PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/748,967
Filing Date: 01 Jan 2020
Appellant(s): Krauss et al.



__________________
LAWRENCE A. BARATTA, JR. (Reg. No. 59,553)
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed on 10/7/2021.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 5/14/2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”	

WITHDRAWN REJECTIONS
The following grounds of rejection are not presented for review on appeal because they have been withdrawn by the examiner: (NONE).

(2) Response to Argument
In the brief, the appellant’s arguments are:
1.	Rejection 1 – Independent Claims 1, 9 and 17, DiValentin, Ramanujan, and Araujo fail to suggest “the flow of traffic on the isolated network slice being isolated for the flow of the malicious traffic.”
With respect to this first argument, Appellant points to Ramaujan at Col. 5, line 57 which describes the creation of a new VPN tunnel with a new label to accommodate the desired traffic on the network, while attack traffic that is being used to flood the network still carries the old label and is unable to access the new VPN tunnel. From this, Appellant reasons that in Ramanujan the new VPN tunnel is created for only non-malicious traffic. Appellant further argues that Araujo does not “route traffic on an 
Examiner submits that to determine if Ramanujan or Araujo teaches “the flow of traffic on the isolated network slice being isolated for the flow of the malicious traffic”, it is necessary to establish what a “network slice” is and what it means to isolate a “network slice”. From the specification of the instant application at [0024], a network slice is defined as “a set of connection resources (e.g. network functions and network device partitions), that are allocated to a particular flow of traffic (e.g. a particular domain)”, further, a “flow of traffic” is defined as a set of traffic following a path through the network and directed to a network resource”. Examiner submits that given these broad definitions of “network slice” and “flow of traffic”, Araujo teaches “the flow of traffic on the isolated network slice being isolated for the flow of the malicious traffic” (Examiner Note: the issue of whether Ramanujan teaches this limitation is moot given that Araujo was introduced to teach this limitation). Examiner points to the cited paragraph [0052] of Araujo from the Final Rejection dated 5/14/2021 on Page 4; which describes the isolation of attack traffic by isolating elements and physical locations in the network. This includes a localization process that identifies “network elements or physical locations associated with the attack traffic” and localizes attack traffic to a particular “backhaul network, ISP, end user device or collection of end users devices.” See id. Araujo specifically describes the isolation of networks or endpoints with attack traffic in this process including partitioning particular traffic in network devices like caches. Compare id. with [0024], line 5 of the specification of the instant application – “network device partitions”. All of these components described in Araujo fit under the isolated with respect to an “isolated network slice” in the specification of the instant application therefore, the standard definition applies as it does in Araujo.
Therefore, Examiner maintains that the combination of DiValentin, Ramanujan and Araujo teaches “the flow of traffic on the isolated network slice being isolated for the flow of the malicious traffic”.
2.	With respect to Rejection 1 – Independent Claims 1, 9 and 17, DiValentin, Ramanujan, and Araujo fail to suggest “a deceptive network resource along the isolated network slice.”
 First, Appellant agrees that DiValentin teaches creating a honeypot environment in response to attack traffic. However, Appellant disagrees that the combination of DiValentin and Ramanujan teaches “a deceptive network resource along the isolated network slice”. Appellant reasons that Ramanujan creates a new VPN tunnel ONLY for non-malicious traffic; “that is, an attacker in Ramanujan would not be on the isolated slice, but on the network and non-attack traffic would be on the isolated slice.
Examiner submits that Araujo discloses isolating networks and endpoints associated with attack traffic and subsequently mitigating the attack traffic. See Araujo at [0052] (Examiner Note: given Appellant’s reasoning differentiating non-malicious and malicious traffic, it is important to point out that Araujo not Ramanujan was used in this combination to teach the isolation of the network slice for attack traffic). These networks and endpoints could be modified in combination with the honeypot/deception network  see Abstract, [0003] and [0005], whereby the topology of the networks and endpoints are changed to reroute attack traffic to the honeypot environment for analysis. See id.
Therefore, Examiner maintains that the combination of DiValentin, Ramanujan and Araujo teaches “a deceptive network resource along the isolated network slice”.
3.	Rejection 2 – Dependent Claims 5, 13 and 19, DiValentin, Ramanujan, and Araujo fail to suggest “the isolated network slice is configured between the source node and the deceptive network resource.”
With respect to this argument, Appellant reiterates that the teachings of Ramanujan is for an isolated network slice for non-attack traffic. Therefore, Appellant concludes that the combination fails to suggest this limitation, reasoning “that is, an attacker in Ramanujan would not be on the isolated slice, but on the network and non-attack traffic would be on the isolated slice”.
Examiner submits that like the above argument, Appellant has not addressed the reference Araujo which specifically teaches isolating a network slice for attack traffic. See Araujo at [0052]. These isolated networks would be situated between the attacker source and the isolated endpoint, see id., which has been modified and combined with the honeypot deception system taught in DiValentin. See DiValentin at [0003] and [0005].
Therefore, Examiner maintains that the combination of DiValentin, Ramanujan and Araujo teaches “the isolated network slice is configured between the source node and the deceptive network resource”.
4.	Rejection 3 – Dependent Claim 6 and 14, DiValentin, Ramanujan, and Araujo, there is no suggestion to combine because there is a conflict between the teachings in the reference.
Dependent claims 6 and 14 recite: 
wherein the deceptive network resource is created responsive to the detection of the malicious traffic in the network, appears as a target network resource of the malicious traffic to the source node, and deflects the source node away from the target network resource.

Appellant reiterates the argument presented above that “an attacker in Ramanujan would not be on the isolated slice, but on the network and non-attack traffic would be on the isolated slice; reasoning thus, the source node (Appellant's attacker) would not have visibility of the deceptive network resource in the combination as taught.
Examiner submits that whether Ramanujan teaches isolating a network slice specifically for attack traffic is moot given that Araujo was introduced to teach this limitation. Furthermore, with respect Appellant’s reasoning against the combination, both DiValentin and Araujo teach configuring, localizing and rerouting of attack traffic to the isolated endpoints which would be modified/combined with the honeypot deception system taught in DiValentin. See DiValentin at [0003] and [0005] and Araujo at [0052].
Therefore, Examiner maintains that there is no conflict in the combination of DiValentin, Ramanujan and Araujo.


	Conclusion
For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        
Conferees:
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493                                                                                                                                                                                                        
/Victor Lesniewski/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        


Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.