Detailed Action
This office action has been issued in response to an amendment filed 9/17/2021 and Examiner’s Interview conducted 9/22/2021.  Claims 1, 5-6, 8, 12-13, 15 and 18-19 were amended. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/17/2021 for application number 16/748,629 has been entered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Obert Chu, Reg. No. 52744, on 9/22/2021.
Claims 1, 8 and 15 have been amended.  
This application has been amended as follows:
In the claims:
1. (Currently Amended) A system, comprising:
a processor configured to: 
monitor network traffic on a service provider network at a security platform to identify a subscriber of a plurality of subscribers with a new IP flow, wherein the plurality of subscribers includes a first subscriber and a second subscriber, and wherein the security platform is configured to monitor and/or communicate on one or more 3rd Generation Partnership Project (3GPP) related interfaces; 
associate the subscriber with the new IP flow at the security platform and select a security policy to apply at the security platform to the new IP flow based on the subscriber, wherein the selecting of the security policy to apply at the security platform to the new IP flow is based on the first subscriber or the second subscriber, and wherein a first security policy associated with the first subscriber is different from a second security policy associated with the second subscriber; 
apply dynamic policy per the new IP flow with the security policy for IP addresses associated with the subscriber on the service provider network based on one or more messages intercepted between network elements on a mobile core network of the service provider network during passive monitoring of the network traffic at the security platform using one or more 3GPP related interfaces, wherein the dynamic policy is applied or modified in near real-time for the subscriber without requiring one or more manual configuration changes on the security platform, and wherein the one or more manual configuration changes comprise URL filtering, and/or malware content protection; and 
enforce the security policy on the new IP flow using the security platform to block the new IP flow to access a resource based on the security policy; and
a memory coupled to the processor and configured to provide the processor with instructions. 
8. (Currently Amended) A method, comprising:
monitoring network traffic on a service provider network at a security platform to identify a subscriber of a plurality of subscribers with a new IP flow, wherein the plurality of subscribers includes a first subscriber and a second subscriber, and wherein the security platform is configured to monitor and/or communicate on one or more 3rd Generation Partnership Project (3GPP) related interfaces; 
associating the subscriber with the new IP flow at the security platform and selecting a security policy to apply at the security platform to the new IP flow based on the subscriber, wherein the selecting of the security policy to apply at the security platform to the new IP flow is based on the first subscriber or the second subscriber, and wherein a first security policy associated with the first subscriber is different from a second security policy associated with the second subscriber;
applying dynamic policy per the new IP flow with the security policy for IP addresses associated with the subscriber on the service provider network based on one or more messages intercepted between network elements on a mobile core network of the service provider network during passive monitoring of the network traffic at the security platform using one or more 3GPP related interfaces, wherein the dynamic policy is applied or modified in near real-time for the subscriber without requiring one or more manual configuration changes on the security platform, and wherein the one or more manual configuration changes comprise URL filtering, and/or malware content protection; and
enforcing the security policy on the new IP flow using the security platform to block the new IP flow to access a resource based on the security policy.

15. (Currently Amended) A computer program product, the computer program product being embodied in a non-transitory tangible computer readable medium and comprising computer instructions for:
monitoring network traffic on a service provider network at a security platform to identify a subscriber of a plurality of subscribers with a new IP flow, wherein the plurality of subscribers includes a first subscriber and a second subscriber, and wherein the security platform is configured to monitor and/or communicate on one or more 3rd Generation Partnership Project (3GPP) related interfaces; 
associating the subscriber with the new IP flow at the security platform and selecting a security policy to apply at the security platform to the new IP flow based on the subscriber, wherein the selecting of the security policy to apply at the security platform to the new IP flow is based on the first subscriber or the second subscriber, and wherein a first security policy associated with the first subscriber is different from a second security policy associated with the second subscriber;
applying dynamic policy per the new IP flow with the security policy for IP addresses associated with the subscriber on the service provider network based on one or more messages intercepted between network elements on a mobile core network of the service provider network during passive monitoring of the network traffic at the security platform using one or more 3GPP related interfaces, wherein the dynamic policy is applied or modified in near real-time for the subscriber without requiring one or more manual configuration changes on the security platform, and wherein the one or more manual configuration changes comprise URL filtering, and/or malware content protection; and
enforcing the security policy on the new IP flow using the security platform to allow the new IP flow to access a resource based on the security policy. 

Response to Arguments
Applicant’s arguments, see page 8 in Remarks, filed 9/17/2021, with respect to amended claims 1, 8 and 15, and dependent claims as being rejected under 35 U.S.C. 103(a) as being unpatentable over Archer (US 2011/0289564 A1) in view of Ventimiglia (US 2013/0310030 A1), further in view of Rash (US 2014/0282823 A1), have been fully considered and are found persuasive.  These rejections have been withdrawn.

Allowable Subject Matter
Claims 1-20 are allowed in light of the Applicant’s arguments and in light of the prior art made of record.

Reasons for Allowance
The following is an examiner’s statement for reasons for allowance:
Newly amended independent claims 1, 8 and 15 are allowed for reasons argued by applicant in page 8 of the Remarks, filed 9/17/2021, and for reasons explained below.
As to independent claims 1, 8 and 15, the prior art including Archer (US 2011/0289564 A1), Ventimiglia (US 2013/0310030 A1) and Rash (US 2014/0282823 A1), alone or in combination, fails to anticipate or render obvious the claimed invention.  
Archer (prior art on the record) teaches applying a security policy on a per user or resource level granularity based on the resource and identification from a network device based on information received and blocking, based on the security policy or policies, access to resources/applications by the user of the network device communicating with the authentication server.
Ventimiglia (prior art on the record) teaches providing connectivity between a core network and user equipment using 3GPP networks.
Rash (prior art on the record) teaches A policy based dynamic mirroring function involving snooping flows of network traffic while monitoring the flows of the network at an intrusion detection system.
Additionally, Paul (US 2013/0247167 A1), teaches a method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block 
Additionally, Sobel (US 7647622 B1), teaches a method involving a risk profile which is used to dynamically set and update a security policy, e.g., a security policy setting, permitting security policy aggressiveness for an associated computer system and/or a user to be dynamically increased or decreased over time based on the risk profile.
Additionally, Yan (US 2015/0319138 A1), teaches a method for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file based on a predefined security policy.
None of the prior art of record cited above teaches the non-obvious features of the present invention: “wherein the dynamic policy is applied or modified in near real-time for the subscriber without requiring one or more manual configuration changes on the security platform, and wherein the one or more manual configuration changes comprise URL filtering, and/or malware content protection;”
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.

Conclusion
Therefore, claims 1-20 are hereby allowed in view of applicant’s persuasive arguments and in light of amendment to the claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should be preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357.  The examiner can normally be reached on Monday - Friday 0700-1700 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-


/B.I.N./Examiner, Art Unit 2438  

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498