DETAILED ACTION

1.	This Office Action is in response to an application filed on Dec. 11, 2019. The original filing includes claims 1-20. Therefore, Claims 1-20 are presented for examination. Now claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Drawings
3.	The drawings filed on Dec. 11, 2019 are accepted.

Priority
4.	Applicant Claims NO priority on the instant application.
 
Oath/Declaration
5.	For the record, the Examiner acknowledges that the Oath/Declaration submitted on Dec. 11, 2019 has been accepted.

Information Disclosure Statement
6.	The information disclosure statement (IDS) submitted on 05/18/2020, is in compliance with the provisions of 37 CFR 1.98(b). Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
7.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


8.	Claims 1-9, 11-12-19, and 14-19 are not patent eligible for directed to an abstract idea.
9.	Method claim 1 rejected under 35 U.S.C. 101 because the claimed invention of applying intrusion detection rules to packet in a network is directed to an abstract idea without significantly more. The claim recites at a first infrastructure device of the network, applying a first portion of the intrusion detection rules to the packet; and at a second infrastructure device of the network, applying a second portion of the intrusion detection rules to the packet, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “first and second infrastructure device of the network,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “first and second infrastructure device of the network” language, “applying, first and second portion of rules to the packet” in the context of this claim encompasses the steps from practically being performed in the mind.
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within 
This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using first and second infrastructure device of the network to perform applying, first and second portion of rules to the packet the results steps. First and second infrastructure device of the network in all the steps is recited at a high-level of generality (i.e., as a generic infrastructure device performing a generic computer function of applying the rules) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using first and second infrastructure device of the network to perform applying, first and second portion of rules to the packet steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claim 2-7 further recite details of providing the packets by multicast transmission by routing algorithm that tagging the packets and determine if the rules have been applied to the packets, does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea and does not add significantly more limitation. This limitation merely further the abstract idea. 
Claims 8-9 and 11 further recite details of infrastructure device based on an overlay that comprises IPv6, does not integrate the abstract idea into a practical application because it does 
10.	Claims 12, 14-19 are system claims, that includes a non-transitory, computer-readable storage medium storing, recite substantially the same limitations as claims 1-9 and 11 and the use of infrastructure device that includes computer-readable storage medium storing do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Hence, claims 12, 14-19 do not add significantly more limitations and are rejected with the same rationale as method claims 1-9 and 11 above.

Claim Rejections - 35 USC § 102
11.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

12.	Claims 1-20 are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by Nirmala et al. U.S. 10,880,121 hereinafter “Nirmala” Filed Mar. 29, 2019.

Regarding claim 1, Nirmala teaches: A method of applying intrusion detection rules to a packet in a network (Nirmala, first see col. 2 lines 32-67 and for intrusion detection rules examiner equates rules to QoS policies (see col. 1 lines 50-63), “a method includes receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network”), comprising: 
at a first infrastructure device of the network, applying a first portion of the intrusion detection rules to the packet (Nirmala, Examiner note: the first portion of the intrusion detection rule is equated to provide a network overlay over layer 3 core network using tunneling protocol; see col. 2 line 32-46, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol, and wherein the first PE device for the source network and a second PE device for the destination network are peer tunneling endpoints of a tunnel for the tunneling protocol; deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulating, by the first PE device, the QoS behavior to the packet; encapsulating, by the first PE device, an outer tunnel transport header that identifies the peer tunneling endpoints to the packet”; then see col. 6 lines 35-48 and col. 8 lines 17-43); and
at a second infrastructure device of the network, applying a second portion of the intrusion detection rules to the packet (Nirmala, Examiner note: the second portion of the intrusion detection rule is equated to drive a quality of service applied to the second network device when injecting the packet to destination network via encapsulation; see col. 2 line 51-65, “receive configuration data that configures the network device to provide a network overlay over a layer 3 core network using a tunneling protocol, wherein the network device for a source network and a second network device for a destination network are peer virtual tunneling endpoints for a tunnel of the tunneling protocol; receive a layer 2 (L2) packet from the source network that is destined for the destination network; derive a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulate the QoS behavior to the packet; encapsulate an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and send the encapsulated packet through the tunnel 65 to the second network device”; then see col. 6 lines 35-48 and col. 8 lines 17-43). 

Regarding claim 2, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: provide the packet to the first infrastructure device and to the second infrastructure device by a multicast transmission of the packet (Nirmala, see col. 5 lines 30-41, “PEs 10 may implement VXLAN that provides a tunneling scheme to overlay L2 networks on top of L3 networks. VXLANs 35 establish tunnels for communicating traffic, e.g., L2 broadcast, unknown unicast, and multicast (BUM) packets”).

Regarding claim 3, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: providing the packet from the first infrastructure device to the second infrastructure device (Nirmala, see col. 2 lines 40-49, “deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulating, by the first PE device, the QoS behavior to the packet; encapsulating, by the first PE device, an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and sending, by the first PE device, the encapsulated packet through the tunnel to the second PE device.”).

Regarding claim 4, Nirmala teaches all the limitations of claim 3. Further Nirmala teaches: wherein providing the packet from the first infrastructure device to the second infrastructure device is according to a routing algorithm (Nirmala, see col. 4 lines 1-24, “PEs 10 may exchange routing information via intermediate network 12 and process the routing information, selecting paths through its representation of the topology of the intermediate network 12 to reach all available destinations to generate forwarding information”). 

Regarding claim 5, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: at the first infrastructure device, tagging the packet to indicate the first portion of the intrusion detection rules have been applied to the packet (Nirmala, see col. 2 lines 15-18 “provide ; and at the second infrastructure device, tagging the packet to indicate the second portion of the intrusion detection rules have been applied to the packet (Nirmala, first see col. 2 lines 1-21, “by encapsulating a QoS behavior within the tagging packet frame, the QoS behavior can be sent across any type of tunnel (i.e., tunnel protocol agnostic)” and col. 8 lines 1-5, “PE 10 A may encapsulate the QoS behavior 24 within a tagging packet frame, such as a tagging packet frame in accordance with the 802.lQ tag format. As one example, an 802.lQ packet may comprise a Tag Protocol Identifier (TPID) that identifies the packet as an IEEE 802.1 Q-tagged frame ”; then see col. 9 lines 35-48, “lQ packet may comprise 32 bits with 16 bits reserved for the TPID ("Reserved TPID 207A"). The reserved TPID 207A may be 16 bits set to a value of Ox8xxx to identify the frame as an IEEE 802.1 Q-tagged frame. The remaining 16 bits of the 802.1 Q packet is used to denote the QoS behavior 207B ("QOS 207B"). As one example implementation, QOS 207B may be 5 bits of the remaining 16 bits used to denote the QoS behavior derived by the source tunneling endpoint. More specifically, the source tunneling endpoint may set the first 3 bits ofQOS 207B as the priority class 207C and set the following 2 bits as the drop precedence 207D. The remaining 11 bits ("Reserved 207E") may be used to carry other information, such as other QoS policy derivatives”).

Regarding claim 6, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: at the first infrastructure device, determining that the second portion of the intrusion detection rules have not been applied to the packet; and providing the packet from the first infrastructure device to the second infrastructure device based at least on a result of the determination (Nirmala, see col. 12 lines 34-44 “where PE device 200 is a destination tunneling endpoint (e.g., PE 10 B of FIG. 1), PE device 200 may receive an encapsulated packet from a source tunneling endpoint via one of inbound links 312. Forwarding engine 306 may de-encapsulate the packet and determine the QoS behavior value encapsulated to the packet. Forwarding engine 306 forwards the . 

Regarding claim 7, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: wherein the determining further includes determining an efficacy of the intrusion detection rules that have been applied to the packet (Nirmala, see FIG. 4 item 412 along with col. 13 lines 19-38, “when PE 10 B receives the encapsulated packet, PE 10 B may de-encapsulate the outer tunnel transport header and determine the QoS behavior encapsulated to the packet without re-deriving the QoS behavior based on customer/tenant specific QoS policies for the destination network (412). For example, PE 10 B may de-encapsulate the packet and determine the priority class and drop precedence of the QoS behavior derived by PE 1 0 A without having to re-derive the priority class and drop precedence based on customer/tenant specific QoS policies”). 

Regarding claim 8, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: providing the packet from the first infrastructure device to the second infrastructure device based at least on an overlay to which the packet belongs (Nirmala, see col. 2 lines 32-40, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein 35 the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol”; also see col. 5 lines 30-40; col. 6 lines 1-7; col. 8 lines 20-31 ….). 

Regarding claim 9, Nirmala teaches all the limitations of claim 8. Further Nirmala teaches: wherein the overlay comprises one of a group of VKLAN with security header, VXLAN without security header, IPv6 or VLAN. (Nirmala, see col. 8 lines 17-31,  “PE 10 B, a source IP . 

Regarding claim 10, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: wherein: the overlay is a first overlay; and the method further comprises providing the packet from the second infrastructure device to a third infrastructure device, based on a second overlay that is different from the first overlay (Nirmala, first see FIG. 1 item 12 as first infrastructure network along with col. 4 lines 25-26 that discloses intermediate network 12 that represent a service provider; then see col. 6 lines 8-48 that discloses item 12 will implement first overlay through either IPv6 protocol or VXLAN header to PEs 10 (PE10A (where item 12 implement overlay to second infrastructure device) and PE10B (through the header of VXLAN tunnel to destination as second overlay that the values in the header are different that the header in source header that is considered as third infrastructure device))  “FIG.1 where PEs 10 provide VXLAN, PEs 10 operate as tunneling endpoints (VTEPs) for the VXLAN tunnel 16 to encapsulate VXLAN traffic and de-capsulate VXLAN traffic when it leaves the VXLAN tunnel. For example, PE 10 A may receive L2 traffic from customer network A, and encapsulate the L2 traffic with a VXLAN header to tunnel the traffic across VXLAN tunnel 16 to a destination VTEP, e.g., PE 10 B. In this way, PEs 10 provide an EVPN-VXLAN network overlay using a VLXAN underlay to transport L2 communications, such as Ethernet packets or "frames," for customer networks 6, in a transparent manner, i.e., as if the core network 12 does not exist and customer networks 6 were instead directly connected”; also see col. 8 lines 17-32).  

Regarding claim 11, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: the second infrastructure device applies the second portion of the intrusion detection rules based at least on the overlay to which the packet belongs (Nirmala, see col. 8 lines 17-43 that discloses PE 10 A as second infrastructure device how to encapsulate the packet with the outer tunnel applies second portion of the intrusion detection rules)).  

Regarding claim 12, this claim defines a system claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Furthermore, Nirmala in col. two lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 1. 

Regarding claim 13, this claim defines a system claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 2.

Regarding claim 14, this claim defines a system claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 3. 

Regarding claim 15, this claim defines a system claim that corresponds to method claim 4 and does not define beyond limitations of claim 4. Furthermore, Nirmala in col. 2 lines 

Regarding claim 16, this claim defines a system claim that corresponds to method claim 5 and does not define beyond limitations of claim 5. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 5. 

Regarding claim 17, this claim defines a system claim that corresponds to method claim 6 and does not define beyond limitations of claim 6. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 6. 

Regarding claim 18, this claim defines a system claim that corresponds to method claim 7 and does not define beyond limitations of claim 7. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 7. 

Regarding claim 19, this claim defines a system claim that corresponds to method claim 8 and does not define beyond limitations of claim 8. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 8. 

Regarding claim 20, this claim defines a system claim that corresponds to method claim 10 and does not define beyond limitations of claim 10. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 10. 

Examiner note:
13.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.
Conclusion
14.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Willebeek-LeMair et al. US 20110099631 A1 discloses two packet processing devices are present, both capable of processing data packets flowing therethrough, such as, inspecting, detecting, and filtering data packets pursuant to one or more filters from a filter set.	
Vasudeo et al. 2015 International Conference on Smart Technologies and Management
for Computing, Communication, Controls, Energy and Materials (ICSTM), “IMMIX-Intrusion Detection and Prevention System” disclose using wireless based system we can monitor companies wireless network for wifi based attacks and prevent them.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884. The examiner can normally be reached on M-F 8AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/