DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

General Remarks
	1/ claims 2-20 are pending
	2/ claims 2, 8 and 15 are independent
	3/ claims 9 and 10 are duplicate

Claim Objections
Claims 9 and 10 are objected to because of the following informalities:  Claims 9 and 10 are duplicate.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim 2, 6-8, 13-15, an 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wenji, “A GPU-Accelerated Network Traffic Monitoring and Analysis System”, further in view of Mantripragada (US pg. no. 20150040220), further in view of Liu (US pat. No. 9697026).
	Regarding claim 2. Wenji discloses a computing device to monitor network traffic (fig. 1 discloses network processing and monitoring system performed by a device that has both CPU and GPU for network traffic monitoring and processing), the computing device comprising: 
a graphics processing unit (II. A GPU-ACCELERATED NETWORK TRAFFIC MONITORING AND ANALYSIS SYSTEM, page 2 discloses Our GPU-based network monitoring and analysis application runs in user mode, to take advantage of the friendly GPU programming framework (e.g., CUDA or OpenCL). As shown in Figure 1, … it processes the captured network traffic and copies the packets from the CPU domain to the GPU domain (GPU). GPU of the device of fig. 1 comprises GPU).
one or more processors (II. A GPU-ACCELERATED NETWORK TRAFFIC MONITORING AND ANALYSIS SYSTEM, page 2 discloses our GPU-based network monitoring and analysis application runs in user mode, to take advantage of the friendly GPU programming framework (e.g., CUDA or OpenCL). As shown in Figure 1, it consists of four types of logical entities: Traffic Capture, Preprocessing, Monitoring and Analysis, and Output Display. Traffic Capture: It captures network traffic and moves them from the wire to the CPU domain. Traffic capture aims to capture packets without loss, even at high packet rates. CPU of device of fig. 1 corresponds to processor).
monitor the network traffic processed by one or more source in parallel with processing of the network traffic by the one or more sources (II. A GPU-ACCELERATED NETWORK TRAFFIC MONITORING AND ANALYSIS SYSTEM, page2 discloses GPU-based network monitoring and analysis as shown in Figure 1, it consists of four types of logical entities: Traffic Capture, Preprocessing, Monitoring and Analysis, and Output Display.   Traffic Capture: It captures network traffic and moves them from the wire to the CPU domain. Traffic capture aims to capture packets without loss, even at high packet rates that corresponds to processing network traffic. Preprocessing: It processes the captured network traffic and copies the packets from the CPU domain to the GPU domain. 
Monitoring and Analysis: It performs network monitoring and analysis with GPUs that corresponds to monitoring network traffic. We implemented a GPU accelerated library for network traffic monitoring and analysis. The library consists of various CUDA kernels, which can be combined in various ways to perform intended monitoring and analysis operations …A logical entity runs on a worker thread. For each type of logical entity, one or multiple worker threads are spawned. On a multicore system, each worker thread is tied to a specific core to maximize performance… these worker threads run in parallel to maximize the overall performance. Processing data for communication in addition to monitoring the traffic for anomaly detection corresponds to monitor in parallel with processing);
But, Wenji does not explicitly disclose:
transmit results of the monitored network traffic to an orchestrator; 
and receive one or more network resource recommendations from the orchestrator based on the results of the monitored network traffic.  
transmit results of the monitored network traffic to an orchestrator([0075] discloses illegitimate control or invalid transitions (anomaly) detected by the protocol anomaly module 513.  All the state properties including connection, application and session properties are recorded in a proprietary meta-data format and sent to BL engine 541 (orchestrator).  BL engine 541 performs further analysis on the meta-data and presents its recommendations back to protocol anomaly engine 513 (part of GPU).  The recommendation action is also tied to global remediation policies 561-564 that block the traffic, redirect traffic or enforce authentication challenge; [0060] Incoming packet flows are inspected in the following processes.  An untrusted flow that comes into the system is first passed to transport/real-time engines 510.  Transport/real-time engines 510 have signature engine 511, rate engine 512, protocol anomaly engine 513, stateful inspection engine 514, real-time monitor engine 515 and proxy termination (B2B UA) engine 516.  Incoming flow is broken into multiple sub-flows that are processed asynchronously and in parallel by the respective engines. Processing incoming traffic bay protocol anomaly engine corresponds to monitoring); 
		receive one or more network resource recommendations from the orchestrator based on the results of the monitored network traffic ([0075] discloses illegitimate control or invalid transitions detected by the protocol anomaly module 513 due to either bad inputs or non-conformant messages are silently recorded.  All the state properties including connection, application and session properties are recorded in a proprietary meta-data format and sent to BL engine 541 (transmitting results).  BL engine 541 performs further analysis on the meta-data and presents its recommendations back to 
		Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the Wenji with Mantripragada. The modification would allow Hardware accelerated based network processing. The modification would allow GPU accelerated processing for a fast and effective network monitoring and anomaly detection of a computationally intensive task that needs more capacity than CPU.
		But, the combination does not explicitly disclose:
monitor the network traffic processed by one or more virtual machines located on the computing device;
However, in the same field of endeavor, Liu discloses monitor the network traffic processed by one or more virtual machines located on the computing device (col. 6. Lines 17-20 discloses The service virtual machine may also monitor traffic passing through it; if it detects that no traffic is passing through it or if the traffic is halted (perhaps because of a communication channel problem) then the service virtual machine may report an anomaly);
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Liu. The modification would allow Hardware accelerated based network processing 
Regarding claim 6. The combination discloses computing device of claim 2.
Liu discloses, wherein to monitor the network traffic comprises to  monitor the network traffic based on a present topology of the one or more virtual machines (col. 5, lines 28-47 discloses in step 408 service virtual machine 162 provides one or more services to protected virtual machines 132, 134 and 136. For example, all traffic from each protected virtual machine will pass through the service virtual machine via channel 182 and hooking point 172 so that the service virtual machine acts as a firewall. In addition, the service virtual machine may provide other Layer 2 and Layer 3 services. In another example, the service virtual machine provides Layer 4 protection by providing deep packet inspection (DPI); in this situation, only certain suspect packets would be sent to the service virtual machine for vulnerability detection and prevention. Or, the service virtual machine provides application layer protection for any of the protected virtual machines (any of Layers 5, 6 or 7) such as anti-malware protection. Also, the service virtual machine may provide data loss prevention (DLP). Depending upon the type of protection offered by the service virtual machine, all the traffic from the protected virtual machine may be routed through the service virtual machine or only a portion of that traffic may be routed. Traffic may include traffic between the protected virtual machine and the outside world and traffic within the protected virtual machine. In general, traffic from both external and internal sources may be routed. Configuration Of the protected virtual machine communication corresponds to topology).  
Regarding claim 7. The combination discloses computing device of claim 2.
Liu discloses wherein the network traffic comprises network traffic originated by the computing device (col. 5, lines 28-47 discloses Depending upon the type of protection offered by the service virtual machine, all the traffic from the protected virtual machine may be routed through the service virtual machine or only a portion of that traffic may be routed. Traffic may include traffic between the protected virtual machine and the outside world and traffic within the protected virtual machine that corresponds to network traffic originated by the computing device. In general, traffic from both external and internal sources may be routed; this is configurable).  
Regarding claim 8. Wenji discloses one or more non-transitory, computer-readable storage media comprising a plurality of instructions that in response to being executed causes a computing device to: 
monitor, by a graphics processing unit, network traffic processed by one or more source in parallel with processing of the network traffic by source (II. A GPU-ACCELERATED NETWORK TRAFFIC MONITORING AND ANALYSIS SYSTEM, page2 discloses GPU-based network monitoring and analysis as shown in Figure 1, it consists of four types of logical entities: Traffic Capture, Preprocessing, Monitoring and Analysis, and Output Display. Traffic Capture: It captures network traffic and moves them from the wire to the CPU domain. Traffic capture aims to capture packets without loss, even at high packet rates that corresponds to processing network traffic.  Preprocessing: It process the captured network traffic and copies the packets from the CPU domain to the GPU domain. Monitoring and Analysis: It performs network monitoring and analysis with GPUs that corresponds to monitoring network traffic in parallel with processing network 
But, the combination does not explicitly disclose:
transmit, by the graphics processing unit, results of the monitored network traffic to an orchestrator;
receive, by the graphics processing unit, one or more network resource recommendations from the orchestrator based on the results of the monitored network traffic;
However, in the same field of endeavor, Mantripragada discloses:
	transmit, by the graphics processing unit, results of the monitored network traffic to an orchestrator (([0075] discloses illegitimate control or invalid transitions detected by the protocol anomaly engine 513 (part of GPU) due to either bad inputs or non-conformant messages are silently recorded.  All the state properties including connection, application and session properties are recorded in a proprietary meta-data format and sent to BL engine 541 (transmitting results to orchestrator).  BL engine 541 performs further analysis on the meta-data and presents its recommendations back to 
receive, by the graphics processing unit, one or more network resource recommendations from the orchestrator based on the results of the monitored network traffic ([0075] discloses illegitimate control or invalid transitions detected by the protocol anomaly engine 513 (part of GPU) due to either bad inputs or non-conformant messages are silently recorded.  All the state properties including connection, application and session properties are recorded in a proprietary meta-data format and sent to BL engine 541 (transmitting results to orchestrator).  BL engine 541 performs further analysis on the meta-data and presents its recommendations back to protocol anomaly engine 513.  The recommendation action is also tied to global remediation policies 561-564 that block the traffic, redirect traffic or enforce authentication challenge). 
		

		But, the combination does not explicitly disclose:
monitor the network traffic processed by one or more virtual machines located on the computing device;
However, in the same field of endeavor, Liu discloses monitor the network traffic processed by one or more virtual machines located on the computing device (col. 6. Lines 17-20 discloses The service virtual machine may also monitor traffic passing through it; if it detects that no traffic is passing through it or if the traffic is halted (perhaps because of a communication channel problem) then the service virtual machine may report an anomaly; col. 5, lines 28-47 discloses in step 408 service virtual machine 162 provides one or more services to protected virtual machines 132, 134 and 136. For example, all traffic from each protected virtual machine will pass through the service virtual machine via channel 182 and hooking point 172 so that the service virtual machine acts as a firewall. In another example, the service virtual machine provides Layer 4 protection by providing deep packet inspection (DPI) that corresponds to monitoring network traffic… Depending upon the type of protection offered by the service virtual machine, all the traffic from the protected virtual machine may be routed through the service virtual machine or only a portion of that traffic may be routed. Traffic may include ;
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Liu. The modification would allow Hardware accelerated based network processing in virtual network. The modification would allow an elastic system that is flexible to scale up and is hardware accelerated for computationally intensive tasks for fast and efficient processing of network data.
	Regarding claim 13. The combination discloses one or more non-transitory, computer-readable storage media of claim 8.
	All other limitations of claim 13 are similar with the limitations of claim 6 above and are rejected on the basis of claim 6.
	Regarding claim 14. The combination discloses one or more non-transitory, computer-readable storage media of claim 8.
	All other limitations of claim 14 are similar with the limitations of claim 7 above and are rejected on the basis of claim 7.
	Regarding claim 15. The combination discloses a method for monitoring network traffic, the method comprising:
	All other limitations of claim 15 are similar with the limitations of claim 8 above and is rejected on the basis of claim 8.

	Regarding claim 19. The combination discloses the method of claim 15.
	All other limitations of claim 19 are similar with the limitations of claim 6 above and is rejected on the analysis of claim 6 above.
	Regarding claim 20. The combination discloses the method of claim 15.
All other limitations of claim 20 are similar with the limitations of claim 7 above and is rejected on the analysis of claim 7 above.
Claim 3, 9, 10 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of  Wenji, “A GPU-Accelerated Network Traffic Monitoring and Analysis System”, Mantripragada (US pg. no. 20150040220), and Liu (US pat. No. 9697026), further in view of Tormasov (US pat. No. 8938723).
Regarding claim 3. The combination discloses computing device of claim 2.
Liu discloses, wherein the plurality of instructions, when executed further cause the computing device to adjust an allocation of computing resources based on the one or more network resource recommendations (fig. 420 discloses based on anomaly detected and reported at step 416, platform management instructs (recommends) protected VM to switch to other communication channel that corresponds to adjusting allocation of computing resource).
But, the combination does not explicitly disclose:
wherein to adjust the allocation of the computing resources comprises to redirect at least a portion of the network traffic to a hardware accelerator.  
	However, in the same field of endeavor, Tormasov discloses wherein to adjust the allocation of the computing resources comprises to redirect at least a portion of the network traffic to a hardware accelerator (col.9 lines 63-67 and col. 10 lines 1-4 discloses 
	Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Tormasov. The modification would allow using hardware accelerator for computationally intensive tasks in a virtual networks to effectively process computationally expensive tasks.
	Regarding claim 9. The combination discloses one or more non-transitory, computer-readable storage media of claim 8.
	All other limitations of claim 9 are similar with the limitations of claim 3 above and are rejected on the basis of claim3.
	Regarding claim 10. The combination discloses one or more non-transitory, computer-readable storage media of claim 9.
	All other limitations of claim 10 are similar with the limitations of claim 3 above and are rejected on the basis of claim 3.
	Regarding claim 16. The combination discloses the method of claim 15.
All other limitations of claim 16 are similar with the limitations of claim3 above and is rejected on the analysis of claim 3 above.
Claim 4, 11, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of  Wenji, “A GPU-Accelerated Network Traffic Monitoring and Analysis System”, Mantripragada (US pg. no. 20150040220),  Liu (US pat. No. 9697026), and Tormasov (US pat. No. 8938723), further in view of Antony (US pg. no. 20150043334).
Regarding claim 4. The combination discloses computing device of claim 3.
But, the combination does not explicitly disclose: wherein the plurality of instructions, when executed further cause the computing device to take a corrective action on network traffic to enforce compliance with a network policy in response to a determination that at least a portion of the network traffic does not comply with a network policy, the corrective Application No.: 17/185,426Examiner: TBD Attorney Docket No.: P79933-C1Art Unit: 2414 3Attorney Docket No.: P79933-C1 action comprises to manage switching policies of a virtual switch of the computing device.  
However, in the same field of endeavor, Antony discloses wherein the plurality of instructions, when executed further cause the computing device to take a corrective action on network traffic to enforce compliance with a network policy in response to a determination that at least a portion of the network traffic does not comply with a network policy, the corrective Application No.: 17/185,426Examiner: TBD Attorney Docket No.: P79933-C1Art Unit: 2414 3Attorney Docket No.: P79933-C1 action comprises to manage switching policies of a virtual switch of the computing device ([0017] In block 414, the network monitoring module 342 may be configured to identify the virtual machine coupled to any of the virtual switches 302 and 304 that generates the network storm.  In one embodiment, the network monitoring module 342 may be configured to monitor the network traffic between the virtual ports of the virtual switches (e.g., the virtual ports 305, 307, and 309) and the virtual network adapters of the virtual machines (e.g., the virtual network adapters 325, 327, and 329).  
		Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Antony. The modification would allow managing traffic away from source of anomaly for an effective data processing and communication.
	Regarding claim 11. The combination discloses one or more non-transitory, computer-readable storage media of claim 10.
	All other limitations of claim 11 are similar with the limitations of claim 4 above and are rejected on the basis of claim 4.
	Regarding claim 17. The combination discloses the method of claim 16.
All other limitations of claim 17 are similar with the limitations of claim 4 above and is rejected on the analysis of claim 4 above.
Claim 5, 12, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of  Wenji, “A GPU-Accelerated Network Traffic Monitoring and Analysis System”, Mantripragada (US pg. no. 20150040220),  Liu (US pat. No. 9697026), Tormasov (US pat. No. 8938723), and Antony (US pg. no. 20150043334), further in view of Kashyap (US pg. no. 20150195137).
Regarding claim 5. The combination discloses computing device of claim 4.
But, the combination does not explicitly disclose:
wherein to manage the switching policies of the virtual switch of the computing device comprises to  drop the network traffic that does not comply with the network policy.  
However, in the same field of endeavor, Kashyap discloses wherein to manage the switching policies of the virtual switch of the computing device comprises to  drop the network traffic that does not comply with the network policy ([0061] discloses virtual switch 310 filters data packet 402 based on a particular group policy specified in group policy 160 for communications between the VG ID returned in endpoint address and group resolution reply 324 for the source and the VG ID for VG 112 for the destination. In the example, if the particular group policy specified in group policy 160 allows communication between the identified VGs for a multicast communication, then virtual switch 310 may forward data packet 402 to both VM 114 and VM 116 according to routing specified in VM group and routing 312. In the example, VM group and routing 312 may include addresses, routing, a VG ID, and other information required by virtual switch 310 to provide an interface to the VMs on host 110. In the example, if the particular group policy specified 
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Kashyap. The modification would allow an effective system for monitoring policy violations in virtual network and enforcing corrective action for an effective quality of service.
	Regarding claim 12. The combination discloses one or more non-transitory, computer-readable storage media of claim 11.
	All other limitations of claim 12 are similar with the limitations of claim 5 above and are rejected on the basis of claim 5.
	Regarding claim 18. The combination discloses the method of claim 17.
All other limitations of claim 18 are similar with the limitations of claim 5 above and is rejected on the analysis of claim 5 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MESSERET F GEBRE whose telephone number is (571)272-8272.  The examiner can normally be reached on M-F 9:30 AM-6:00 PM.



If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 571-2701684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MESSERET F GEBRE/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445                                                                                                                                                                                                        09/13/2021