Paczkowski discloses that a packet gateway may be provided as a virtualized network function (see Paczkowski column 12, lines 1-14).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first virtual network function comprises a packet data network gateway; as taught by Paczkowski. The suggestion/motivation 

Regarding claim 9, Sood and Banerjee disclose the computer readable storage medium of claim 8. Sood and Banerjee do not expressly disclose wherein the first virtual network function comprises a serving gateway.
However, in the same or similar field of invention, Paczkowski discloses a serving gateway virtualized network function on a virtual computing environment (see Paczkowski column 23, lines 33+).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first virtual network function comprises a serving gateway; as taught by Paczkowski. The suggestion/motivation would have been to increase network security for especially sensitive communication transactions (Paczkowski column 1 lines 26-36 and 40-60).

Regarding claim 10, Sood and Banerjee disclose the computer readable storage medium of claim 8. Sood and Banerjee do not expressly disclose wherein the first virtual network function comprises a packet data network gateway. 
However, in the same or similar field of invention, Paczkowski discloses that a packet gateway may be provided as a virtualized network function (see Paczkowski column 12, lines 1-14).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first virtual network function comprises a packet data network gateway; as taught by Paczkowski. The suggestion/motivation would have been to increase network security for especially sensitive communication transactions (Paczkowski column 1 lines 26-36 and 40-60). 

Regarding claim 16, Sood and Banerjee disclose the apparatus of claim 15. Sood and Banerjee do not expressly disclose wherein the first virtual network function comprises a serving gateway.

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first virtual network function comprises a serving gateway; as taught by Paczkowski. The suggestion/motivation would have been to increase network security for especially sensitive communication transactions (Paczkowski column 1 lines 26-36 and 40-60).

Regarding claim 17, Sood and Banerjee disclose the apparatus of claim 15. Sood and Banerjee do not expressly disclose wherein the first virtual network function comprises a packet data network gateway.
However, in the same or similar field of invention, Paczkowski discloses that a packet gateway may be provided as a virtualized network function (see Paczkowski column 12, lines 1-14).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first virtual network function comprises a packet data network gateway; as taught by Paczkowski. The suggestion/motivation would have been to increase network security for especially sensitive communication transactions (Paczkowski column 1 lines 26-36 and 40-60).

Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Sood in view of Banerjee, and further in view of Cui et al. (US 2018/0131578, hereinafter Cui). 

Regarding claim 4, Sood and Banerjee disclose the apparatus of claim 1. Sood and Banerjee do not expressly disclose wherein the first worker node is associated with a connected car.
However, in the same or similar field of invention, Cui discloses regarding using distributed VNF elements to serve Vehicle-to-Vehicle services, indicating virtualized network functions are associated with a car connected to the network (see Cui paragraph 0069).


Regarding claim 11, Sood and Banerjee disclose the computer readable storage medium of claim 8. Sood and Banerjee do not expressly disclose wherein the first worker node is associated with a connected car.
However, in the same or similar field of invention, Cui discloses regarding using distributed VNF elements to serve Vehicle-to-Vehicle services, indicating virtualized network functions are associated with a car connected to the network (see Cui paragraph 0069).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first worker node is associated with a connected car; as taught by Cui. The suggestion/motivation would have been to improve the mobility network, scalability, efficiency and end user experience (Cui paragraph 0077).

Regarding claim 18, Sood and Banerjee disclose the apparatus of claim 15. Sood and Banerjee do not expressly disclose wherein the first worker node is associated with a connected car.
However, in the same or similar field of invention, Cui discloses regarding using distributed VNF elements to serve Vehicle-to-Vehicle services, indicating virtualized network functions are associated with a car connected to the network (see Cui paragraph 0069).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the first worker node is associated with a connected car; as taught by Cui. The suggestion/motivation would have been to improve the mobility network, scalability, efficiency and end user experience (Cui paragraph 0077).

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Sood in view of Banerjee, and further in view of Djukic et al. (US 2018/0062943, hereinafter Djukic). 

Regarding claim 7, Sood and Banerjee disclose the apparatus of claim 1. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; and based on the detecting that the data traffic of the first type reaches the first threshold, sending a message to update security rules for data traffic of a second virtual network function [Banerjee discloses that analysis and/or metrics may include alarms configured to transmit notifications in response to detected events, such as traffic is above a threshold (see Banerjee paragraph 0029). Banerjee further discloses that network log information or notification may include various information associated with a flow, such as an action. The action may include a variety of actions taken by a firewall or other device implemented by resource service provider such as access or deny data (see Banerjee paragraph 0030). Network log data may be correlated and updates to security policies may be provided to the firewall and other devices (see Banerjee paragraph 0053)].
Sood and Banerjee do not expressly disclose wherein the second virtual function operates in a second worker node.
However, in the same or similar field of invention Djukic discloses a network condition where VNF sever (worker node) may exceed capacity. The enhancement may include deploying additional VNFs of the same type (i.e., a second VNF based on the first VNF to increase capacity); VNFs not necessarily co-located with each other and run on different virtual machines and/or physical machines in the network (see Djukic table on page 10).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the second virtual function operates in a second worker node; as taught by Djukic. The suggestion/motivation would have been to provide service enhancement discovery, and allow more efficient use of resources in the network (Djukic paragraph 0037).

Regarding claim 14, Sood and Banerjee disclose the computer readable storage medium of claim 8. Sood and Banerjee further disclose regarding detecting that data traffic of a first type for the first virtual network function reaches a first threshold; and based on the detecting that the data traffic of the 
Sood and Banerjee do not expressly disclose wherein the second virtual function operates in a second worker node.
However, in the same or similar field of invention Djukic discloses a network condition where VNF sever (worker node) may exceed capacity. The enhancement may include deploying additional VNFs of the same type (i.e., a second VNF based on the first VNF to increase capacity); VNFs not necessarily co-located with each other and run on different virtual machines and/or physical machines in the network (see Djukic table on page 10).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Sood and Banerjee to have the feature of the second virtual function operates in a second worker node; as taught by Djukic. The suggestion/motivation would have been to provide service enhancement discovery, and allow more efficient use of resources in the network (Djukic paragraph 0037).


Response to Arguments

Applicant’s arguments filed on 3/10/2021 with respect to claim rejection under 35 U.S.C. § 102 and 103 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. The rejection has been revised according to the amended claims. 


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAUMIT SHAH whose telephone number is (571)272-6959.  The examiner can normally be reached on Monday - Friday 9 am - 6 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, EDAN ORGAD can be reached on (571) 272-7884.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact 






/SAUMIT SHAH/Primary Examiner, Art Unit 2414