DETAILED ACTION
1.	Notice of Pre-AIA  or AIA  Status:  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1 and 3-21 are presented for allowance. 

3.	Claim 2 has been canceled, claims 1, 11, 12, 14, 15, 17, 18, and 20 have been amended, and new claim 21 has been added as filed on July 9, 2021.

4.	This allowance of application 16/782769 is in response to Applicant’s claim amendments and remarks filed on July 9, 2021.  Application 16/782769 has benefit date of April 3, 2019 from provisional 62/829020.

Claim Interpretations
5.	Claim 1 recites “to inject a first policy metadata into first data traffic.”  

Instant specification [0089] states “as used herein the term ‘metadata,’ ‘policy metadata,’ or ‘metadata of an endpoint,’ shall be used to refer to any data related to the local operation and local policy enforcement of the endpoint in the network environment with respect to the data traffic both to and from that endpoint,” “such metadata can include current location of the endpoint, the battery level of the endpoint, the radio access of the endpoint, application that is generating traffic at the endpoint, unusual change in data traffic volume, and the security status of the 
The instant specification explanations provide the interpretation (“any data related to the local operation and local policy enforcement of the endpoint”) applied to all the claims.


6	Claim 7 recites “policy-agnostic metadata.”  

Instant specification [0089] states “metadata can be either policy-specific metadata or policy-agnostic metadata” and “policy-agnostic metadata can include metadata that is generated without respect to a specific policy.  For example, the policy-agnostic metadata can include constantly tagging the traffic with the location of the endpoint.”  

To further explain the recited “policy-agnostic metadata,” a brief search reveals Shelton (US Pub 20180046753), Szabo et al. (US Pub 20100058433), and Yang et al. (“End-to-End Policy-Agnostic Security for Database-Backed Application”, 2015) to further provide explanation to the recited “policy-agnostic.”



Szabo et al. (US Pub 20100058433) [0004] states “sources, which contain knowledge about files and metadata, can pass events to policies when changes in data are detected.  The policies may then manage the data synchronization with other sources.  The sources are agnostic as to how the data is synchronized between sources.  Also, the policies are agnostic of the data that is being managed by sources.”

Yang et al. (“End-to-End Policy-Agnostic Security for Database-Backed Application”, 2015) (section 1. Introduction) states “we propose a policy-agnostic programming paradigm that allows the programmer to specify information flow policies separately from the rest of the applications.”

The instant specification and the prior arts provide the interpretation of “policy-agnostic metadata” applied to all the claims.

Examiner’s Amendment
7.	An examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR § 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the Issue Fee.

8.	Authorization for this examiner’s amendment was given by Ryan Davis via an email interview to USPTO on August 31, 2021.

9.	The claims have been amended as follows:

1.	(Previously Presented) A method comprising:
receiving, by a network device local to one or more endpoints in a network environment from a centralized network controller, one or more network-wide endpoint policies implemented across one or more WAN transport networks;
configuring a first endpoint of the one or more endpoints to inject a first policy metadata into first data traffic, 
wherein the first policy metadata includes data specific to the first endpoint for locally applying policies to the first endpoint;
receiving, by the network device from the first endpoint, the first policy metadata injected into the first data traffic;

locally applying, by the network device, the one or more first endpoint-specific policies to control additional data traffic associated with the first endpoint.

2.	(Canceled)

3.	(Original) The method of claim 1, wherein the data traffic associated with the first endpoint includes data traffic transmitted to the first endpoint.

4.	(Original) The method of claim 1, wherein the network device is on-path in one or more traffic flows to or from the first endpoint and the network device receives the first policy metadata with the first data traffic through at least one of the one or more traffic flows.

5.	(Original) The method of claim 1, wherein the one or more first endpoint-specific policies are derived from the one or more network-wide endpoint policies based on the first policy metadata.

6.	(Currently Amended) The method of claim 1, wherein the first policy metadata includes the data describing local operation of the first endpoint in the network environment with respect to the first data traffic.

7.	(Original) The method of claim 1, wherein the first policy metadata includes policy agnostic metadata for the first endpoint.

8.	(Original) The method of claim 1, wherein the first policy metadata includes policy specific metadata for the first endpoint, and the policy-specific metadata is generated to apply one or more explicit policies for the first endpoint.

9.	(Original) The method of claim 1, further comprising:
identifying, by the network device, past policy metadata injected into past data traffic and received from the first endpoint; and
determining, by the network device, the one or more first endpoint-specific policies for the first endpoint by evaluating the first policy metadata and the past policy metadata with respect to the one or more network-wide endpoint policies.

10.	(Original) The method of claim 1, further comprising:
removing, at the network device, the first policy metadata from the first data traffic; and
preventing dissemination of the first policy metadata outside of the network device and into the network environment.



12.	(Currently Amended) The method of claim 1, wherein the one or more network-wide endpoint policies include  a plurality of network-wide endpoint policies, the method further comprising: 
receiving a plurality of retrieved network-wide endpoint policies at the network device; and 
aggregating, at the network device, the plurality of network-wide endpoint policies as a subset of the plurality of retrieved network-wide endpoint policies
.

13.	(Original) The method of claim 12, wherein the plurality of retrieved network-wide endpoint policies are received from a plurality of policy sources and the plurality of network-wide endpoint policies are aggregated at the network device as the subset of the plurality of retrieved network-wide endpoint policies based on the first endpoint.

14.	(Currently Amended) The method of claim 1, further comprising:

aggregating, by the network device, the sequential policy updates to generate aggregated policy updates for the one or more network-wide endpoint policies;
modifying, by the network device, the one or more first endpoint-specific policies based on the aggregated policy updates to generate one or more updated the first endpoint-specific policies; and
applying, by the network device, the one or more updated first endpoint-specific policies to further control the additional data traffic associated with the first endpoint based on the sequential policy updates to the one or more network-wide endpoint policies.

15.	(Previously Presented) A system comprising:
one or more processors; and
at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
receiving, by a network device local to one or more endpoints in a network environment, one or more network-wide endpoint policies implemented across one or more WAN transport networks;
configuring a first endpoint of the one or more endpoints to inject a first policy metadata into first data traffic, 

receiving, by the network device from the first endpoint, the first policy metadata injected into the first data traffic;
determining, by the network device, one or more first endpoint-specific policies for the first endpoint by evaluating the first policy metadata with respect to the one or more network-wide endpoint policies; and
locally applying, by the network device, the one or more first endpoint-specific policies to control additional data traffic associated with the first endpoint.

16.	(Original) The system of claim 15, wherein the network device is on-path in one or more traffic flows to or from the first endpoint and the network device receives the first policy metadata with the first data traffic through at least one of the one or more traffic flows.

17.	(Currently Amended) The system of claim 15, wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform further operations comprising:
receiving, at the network device, sequential policy updates to the one or more network-wide endpoint policies;

modifying, by the network device, the one or more first endpoint-specific policies based on the aggregated policy updates to generate one or more updated first endpoint-specific policies; and
applying, by the network device, the one or more updated first endpoint-specific policies to further control the additional data traffic associated with the first endpoint based on the sequential policy updates to the one or more network-wide endpoint policies.

18.	(Previously Presented) The system of claim 17, further comprising locally applying the one or more first endpoint-specific policies to control the first data traffic received at the network device from the first endpoint.

19.	(Original) The system of claim 17, wherein the first policy metadata includes either or both policy-agnostic policy metadata for the first endpoint and policy-specific policy metadata for the first endpoint.

20.	(Previously Presented) A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor, cause the processor to perform operations comprising:

configuring a first endpoint of the one or more endpoints to inject a first policy metadata into first data traffic, 
wherein the first policy metadata includes data specific to the first endpoint for locally applying policies to the first endpoint;
receiving, by the network device from the first endpoint, the first policy metadata injected into the first data traffic;
determining, by the network device, one or more first endpoint-specific policies for the first endpoint by evaluating the first policy metadata with respect to the one or more network-wide endpoint policies; and
locally applying, by the network device, the one or more first endpoint-specific policies to control additional data traffic associated with the first endpoint and the first data traffic received at the network device from the first endpoint.

21.	(Currently Amended) The system of claim 15, wherein the first policy metadata includes the data describing local operation of the first endpoint in the network environment with respect to the first data traffic.

Reason for Allowance

receiving, by a network device local to one or more endpoints in a network environment from a centralized network controller, one or more network-wide endpoint policies implemented across one or more WAN transport networks
configuring a first endpoint of the one or more endpoints to inject a first policy metadata into first data traffic
wherein the first policy metadata includes data specific to the first endpoint for locally applying policies to the first endpoint
receiving, by the network device from the first endpoint, the first policy metadata injected into the first data traffic
determining, by the network device, one or more first endpoint-specific policies for the first endpoint by evaluating the first policy metadata with respect to the one or more network-wide endpoint policies
locally applying, by the network device, the one or more first endpoint-specific policies to control additional data traffic associated with the first endpoint.




Dillon et al. (US Pub 20170155590) [0038] states “example embodiments, two or more broadband connections or paths (e.g., wide area network (WAN) transports) are used in combination (where each connection may include a link over a public broadband network such as the Internet) to achieve improved wide area network WAN connectivity.”  And, [0039] states “such embodiments, policies are employed for conveniently and effectively employing multiple (e.g., dual) broadband transports over a wide area network (WAN transports), which may be of varying quality and characteristics, for transmission of data flows (e.g., IP-flows), and automatically adapting such transmissions among the transports based on changing transmission conditions over the transports.  Such polices may be referred to herein as acceleration multipath policies or multipath WAN transport policies (which may be abbreviated herein as AMP).”

Ran et al. (US 9547726) col 5 lines 11-14 states “in preferred embodiments of the present invention, a distributed computer system comprises two or more geographically-remote local area networks (LANs) interconnected into a wide area network (WAN).  The system includes one or more file servers, which are located on respective LANs.”  Col 9 lines 9-19 states 

Starsinic et al. (US Pub 20180227221) [0096] “P-GW 908 may be notified by the PCRF (via the Gx interface) of policies that indicate which flows require metadata or service path information to be inserted.  In some cases, if the P-GW 908 has integrated TDF functionality, the P-GW 908 may be notified by the PCRF (via the St interface) of policies that indicate which flows require metadata or service path information to be inserted.”  And, [0099] states “the service path that is selected for a data flow may be 

Kavantzas et al. (US Pub 20130086626) [0006] states “actively deploying service-oriented architecture (SOA) infrastructures using web services.”  [0008] states “policies can be attached to specific client/service endpoints via ‘local’ policy attachment metadata, and/or to all endpoints that fall within a predefined scope (e.g., domain, server, application, etc.) of an SOA deployment via ‘global’ policy attachment metadata.”  [0009] states “one shortcoming with existing policy-based SOA solutions is that there is no way to conditionally attach policies to a particular policy subject at runtime.  Instead, all valid policies that are associated with the policy subject via local or global policy attachment metadata will be considered attached (and thus will be enforced) at subject runtime, regardless of the context in which the policy subject is invoked/executed.  This can be limiting in several scenarios.”  And, [0022] states “in one embodiment, modifying policy attachment metadata can comprise inserting a new XML attribute within the XML element identifying the policy subject, where the new XML attribute identifies the reference to the constraint expression.”

Evans et al. (US Pub 20190036780) [0078] states “the edge network device 410a may determine which path a traffic flow may take based on a policy.  For example, the edge network device 410a may identify metadata associated 

Bakre et al. (US Pub 20160246676) [0018] states “computing device 14 receives requests from the storage node computing devices 18(1)-18(n) to evaluate information lifecycle management (ILM) policies established by an administrator based on metadata associated with objects.  Based on the application of the ILM policies, the storage management computing device 14 determines storage locations for objects and data protection scheme(s) to use”

Gladstone et al. (US Pub 20130097318) [0042] states “when the application attempts to initiate its activities (e.g., accessing the network, requesting enterprise information, etc.), policy module 60 of endpoint 12 is configured to evaluate the metadata associated with the application.”

McLaren et al. (US Pub 20150066572) [0005] states “a computer-implemented process for an endpoint for automated fulfillment, includes:  in an Automatic Fulfillment (AF) server:  creating an endpoint on the AF server; selecting supported commands; and for each command, defining required and optional parameters and endpoint type specific implementation details; and in a Compliance Manager (CM):  running discovery to find 

According to Dictionary, “metadata” is “a set of data that describes and gives information about other data.”	

According to RTI, “the WAN Transport is for use on a WAN and includes security.  It must be used with the WAN Server, a rendezvous server that provides the ability to discover public addresses and to register and look up peer addresses based on a unique WAN ID.”   “Secure WAN Transport provides transport plugins that can be used by developers of Connext DDS applications.  These transport plugins allow Connext DDS applications running on private networks to communicate securely over a Wide-Area Network (WAN), such the internet.  There are two primary components in the package which may be used independently or together:  communication over Wide-Area Networks that involve Network Address Translation (NATs), and secure communication with support for peer authentication and encrypted data transport.”  “The Connext DDS core is transport-agnostic.”



12.	In summary, nowhere do the prior art disclose the unique combination of steps/elements listed above.  The unique combination of steps/elements listed above are a novel combination.  The definitions, presented above, provide explanation/clarification to some critical features (e.g., metadata, WAN Transport).  The prior art, either singularly or in combination fails to anticipate or render obvious the present invention.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

13.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to O. Charlie Vostal whose telephone number is 571-270-3992.  The examiner can normally be reached on 8:30am to 5:00pm EST Monday thru Friday.



Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the Public PAIR system, see http://portal.uspto.gov/pair/PublicPair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



	/ONDREJ C VOSTAL/           Primary Examiner, Art Unit 2452                                                                                                                                                                                             
	September 9, 2021