Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 2-21 are pending in this office action. 
Priority
Priority has been claimed to the provisional application 61/847,982 filed 07/18/2013.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 09/29/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims  2 and 10 are objected to because of the following informalities:
For claim 2, line 4, a semi-colon is missing at the end of line 4.
For claim 10, there are two periods incorrectly placed at the end of claim.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claims 2-21 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-14 of US application # 13/954,668, now U.S. Patent 9,461,967 (referred to as ‘967 hereinafter); and over claims 1-16 of US application # 15/250,156, now U.S. Patent 10,757,074 (referred to as ‘074 hereinafter). Although the conflicting claims are not identical, they are not patentably distinct from each other because the instant application claims are anticipated and covered by similar subject matter as that of claims 1-14 of ‘967, and of claims 1-16 of ‘074.

Instant Application 16/927,761

App# 15/250,156 (Patent# 10,757,074)

Claim 2:  A system, comprising: a processor configured to: 

receive packets associated with a new flow at a security controller from a network device, wherein the network device performs packet forwarding ;
classify the flow based on an application determined to be associated with the flow;

determine an action for the flow based on a policy; 
instruct the network device to perform the action for the flow; and 
in the event that the action is to shunt the flow, receive additional packets associated with the flow from the network device, wherein the security controller performs further inline inspection and classification of the flow, and 

wherein the shunted flow is determined to be a flow that is to be ignored or dropped based on the further inline inspection and classification of the flow; and a memory coupled to the processor and configured to provide the processor with instructions.

Claim 1:  A system for a security controller that performs packet classification for network routing, comprising: a processor configured to: 
receive packets associated with a new flow from a network device, wherein the network device performs packet forwarding; 
classify the flow, comprising to: determine application associated with the flow, comprising to: determine type of traffic related to the flow…. 
determine an action for the flow based on a policy; 
instruct the network device to perform the action for the flow; and 
in the event that the action is to shunt the flow, receive additional packets associated with the flow from the network device, wherein the security controller performs further classification of the flow, wherein an application associated with the additional packets is different from the application associated with the flow, wherein a type of traffic…
wherein the shunted flow is determined to be a flow that is to be ignored or dropped based on the further classification; and a memory coupled to the processor and configured to provide the processor with instructions.
3. (New) The system recited in claim 2, wherein the network device is a Software Defined Network (SDN) network device.

4. (New) The system recited in claim 2, wherein the policy is a security policy that includes an allow or a block rule based on an application and a user.

5. (New) The system recited in claim 2, wherein the instructing of the network device to perform the action for the flow is based on an API mechanism.

6. (New) The system recited in claim 2, wherein instructing of the network device to perform the action for the flow is based on tagging a packet associated with the flow.

7. (New) The system recited in claim 2, wherein the action is to drop the flow.

8. (New) The system recited in claim 2, wherein the action is to ignore the flow.

9. (New) The system recited in claim 2, wherein the action is to shunt the flow.

2. The system recited in claim 1, wherein the network device is a Software Defined Network (SDN) network device. 
3. The system recited in claim 1, wherein the policy is a security policy.


4. The system recited in claim 1, wherein the instructing of the network device to perform the action for the flow is based on an API mechanism. 

5. The system recited in claim 1, wherein instructing of the network device to perform the action for the flow is based on tagging a packet associated with the flow. 

6. The system recited in claim 1, wherein the action is to drop the flow. 
7. The system recited in claim 1, wherein the action is to ignore the flow. 
8. The system recited in claim 1, wherein the action is to shunt the flow.


Likewise, the instant system claim 2 is also anticipated by claim 1 of ‘967. The instant method claims 10-15 are anticipated by subject matter of claims 3, 6-12 of ‘074, and by subject matter of claims 3, 7-10 of ‘967; and the instant computer program product claims 16-21 are anticipated by claims 3, 6-8, 14-16 of ‘074, and by claims 3, 11-14 of ‘967. Further, claims 1-14 of ‘967, and claims 1-16 of ‘074 are system, method or computer program product (computer-readable medium) claims. The method claims in either application are for carrying out claimed limitations by at least one processor in a computing environment of system claims, wherein, the limitations of the instant claims are anticipated by limitations of ‘967 and ‘074. The computer program product claims carry out method steps by at least one processor in a computing environment of the system, wherein, the limitations of the instant claims are anticipated by limitations of ‘967 and ‘074. It would be obvious to be able to carry out steps of a method, using a processor of a system device or by computer executable computer program product code stored in a statutory computer readable medium executed by a processor.
This is a non-provisional non-statutory double patenting rejection because the conflicting claims have in fact been patented.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 2-21 are rejected under 35 U.S.C. 103 as being unpatentable over Kempf et al. (US 2013/0054761 A1, hereinafter Kempf), in view of Afek et al. (US 2002/0083175 A1, Afek hereinafter).
Regarding claim 2, Kempf discloses a system, comprising: a processor (Fig. 1, 3; para 0008, 0031) configured to: receive packets associated with a new flow at a security controller from a network device, wherein the network device performs packet forwarding (Fig. 1, 3, 4; para 0040, 0043, 0090, OpenFlow controller transmits or receives packets routed/forwarded through a GTP tunnel; and OpenFlow switch);
classify the flow (Fig. 3, 17; para 0041 - an incoming packet is received a lookup for a matching rule is made in the flow table 107, and flow-specific routing for classifying the flow/packets, wherein the routing is associated with specialized applications; also para 0075-0077, 0084-0085 - flow/traffic types based on various processes or protocols);
determine an action for the flow based on a policy (Fig. 5-6; para 0041-0044 - if the incoming packet matches a particular rule, the associated action defined in that flow table entry is performed on the packet); 
instruct the network device to perform the action for the flow (Fig. 2-4; para 0046-0049 - one flow table can perform QoS processing while a second flow table does routing); and
in the event that the action is to shunt the flow (Fig. 5; para 0050, 0055 - if there is no match in this table, then send packet to controller (shunting) ), receive additional packets associated with the flow from the network device, wherein the security controller performs further inline inspection and classification of the flow (Fig. 4-5 element 509; para 0049-0052 -  receiving packets and looking for match, and continue to next table or next steps in case of match to further inspect/analyze the packets associated with the flow as received for inspection inline by the switch; para 0075-0077, 0084-0085 - flow/traffic types based on various processes or protocols); and
a memory coupled to the processor and configured to provide the processor with instructions (Fig. 1, 3; para 0027, 0031).    
Although Kempf discloses routing of flow based on specialized applications wherein it is obvious or implied to know which the specialized applications are or receiving an indication towards the same, Kempf does not explicitly disclose, however Afek discloses classifying the flow based on an application determined to be associated with the flow (para 0020-0021, 0027 - traffic flow associated with specific associated service/application and classified according to that); and wherein the shunted flow is determined to be a flow that is to be ignored or dropped based on the further inline inspection and classification of the flow (para 0342-0345 - first isolated or separated traffic based on various factors including source/application or service associated with the flow, and then packets dropped upon shunted flow; also para 0105-0106, 0331).
Based on Kempf in view of Afek, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Afek in the system of Kempf, in order to associate network data flow with various factors such as source and application or service associated therewith, in order to expand the network traffic data analysis process to handle many of the common situations including allowing, denying or specifically handling the incoming data packets based on factors that impact the quality of network data coming in, thereby keeping the system more efficient and secure.

For claim 3, Kempf in view of Afek teaches the claimed subject matter as discussed above. Kempf further discloses wherein the network device is a Software Defined Network (SDN) network device (Fig. 1, 3; para 0042-0043 - OpenFlow switch as well as other software-based network components).

For claim 4, Kempf in view of Afek teaches the claimed subject matter as discussed above. Kempf further discloses wherein the policy is a security policy that includes an allow or a block rule based on specialized application (Fig. 6, 16; para 0041-0044, 0050-0051 - rule 201 contains source and destination Ethernet MAC addresses, source and destination IP addresses, IP protocol type number, incoming and outgoing TCP or UDP port numbers, wherein an incoming packet is received a lookup for a matching rule is made in the flow table 107, and flow-specific routing for classifying the flow/packets, wherein the routing is associated with specialized applications; also para 0075-0077, 0084-0085 - flow/traffic types based on various processes or protocols). Kempf does not disclose however Afek discloses classification and action rules based on an application and a user (para 0020-0021, 0027 - traffic flow associated with specific associated service/application and/or user, and classified according to that).

For claim 5, Kempf in view of Afek teaches the claimed subject matter as discussed above. Kempf further discloses wherein the instructing of the network device to perform the action for the flow is based on an API mechanism (para 0071, 0077 - the OpenFlow controller configures the standard OpenFlow switches, the OpenFlow SGSN 1215, and GGSN 1211 with flow rules and actions to enable the routing requested by the control plane entities).

For claim 6, Kempf in view of Afek teaches the claimed subject matter as discussed above. Kempf further discloses wherein instructing of the network device to perform the action for the flow is based on tagging a packet associated with the flow (Fig. 5; para 0050-0051 - OpenFlow 1.1 contains support for packet tagging, allows matching based on header fields and MPLS labels).

For claim 7, Kempf in view of Afek teaches the claimed subject matter as discussed above. Kempf further discloses wherein the action is to drop the flow (Fig. 5; para 0046, 0050 - the action that is defined by the OpenFlow 1.0 is drop the packet).

For claim 8, Kempf in view of Afek teaches the claimed subject matter as discussed above. Kempf further discloses wherein the action is to ignore the flow (Fig. 5; para 0046, 0050 - the action that is defined by the OpenFlow 1.0 is drop (i.e. ignore) the packet).

For claim 9, Kempf in view of Afek teaches the claimed subject matter as discussed above. Kempf further discloses wherein the action is to shunt the flow (Fig. 5; para 0050, 0055 - if there is no match in this table, then send packet to controller (shunting)).

As to claim 10, the claim limitations are similar to those of claim 2, except the instant claim 10 is drawn to a method that may be performed by the system of claim 2 according to method steps claimed in claim 2. Therefore claim 10 is rejected according to claim 2 above.

As to claims 11-14, the claim limitations are similar to those of claims 3-6 respectively. Therefore claims 11-14 are rejected according to claims 3-6 resp. as above.
As to claim 15, the claim limitations are similar to those of any of the claims 7-9. Therefore claim 15 is rejected according to claims 7-9 above.

As to claim 16, the claim limitations are similar to those of claim 2, except the instant claim 16 is drawn to a computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions (see Kempf - Fig. 1, 3; para 0031, 0042) for performing the method by the system of claim 2 according to method steps claimed in claim 2. Therefore claim 16 is rejected according to claim 2 above.

As to claims 17-20, the claim limitations are similar to those of claims 3-6 respectively. Therefore claims 17-20 are rejected according to claims 3-6 resp. as above.

As to claim 21, the claim limitations are similar to those of any of claims 7-9. Therefore claim 21 is rejected according to claims 7-9 above.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433