Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
DETAILED ACTION
This action is in response to applicant’s submittal made on 6/14/2020.  Claims 1-20 are pending. 
Specification (Title)
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1, 14 and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,812,532 and 532’ hereinafter. Although the claims at issue are not identical, they are not patentably distinct from each other because both sets of claims are drawn to the following: 
(16/900958) extract a unique device identifier or a unique subscriber identifier from a message to associate with the subscriber identity, wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI), and wherein the unique subscriber identifier includes an International Mobile Subscriber Identity (IMSI); determine an application identifier for user traffic associated with the new session at the security platform, comprising: monitor, via deep packet inspection, tunneled user traffic to obtain the application identifier; associate the application identifier with the unique device identifier or the unique subscriber identifier; and apply a security policy at the security platform to the new session based on the maps to (532’) wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI), and wherein the unique subscriber identifier includes an International Mobile Subscriber Identity (IMSI); determine an application identifier for user traffic associated with the new session at the security platform, comprising: monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; associate the application identifier with the unique device identifier or the unique subscriber identifier; and determine a security policy to apply at the security platform to the new session based on the application identifier and the associated unique device identifier or the unique subscriber identifier, wherein the security policy includes one or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention; and a memory coupled to the hardware processor and configured to provide the hardware processor with instructions. 

Claims 1, 14 and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,721,272 and 272’ hereinafter. Although the claims at issue are not identical, they are not patentably distinct from each other because both sets of claims are drawn to the following: 
(16/900958) extract a unique device identifier or a unique subscriber identifier from a message to associate with the subscriber identity, wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI), and wherein the unique subscriber identifier includes an International Mobile Subscriber Identity (IMSI); determine an application identifier for user traffic associated with the new session at the security platform, comprising: monitor, via deep packet inspection, tunneled user traffic to obtain the application identifier; associate the application identifier with the unique device identifier or the unique subscriber identifier; and apply a security policy at the security platform to the new session based on the application identifier and the associated unique device identifier or the unique subscriber identifier, wherein the security policy includes one or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention; and a memory coupled to the hardware processor and configured to provide the hardware processor with instructions; maps to (272’) wherein the device identifier is a mobile device identifier, and wherein the mobile device identifier includes an Internet of Things (IoT) equipment identity that includes extracted International Mobil Equipment Identity (IMEI) Software Version (IMEISV) information; determine an application identifier for user traffic associated with the new session at the security platform, comprising to: monitor, via deep packet inspection, tunneled user traffic after the new session has been created to obtain the application identifier, wherein the tunneled user traffic includes General Packet Radio Service (GPRS) Tunneling Protocol User Plane (GTP-U) traffic; and determine a security policy to apply at the security platform to the new session based on the device identifier and the application identifier; and a memory coupled to the hardware processor and configured to provide the hardware processor with instructions. 
Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 14-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kotecha et al. (US Patent Publication No. 2014/0064180 and Kotecha hereinafter) in view of Zhou et al. (US Patent Publication No. 2012/0275348 and Zhou hereinafter).

As to claims 1, 14 and 20, Kotecha teaches a system, comprising: a hardware processor configured to: 
wherein the new session is associated with a Cellular Internet of Things (CIoT) device (i.e. …teaches in paragraph 0024 the following: “user device 110 may include a radiotelephone; a personal communications system ("PCS") terminal (e.g., a device that combines a cellular radiotelephone with data processing and data communications capabilities)”), 
comprising: 
extract a unique device identifier or a unique subscriber identifier from a message to associate with the subscriber identity (i.e., …teaches in paragraph 0011 the following: “component device of a network may analyze contents of a packet (e.g., may analyze a header and/or a payload of a packet) in order to identify, based on a header compression policy, whether to apply header compression to the packet and/or to other packets associated with a bearer channel on which the packet is transmitted.”. …teaches in paragraph 0093 the following: “Base station 105 may identify traffic attributes associated with some or all of the traffic by analyzing content of packets associated with the traffic. In other words, base station 105 may identify traffic attributes associated with traffic that is processed by base station 
wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI) (i.e., …teaches in paragraph 0048 the following: “…an International Mobile Equipment Identity ("IMEI") number”), 
and wherein the unique subscriber identifier includes an International Mobile Subscriber Identity (IMSI) (i.e., …teaches in paragraph 0048 the following: “… an International Mobile Subscriber Identity ("IMSI") number…”); 
determine an application identifier for user traffic associated with the new session at the security platform (i.e. …teaches in paragraph 0086 the following: “base station 105 may identify a header compression policy associated with the requested bearer channel based on attributes of the requested bearer channel (e.g., a QoS level associated with the requested bearer channel, a user device identifier associated with the requested bearer channel, an identification of an application …”.), 
comprising: monitor, via deep packet inspection, tunneled user traffic to obtain the application identifier (i.e.,. …teaches in paragraph 0086 the following: “base station 105 may receive information regarding a request for a bearer channel between user device 110 and base station 105. As described above with respect to blocks 510 and 515 of FIG. 5, base station 105 may identify a header compression policy associated with the requested bearer channel based on attributes of the requested bearer channel (e.g., a QoS level associated with the requested bearer channel, a user device identifier associated with the requested bearer channel, an identification of an application associated with the bearer channel request, a type of user device 110, etc.).”.),
and a memory coupled to the hardware processor and configured to provide the hardware processor with instructions (i.e., …teaches in paragraph 0035 the following: “processor 320, memory 330”).

Kotecha does not expressly teach:
monitor network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, 
associate the application identifier with the unique device identifier or the unique subscriber identifier; 
and apply a security policy at the security platform to the new session based on the application identifier and the associated unique device identifier or the unique subscriber identifier, 
wherein the security policy includes one or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention.
In this instance the examiner notes the teachings of prior art reference Zhou. 
With regards to applicant’s to claim limitation element of, “monitor network traffic on a service provider network at a security platform to identify a subscriber identity for a new session”, Zhou teaches in paragraph 0054 the following: “configuring, by the gateway device, a corresponding trigger event according to an identifier of an industrial user (MTC User or MTC Server or MTC Subscriber), or a user equipment identifier (such as an IMSI (International Mobile Subscriber Identification Number), MSISDN (Mobile Subscriber International ISDN/PSTN number), or APN (Access Point Name)), or an identifier of a group that the user equipment belongs to (such as an IMSI, MSISDN, APN, or Group ID), or the application feature of the user equipment, or the application feature of the industrial user/group (MTC User or MTC Server or MTC Subscriber or Group) that the user equipment belongs”.
With regards to applicant’s claim limitation element of, “associate the application identifier with the unique device identifier or the unique subscriber identifier”, Zhou teaches in paragraph 0095 the following: “obtains at least one of the application feature of the user equipment, the user equipment 
With regards to applicant’s claim limitation element of, “and apply a security policy at the security platform to the new session based on the application identifier and the associated unique device identifier or the unique subscriber identifier”, Zhou teaches in paragraph 0095 the following: “obtains at least one of the application feature of the user equipment, the user equipment identifier information, APN information, and the identifier of the group that the user equipment belongs to, and, optionally, the indication information indicating whether the user equipment is allowed to access the network beyond the applicable condition.
With regards to applicant’s claim limitation element of, “wherein the security policy includes one or more security rules for threat detection, threat prevention, Uniform Resource Location (URL) filtering, Denial of Service (DoS) detection, and/or Denial of Service (DoS) prevention”, the examiner notes that applicant’s usage to the word “or” places the above limitation in alternative form. As such with regards to applicant’s alternative claim limitation element of, “threat detection”, Zhou teaches in paragraph 0043 the following: “user equipment accesses the network beyond the applicable condition in subscription data. For example, if the subscription data defines information about the access time subscribed (predefined) by the user equipment, "A user equipment accesses a network beyond an applicable condition" means that the user equipment accesses the network beyond subscribed (predefined) time; if the subscription data defines information about a location subscribed (predefined) by the user equipment, "A user equipment accesses a network beyond an applicable condition" means that the user equipment accesses the network beyond a subscribed (predefined) location area, and so on.”.  


As to claims 2 and 15, the system of Kotecha and Zhou as applied to claim 1 above, specifically Kotecha teaches a system recited in claim 1, and wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI) ) (i.e., …teaches in paragraph 0048 the following: “… an International Mobile Subscriber Identity ("IMSI") number, an International Mobile Equipment Identity ("IMEI") number, or some other user device identifier) of "12345”.).

Kotecha does not expressly teach:
wherein the security platform is configured with a plurality of security policies based on the subscriber identity and the application identifier.
In this instance the examiner notes the teachings of prior art reference Zhou. 
Zhou teaches in paragraph 0054 the following: “… trigger event according to an identifier of an industrial user (MTC User or MTC Server or MTC Subscriber), or a user equipment identifier (such as an IMSI (International Mobile Subscriber Identification Number), MSISDN (Mobile Subscriber International ISDN/PSTN number), or APN (Access Point Name)), or an identifier of a group that the user equipment belongs to (such as an IMSI, MSISDN, APN, or Group ID), or the application feature of the user equipment, or the application feature of the industrial user/group (MTC User or MTC Server or MTC Subscriber or Group) that the user equipment belongs”.


As to claims 3 and 16, the system of Kotecha and Zhou as applied to claim 1 above, specifically Kotecha teaches a system recited in claim 1, wherein the subscriber identity includes an International Mobile Subscriber Identity (IMSI) (i.e., …teaches in paragraph 0048 the following: “ an International Mobile Subscriber Identity ("IMSI") number…”.), 
and wherein the unique device identifier includes an International Mobile Equipment Identifier (IMEI) (i.e., …teaches in paragraph 0048 the following: “…an International Mobile Equipment Identity ("IMEI") number…”.).

Kotecha does not expressly teach:
wherein the security platform is configured with a plurality of security policies based on the subscriber identity, the unique device identifier, and the application identifier.
In this instance the examiner notes the teachings of prior art reference Zhou. 
Zhou teaches in paragraph 0054 the following: “… trigger event according to an identifier of an industrial user (MTC User or MTC Server or MTC Subscriber), or a user equipment identifier (such as an IMSI (International Mobile Subscriber Identification Number), MSISDN (Mobile Subscriber International ISDN/PSTN number), or APN (Access Point Name)), or an identifier of a group that the user equipment belongs to (such as an IMSI, MSISDN, APN, or Group ID), or the application feature of the user 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha with the teachings of Zhou by including the feature of security policy. Utilizing security policy association as taught by Zhou above allows a system to provide comprehensive access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Kotecha's system will obtain the capability to provide enhanced system security. 

As to claims 4 and 17, the system of Kotecha and Zhou as applied to claim 1 above, specifically Kotecha teaches a system recited in claim 1, wherein the security platform monitors wireless interfaces including a plurality of interfaces for a control protocol and user data traffic in a mobile core s network for a 4G and/or 5G network (i.e., …teaches in paragraph 0034 the following: “Network 265 may include one or more wired and/or wireless networks. For example, network 265 may include a cellular network, a public land mobile network ("PLMN"), a second generation ("2G") network, a third generation ("3G") network, a fourth generation ("4G") network, a fifth generation ("5G") network, and/or another network.”.).

As to claim 6, the system of Kotecha and Zhou as applied to claim 1 above, specifically Kotecha does not teach a system recited in claim 1, wherein the security platform is configured with a plurality of security policies based on the subscriber identity and the application identifier.
In this instance the examiner notes the teachings of prior art reference Zhou. 
Zhou teaches in paragraph 0054 the following: “…trigger event according to an identifier of an industrial user (MTC User or MTC Server or MTC Subscriber), or a user equipment identifier (such as an 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha with the teachings of Zhou by including the feature of security policy. Utilizing security policy association as taught by Zhou above allows a system to provide comprehensive access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Kotecha's system will obtain the capability to provide enhanced system security. 

Claims 5, 7-10 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Kotecha in view of Zhou as applied to claims 1 and 14 above and further in of Zhu (US Patent Publication No. 2006/0174001).

As to claims 5 and 18, the system of Kotecha and Zhou as applied to claim 1 above, Kotecha and Zhou does not expressly teach a system recited in claim 1, wherein the security platform monitors wireless interfaces including a plurality of interfaces for a GPRS Tunneling Protocol (GTP) in a mobile core network for a 4G and/or 5G network, including an S11 interface.
In this instance the examiner notes the teachings of prior art reference Zhu. 
Zhu teaches in paragraph 0047 the following: “In the case of a GPRS/EDGE/WCDMA network, the identity of the mobile subscriber may be obtained from relevant data capture at the Gn interface 13 between the SGSN 12 and the GGSN 15. The relevant data may be in GTP-C messages sent during a PDP 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Zhu by including the feature of session monitoring. Utilizing session monitoring as taught by Zhu above allows a system to provide comprehensive malicious threat detection and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Kotecha and Zhou will obtain the capability to provide enhanced threat security. 

As to claim 7, the system of Kotecha and Zhou as applied to claim 1 above, Kotecha and Zhou does not expressly teach a system recited in claim 1, wherein the security platform is configured to perform security policy enforcement for CIoT.
In this instance the examiner notes the teachings of prior art reference Zhu. 
Zhu teaches in paragraph 0043 the following: “a set of pre-defined rules in order to detect any malicious traffic patterns”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Zhu by including the feature of session monitoring. Utilizing session monitoring as taught by Zhu above allows a system to provide comprehensive malicious threat detection and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Kotecha and Zhou will obtain the capability to provide enhanced threat security. 

As to claim 8, the system of Kotecha and Zhou as applied to claim 1 above, Kotecha and Zhou does not expressly teach a system recited in claim 1, wherein the security platform is configured to perform threat detection for known threats for CIoT. 
In this instance the examiner notes the teachings of prior art reference Zhu. 
Zhu teaches in paragraph 0032 the following: “tracks malicious activity of the mobile subscriber”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Zhu by including the feature of session monitoring. Utilizing session monitoring as taught by Zhu above allows a system to provide comprehensive malicious threat detection and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Kotecha and Zhou will obtain the capability to provide enhanced threat security. 
 
As to claim 9, the system of Kotecha and Zhou as applied to claim 1 above, Kotecha and Zhou does not expressly teach a system recited in claim 1, wherein the security platform is configured to perform advanced threat detection for unknown threats for CIoT.
In this instance the examiner notes the teachings of prior art reference Zhu. 
Zhu teaches in paragraph 0043 the following: “a set of pre-defined rules in order to detect any malicious traffic patterns”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Zhu by including the feature of session monitoring. Utilizing session monitoring as taught by Zhu above allows a system to provide comprehensive malicious threat detection and therefore provides the motivation in 

As to claim 10, the system of Kotecha and Zhou as applied to claim 1 above, Kotecha and Zhou does not expressly teach a system recited in claim 1, wherein the security platform is configured to perform Uniform Resource Link (URL) filtering for CIoT.
In this instance the examiner notes the teachings of prior art reference Zhu. 
Zhu teaches in paragraph 0076 the following: “The "Subscriber Notification module" 105 may send a redirection request 500 to the " URL Redirection sub-module" 106 to process a notification (not shown). The " URL Redirection sub-module" 106 may then send a creation request 501 to a web server 522. The creation request 501 may include information about the mobile subscriber's malicious traffic, e.g., virus type, hacking attempts, traffic sent, IP address, etc. The web server 522 may craft a specially designed web page 506 which the mobile subscriber 586 may retrieve at a later stage.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Zhu by including the feature of session monitoring. Utilizing session monitoring as taught by Zhu above allows a system to provide comprehensive malicious threat detection and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Kotecha and Zhou will obtain the capability to provide enhanced threat security. 

Claims 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Kotecha in view of Zhou as applied to claim 1 above and further in of Gupta et al. (US Patent Publication No. 2014/0189861 and Gupta hereinafter).

As to claim 11, the system of Kotecha and Zhou as applied to claim 1 above, specifically Kotecha and Zhou does not teach a system recited in claim 1, wherein the security platform is configured to perform application Denial of Service (DoS) detection for CIoT.
In this instance the examiner notes the teachings of prior art reference Gupta. 
Gupta teaches in paragraph 0054 the following: “interfere with the normal operation of a computer or network through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Gupta by including the feature of advance threat detection. Utilizing advance threat detection as taught by Gutpa above allows a system to provide comprehensive security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Kotecha and Zhou will obtain the capability to provide enhanced security event detection. 

As to claim 12, the system of Kotecha and Zhou as applied to claim 1 above, specifically Kotecha and Zhou does not teach a system recited in claim 1, wherein the security platform is configured to perform application Denial of Service (DoS) prevention for CIoT.
In this instance the examiner notes the teachings of prior art reference Gupta. 
Gupta teaches in paragraph 0054 the following: “interfere with the normal operation of a computer or network through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Gupta by including the feature of advance threat detection. Utilizing advance threat detection as taught by Gutpa . 

Claims 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kotecha in view of Zhou as applied to claims 1 and 14 above and further in of Anthony JR et al. (US Patent Publication No. 2014/0044019 and Anthony hereinafter).

As to claims 13 and 19, the system of Kotecha and Zhou as applied to claim 1 above, specifically Kotecha and Zhou does not teach a system recited in claim 1, wherein the hardware processor is further configured to: block the new session from accessing a resource based on the security policy.
In this instance the examiner notes the teachings of prior art reference Anthony. 
Anthony teaches in paragraph 0101 the following: “interfere with the normal operation of a computer or network through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kotecha and Zhou with the teachings of Anthony by including the feature of access blocking. Utilizing access blocking as taught by Anthony above allows a system to provide comprehensive access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Kotecha and Zhou will obtain the capability to provide enhanced system security. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN F WRIGHT/               Examiner, Art Unit 2497