DETAILED ACTION
	This office action is in response to the application filed on 3/17/2020 in which claims 1-20 are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 2, 6-9, 13-16, and 20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Cooper et al. (WO-2015041706-A1).
As to claims 1, 8, and 15, Cooper teaches a computer-implemented method for pre-filtering traffic in a logical network, comprising: (abstract  providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic)
receiving, by a hypervisor, a packet from a virtual computing instance (VCI); ([0004] OpenFlow allows direct access to and manipulation of the forwarding plane of network devices such as switches and routers, both physical and virtual (hypervisor-based) Fig. 3A [0095] In some embodiments, at least one of the one or more SDN switches such as SDN switch 906 is configured to rewrite zero or more fields of the packets of the network traffic to indicate to the security appliance the switch port or security zone the packet was originally received and/or to direct the packets to bypass the security appliance fig. 9).
determining, by the hypervisor, a service path for the packet based on a service table; ([0095] SDN switch 906 routes a data flow from server 908a though security appliance 902 before reaching server 908b. SDN switch 906 routes a data flow from server 908c to 908d and bypasses security appliance 902 in response to one or more security policies from security appliance 902. The security policies instructs SDN controller 904 to configure SDN switch 906 accordingly.)
setting, by the hypervisor, a pre-filter component as a next hop for the packet based on the service path; ([0095] In some embodiments, at least one of the one or more SDN switches such as SDN switch 906 is configured to rewrite zero or more fields of the packets of the network traffic to indicate to the security appliance the switch port or security zone the packet was originally received and/or to direct the packets to bypass the security appliance fig. 9).
receiving, by the pre-filter component, the packet; (Fig. 9 routes packets going through the SDN switch)
making a determination, by the pre-filter component, of whether the packet requires processing by the security component; and ([0095] SDN switch 906 routes a data flow from server 908a though security appliance 902 before reaching server 908b. SDN switch 906 routes a data flow from server 908c to 908d and bypasses security appliance 902 in response to one or more security policies from security appliance 902. The security policies instructs SDN controller 904 to configure SDN switch 906 accordingly.)
performing, by the pre-filter component, based on the determination, one of: forwarding the packet to its destination and bypassing the security component; or forwarding the packet to the security component. ([0095] SDN switch 906 routes a data flow from server 908a though security appliance 902 before reaching server 908b. SDN switch 906 routes a data flow from server 908c to 908d and bypasses security appliance 902 in response to one or more security policies from security appliance 902. The security policies instructs SDN controller 904 to configure SDN switch 906 accordingly.)
As to claims 2, 9, and 16, Cooper teaches the computer-implemented method of claim 1, wherein determining, by the hypervisor, the service path for the packet based on the service table comprises determining, by the hypervisor, that the packet meets a condition that is associated with the service path in the service table. ([0097] 4) SDN controller 1004 modifies flow table of affected switches 5) SDN switch(s) (e.g., ToR Switch 1008a) establishes optimized route for flow fig. 10 [0069] Forward packets from one port of the switch to one or more ports of a switch, based on its flow tables; Drop packets with particular packet characteristics from one or more switch ports, based on its flow table)
As to claims 6, 13, and 20, Cooper teaches the computer-implemented method of claim 1, further comprising: determining by the security component based on the packet how to handle subsequent packets in a flow associated with the packet; and (Cooper [0031] a security appliance may filter or process packets based on characteristics of packets according to the security model. [0053] security appliance 310 notifies SDN controller 308 to implement fast path 314 which bypasses the security appliance by removing the flows previously added to implement routes 312a and 312b and inserting flows to implement route 314, so that the data flow goes directly from point A 302 to point B 304 through SDN switch 306.)
As to claims 7 and 14, Cooper teaches the computer-implemented method of claim 6, wherein reconfiguring the hypervisor to bypass the pre-filter component and the security component for the subsequent packets comprises performing flow programming. (Cooper [0053] security appliance 310 notifies SDN controller 308 to implement fast path 314 which bypasses the security appliance by removing the flows previously added to implement routes 312a and 312b and inserting flows to implement route 314, so that the data flow goes directly from point A 302 to point B 304 through SDN switch 306.)



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

Claims 3-5, 10-12, and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cooper in view of Isaev et al. (US20200204519A1).
As to claims 3, 10, and 17, Cooper teaches the computer-implemented method of claim 1, 
But does not specifically teach:
wherein making the determination, by the pre-filter component, of whether the packet requires processing by the security component comprises determining whether the packet is a handshake packet.
However Isaev teaches wherein making the determination, by the pre-filter component, of whether the packet requires processing by the security component comprises determining whether the packet is a handshake packet. (Fig. 2A 254 and Fig. 3 320 [0069]-[0080] the initial handshake packets are processed then after handshake is completed (discovery) based on a decision packets can or cannot bypass security)
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the security of Cooper with the methods from Isaev in order to improve performance and increase connection speed.
As to claims 4, 11, and 18, Cooper in view of Isaev teaches the computer-implemented method of claim 3, wherein: if the packet is a handshake packet, the pre-filter component forwards the packet to the security component; and if the packet is not a handshake packet, the pre-filter component forwards the packet to its destination and bypasses the security component. (Isaev Fig. 2A 254 and Fig. 3 320 [0069]-[0080] the initial handshake packets are processed then after handshake completion (discovery) based on a decision packets can or cannot bypass security)
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the security of Cooper with the methods from Isaev in order to improve performance and increase connection speed.
As to claims 5, 12, and 19, Cooper in view of Isaev teaches the computer-implemented method of claim 3, wherein determining whether the packet is a handshake packet is based on a header of the packet. (Cooper [0070] Forward packets from one port of the switch to one or more ports of a switch, based on its flow tables; Drop packets with particular packet characteristics from one or more switch ports, based on its flow tables; Replace zero or more fields in packets with particular characteristics, based on its flow tables (i.e., possibly rewriting field(s) in packets, [0031] a security appliance scans or inspects packet headers and/or payload)


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELTON S WILLIAMS whose telephone number is (571)272-9933. The examiner can normally be reached 8-4 Mon-Fri.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Elton Williams/Examiner, Art Unit 2465