DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s Argument Regarding 102/103:
Applicant’s Argument: Applicant argues on page 9-10 that Rahman does not teach an application identifier that uniquely identifies the application but only teaches a label and identifying a local port which are not unique application identifiers.
Examiner’s Response: Applicant's arguments filed 6/08/2021 have been fully considered but they are not persuasive. Examiner notes that a new portion of Rahman is being cited based on the amended limitation regarding the application identifier uniquely identifying the application. Rahman teaches identifying a label for a service i.e. an application e.g. telnet ¶0052-55 considered identifying an application that is considered unique. The claim does not recite what specifically comprises the application identifier or if it is contents of a received packet. Only that an application identifier is identified. The label pertaining to telnet comprises the routing information to 140b and the identifying of the service / application “telnet”, this application identifier of telnet uniquely identifying the application. Examiner notes that any instance in which a specific service or application is identified is considered identifying an application identifier i.e. the very service itself that is identified, since the application identifier is not further recited as being a field or form of control information in a packet or request message. 

Applicant’s Argument: Applicant argues on page 9-10 that Rahman does not teach an application identifier that uniquely identifies the application and a label that includes route and type information.
Examiner’s Response: Applicant's arguments filed 6/08/2021 have been fully considered but they are not persuasive. Examiner notes that a new portion of Rahman is being cited based on the 

Applicant’s Argument: Applicant argues page 9-10 that Rahman does not teach an application identifier that uniquely identifies the application and a label that includes version information.
Examiner’s Response: Applicant’s arguments with respect to claim(s) 1, 8 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Applicant has added that the label indicates a “version” necessitating an updated search and a new grounds of rejection with a new reference, see below. Examiner notes that version information is considered under broadest reasonable interpretation to be an indicator of various forms of traffic sent by the UE as version is not expressly defined, thus any information that identifies application data is considered version data.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1-3, 5-10, 12-17, 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rahman (US 20070091875 A1) in view of Lee et al. (“Lee”) (US 20160269467 A1).

Regarding claim 1, Rahman teaches:
A device, comprising: one or more processors; and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause the device to perform operations [Figure 1 shows mobile device with modules including 140a implemented with processors ¶0022] comprising: 
detecting, by a mobile agent of the device [Figure 1 shows 140a see Figure 2 mobile agent module on device], a request to route traffic to a service associated with an application [¶0031 application may send a query i.e. request for port numbers assigned to a service];
identifying, by the mobile agent, an application identifier associated with the application, wherein the application identifier uniquely identifies the application [¶0031-34, ¶0051-54 shows instances in which agent 140a identifies telnet service considered identifying an application identifier considered a unique application identifier, Examiner further noting that identifying a service in itself is identifying an application identifier as the application identifier is not further recited to be physically included anywhere thus the act of identifying a unique service means an application identifier is identified as in Rahman when telnet is identified]; 
selecting, by the mobile agent and using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes one or more routes and a type of the application [¶0034 and Figure 5 shows plurality of labels, and label attached to outgoing packet includes information on type and routes see ¶0054-55, label in Figure 5 115 in 410 includes 140b and telnet considered a route to element 140b and type being telnet, “any data received over session 115 will be labeled with 140b and `telnet`. The standard applications send and receive data”, table stored on mobile device side in mobile agent, the telnet field of the label considered based on application identifier which specifies telnet as the unique application identifier]; 
and routing, by the mobile agent, the traffic to the service associated with the application using the label [¶0039-42, ¶0054-55 sending packet on outgoing session to ASP via 144 Figure 2 with the label on session to terminating server].
Rahman teaches indicating a type and route using what is considered a label but not a version however Lee application labels may include a number indicating a version [¶0120-121, user inserts identifier regarding version of traffic into label of data].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to include another field within a label field of the packet sent by the mobile agent to include a version information. Rahman teaches identifying routes and types of applications but not a version however Lee teaches a label may further include version information in a flow label which is a label supported in Applicant’s specification, it would have been obvious to add this information to the label information of Rahman in order to instruct which traffic comprises pertinent information in order that the network may correspond certain data with the traffic ¶0120-121.

Regarding claim 2, Rahman-Lee teaches:
The device of Claim 1, wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services [See Rahman ¶0057 and Figure 7, wherein an exemplary model includes a firewall and the labels support firewall services e.g. accessing data behind-the-firewall without the firewall opening a hole].

Regarding claim 3, Rahman-Lee teaches:
The device of Claim 1, wherein a head-end node: receives the label [Rahman ¶0052-55, ALSRGW 140b receives data with labels]; maintains one or more policies in a policy table [Rahman ¶0052-55 head end node maintains table GLSPM 147 with entries ]; and uses the one or more [ Rahman ¶0052-55, sending and receiving data based on the label, forwarded over session 123].

Regarding claim 5, Rahman-Lee teaches:
The device of Claim 1, wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN); a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label [Rahman ¶0058 wherein an exemplary model includes labels within a VPN thus associated with VPN].

Regarding claim 6, Rahman-Lee teaches:
The device of Claim 1, wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service [Rahman Figure 7, firewall-protected enterprise model ¶0057 considered private enterprise service ¶0022].

Regarding claim 7, Rahman-Lee teaches:
The device of Claim 1, the operations further comprising: maintaining, by the mobile agent, a policy table comprising one or more policies [Rahman ¶0054 mapping table at ALSRGW 140a in 410 or 411 Figure 5 either are considered a policy table comprising policies e.g. entries indicating sessions and corresponding labels]; and mapping, by the mobile agent, the application identifier associated with the application to the label using the one or more policies [Rahman ¶0054 label based on 410 and 411].

Regarding claim 8, Rahman teaches:
A method, comprising: detecting [Figure 1 shows 140a see Figure 2 mobile agent module on device] a request to route traffic to a service associated with an application [¶0031 application may send a query i.e. request for port numbers assigned to a service]; identifying an application identifier [¶0031-34, ¶0051-54 shows instances in which agent 140a identifies telnet service considered identifying an application identifier considered a unique application identifier, Examiner further noting that identifying a service in itself is identifying an application identifier as the application identifier is not further recited to be physically included anywhere thus the act of identifying a unique service means an application identifier is identified as in Rahman when telnet is identified]; selecting, using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes one or more routes and a type of the application [¶0034 and Figure 5 shows plurality of labels, and label attached to outgoing packet includes information on type and routes see ¶0054-55, label in Figure 5 115 in 410 includes 140b and telnet considered a route to element 140b and type being telnet, “any data received over session 115 will be labeled with 140b and `telnet`. The standard applications send and receive data”, table stored on mobile device side in mobile agent, the telnet field of the label considered based on application identifier which specifies telnet as the unique application identifier]; and routing the traffic to the service associated with the application using the label [¶0039-42, ¶0054-55 sending packet on outgoing session to ASP via 144 Figure 2 with the label on session to terminating server].
Rahman teaches indicating a type and route using what is considered a label but not a version however Lee application labels may include a number indicating a version [¶0120-121, user inserts identifier regarding version of traffic into label of data].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to include another field within a label field of the packet sent by the mobile agent to include a version information. Rahman teaches identifying routes and types of applications but not a version however Lee teaches a label may further include version information in a flow label which is a label supported in Applicant’s specification, it would have been obvious to add this information to the label information of Rahman in order to instruct which traffic comprises pertinent information in order that the network may correspond certain data with the traffic ¶0120-121.



The method of Claim 8, wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services [Rahman See ¶0057 and Figure 7, wherein an exemplary model includes a firewall and the labels support firewall services e.g. accessing data behind-the-firewall without the firewall opening a hole].

Regarding claim 10, Rahman-Lee teaches:
The method of Claim 8, wherein a head-end node: receives the label [Rahman ¶0052-55, ALSRGW 140b receives data with labels]; maintains one or more policies in a policy table [Rahman ¶0052-55 head end node maintains table GLSPM 147 with entries]; and uses the one or more policies and the label to route the traffic to the service associated with the application [Rahman ¶0052-55, sending and receiving data based on the label, forwarded over session 123].

Regarding claim 12, Rahman-Lee teaches:
The method of Claim 8, wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN) a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label [Rahman ¶0058 wherein an exemplary model includes labels within a VPN thus associated with VPN].

Regarding claim 13, Rahman-Lee teaches:
The method of Claim 8, wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service [Rahman Figure 7, firewall-protected enterprise model ¶0057 considered private enterprise service ¶0022].


The method of Claim 8, further comprising: maintaining a policy table comprising one or more policies [Rahman ¶0054 mapping table at ALSRGW 140a in 410 Figure 5 considered a policy table comprising policies e.g. entries indicating sessions and corresponding labels]; and mapping the application identifier associated with the application to the label using the one or more policies [Rahman ¶0054 label based on 410].

Regarding claim 15, Rahman teaches:
One or more computer-readable non-transitory storage media embodying instructions that, when executed by a processor, cause the processor to perform operations [Figure 1 shows mobile device with modules including 140a implemented with processors ¶0022] comprising: detecting [Figure 1 shows 140a see Figure 2 mobile agent module on device] a request to route traffic to a service associated with an application [¶0031 application may send a query i.e. request for port numbers assigned to a service]; identifying an application identifier associated with the application, wherein the application identifier uniquely identifies the application [¶0031-34, ¶0051-54 shows instances in which agent 140a identifies telnet service considered identifying an application identifier considered a unique application identifier, Examiner further noting that identifying a service in itself is identifying an application identifier as the application identifier is not further recited to be physically included anywhere thus the act of identifying a unique service means an application identifier is identified as in Rahman when telnet is identified];  selecting, using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes one or more routes and a type of the application [¶0034 and Figure 5 shows plurality of labels, and label attached to outgoing packet includes information on type and routes see ¶0051-55, label in Figure 5 115 in 410 includes 140b and telnet considered a route to element 140b and type being telnet, “any data received over session 115 will be labeled with 140b and `telnet`. The standard applications send and receive data”, table stored on mobile device side in mobile agent, the telnet field of the label considered based on application identifier which specifies telnet as the unique application identifier].
[¶0120-121, user inserts identifier regarding version of traffic into label of data].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to include another field within a label field of the packet sent by the mobile agent to include a version information. Rahman teaches identifying routes and types of applications but not a version however Lee teaches a label may further include version information in a flow label which is a label supported in Applicant’s specification, it would have been obvious to add this information to the label information of Rahman in order to instruct which traffic comprises pertinent information in order that thr network may correspond certain data with the traffic ¶0120-121.

Regarding claim 16, Rahman-Lee teaches:
The one or more computer-readable non-transitory storage media of Claim 15, wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services [Rahman See ¶0057 and Figure 7, wherein an exemplary model includes a firewall and the labels support firewall services e.g. accessing data behind-the-firewall without the firewall opening a hole].

Regarding claim 17, Rahman-Lee teaches:
The one or more computer-readable non-transitory storage media of Claim 15, wherein a head-end node: receives the label [Rahman ¶0052-55, ALSRGW 140b receives data with labels]; maintains one or more policies in a policy table [Rahman ¶0052-55 head end node maintains table GLSPM 147 with entries]; and uses the one or more policies and the label to route the traffic to the service associated with the application [Rahman ¶0052-55, sending and receiving data based on the label, forwarded over session 123].

Regarding claim 19, Rahman-Lee teaches:
[Rahman ¶0058 wherein an exemplary model includes labels within a VPN thus associated with VPN].

Regarding claim 20, Rahman-Lee teaches:
The one or more computer-readable non-transitory storage media of Claim 15, wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service [Rahman Figure 7, firewall-protected enterprise model ¶0057 considered private enterprise service ¶0022].

Claim 4, 11, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rahman (US 20070091875 A1) in view of Lee et al. (“Lee”) (US 20160269467 A1) and Stahura et al. (“Stahura”) (US 20160173440 A1).

Regarding claim 4, Rahman-Lee teaches:
The device of Claim 1, the operations further comprising: receiving, by the mobile agent, a request; and using the application identifier to map the request to the label [Rahman ¶0052-55 application request assigned to a label based on the application and mapping at mobile device 140a, thus request is received by modules of 140a that map the request to a label for transmission].
Rahman teaches a request but does not teach a DNS request.
Stahura teaches wherein the request is a Domain Name System (DNS) request [¶0027-31, remote device wherein request “received” at mobile agent comprising labels added to the received DNS request see ¶0010, ¶0015-23 Figure 1, 3 wherein request received at modules from DNS messenger 164].


Regarding claim 11, Rahman-Lee teaches:
The method of Claim 8, further comprising: receiving a request; and using the application identifier to map the request to the label [Rahman ¶0052-55 application request assigned to a label based on the application and mapping at mobile device 140a, thus request is received by modules of 140a that map the request to a label for transmission].
Stahura teaches wherein the request is a Domain Name System (DNS) request [¶0027-31, remote device wherein request “received” at mobile agent comprising labels added to the received DNS request see ¶0010, ¶0015-23 Figure 1, 3 wherein request received at modules from DNS messenger 164].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to teach adding a label. Rahman teaches a request is received at a module of the mobile agent 140a for transmission to establish a label session with a server see Figure 2, ¶0052-55. Rahman does not teach this is a DNS request however it would have been obvious to modify Rahman to teach a DNS request as in Stahura as Stahura teaches DNS requests comprising specific labels as generated and received at different modules of a remote device for purposes of obtaining mappings from a domain name to a corresponding IP address ¶0010.

Regarding claim 18, Rahman-Lee teaches The one or more computer-readable non-transitory storage media of Claim 15, the operations further comprising: receiving, by the mobile agent, a request; and using the application identifier to map the request to the label [Rahman ¶0052-55 application request assigned to a label based on the application and mapping at mobile device 140a, thus request is received by modules of 140a that map the request to a label for transmission].
Rahman teaches a request but does not teach a DNS request.
Stahura teaches wherein the request is a Domain Name System (DNS) request [¶0027-31, remote device wherein request “received” at mobile agent comprising labels added to the received DNS request see ¶0010, ¶0015-23 Figure 1, 3 wherein request received at modules from DNS messenger 164].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rahman to teach adding a label. Rahman teaches a request is received at a module of the mobile agent 140a for transmission to establish a label session with a server see Figure 2, ¶0052-55. Rahman does not teach this is a DNS request however it would have been obvious to modify Rahman to teach a DNS request as in Stahura as Stahura teaches DNS requests comprising specific labels as generated and received at different modules of a remote device for purposes of obtaining mappings from a domain name to a corresponding IP address ¶0010.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Edan Orgad can be reached on 571-272-7884.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JAY L VOGEL/             Examiner, Art Unit 2478