DETAILED ACTION

1.	This Office Action is in response to the amendment filed on Jan. 14, 2022. Claims 1, 12 and 13 are amended. Claims 1-20 are presented for examination. Now claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Applicant’s Arguments
3.	Applicant’s arguments regarding the rejection of the claims 1-9, 11, 12 and 14-19 under 35 USC 101 are persuasive in light of amendments of claims 1, 12 and 13. Therefore the rejection of the claims 1-9, 11, 12 and 14-19 under 35 USC 101 are withdrawn.
4.	Applicant’s arguments regarding the rejection of the claims under 35 USC 102 (a)(2) are moot in view of new ground of rejection since they are based solely on newly added limitations of the claims which are addressed in the rejection rendered below.

Claims Interpretation

5.	Applicant refers to newly added limitation “discovering, at an edge device of the network, a first infrastructure device in the network that applies a first portion of the intrusion detection rules and a second infrastructure device in the network that applies a second portion of the intrusion detection rules”. Examiner has reviewed applicant’s specification and nowhere in the specification is pointed out explicitly “edge device”, therefore Examiner interpret the broadest interpretation of the limitation in view of applicant specification that “edge device in a network” is the device network adjoining to the node in the path of the packet for traveling, and “first infrastructure device” as a device within that network device analyzing the packet in order to process the “portion of the intrusion detection rules”, where such devices could be routers, switches, etc.
6.	Examining the applicant’s claims based on item 5 understanding means the second part of newly amended claims are similar to original claims, that is “a first infrastructure device in the network that applies a first portion of the intrusion detection rules and a second infrastructure device in the network that applies a second portion of the intrusion detection rules” are equivalent to applicant’s limitation “at the first infrastructure device of the network, applying the first portion of the intrusion detection rules and the second infrastructure device of the network, applying the second portion of the intrusion detection rules” which were addressed in previous rejection. 
7.	Examiner interpret the limitation “causing the packet to traverse the route” as it is understood in the art of networking as packet being forwarded through the route based on the rules set or rules met.
Examiner further refer applicant to the following MPEP citations:
¶ 7.37.11    Unpersuasive Argument: General Allegation of Patentability
Applicant’s arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
¶ 7.37.12    Unpersuasive Argument: Novelty Not Clearly Pointed Out
Applicant’s arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.

Therefore, the only disclosure lacks by applicant’s amendments by Nirmala is where the edge device and edge network work in harmony to find the best route for the packets. All limitations are taught by Nirmala with exception of explicitly disclosing edge device close the first network or second network, etc. which is disclosed by secondary reference noted below.

Claim Rejections - 35 USC § 103
8.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or on obviousness.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out 

9.	Claims 1-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Nirmala et al. U.S. 10,880,121 hereinafter “Nirmala” Filed Mar. 29, 2019 in view of Brandwine et al. U.S. 8,396,946 hereinafter “Brandwine” filed Mar. 31, 2010.

Regarding claim 1, Nirmala teaches: A method of applying intrusion detection rules to a packet in a network (Nirmala, first see col. 2 lines 32-67 and for intrusion detection rules examiner equates rules to QoS policies (see col. 1 lines 50-63), “a method includes receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network”), comprising: 
[discovering, at an edge device of the network], a first infrastructure device in the network that applies a first portion of the intrusion detection rules (Nirmala, Examiner note: the first portion of the intrusion detection rule is equated to provide a network overlay over layer 3 core network using tunneling protocol; see col. 2 line 32-46, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol, and wherein the first PE device for the source network and a second PE device for the destination network are peer tunneling endpoints of a tunnel for the tunneling protocol; deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulating, by the first PE device, the QoS behavior to the packet; encapsulating, by the first PE device, an outer tunnel transport header that identifies the peer tunneling endpoints to the packet”; then see col. 6 lines 35-48 and col. 8 lines 17-43) and a second infrastructure device in the network that applies a second portion of the intrusion detection rules (Nirmala, Examiner note: the second portion of the intrusion detection rule is equated to drive a quality of service applied to the second network device when injecting the packet to destination network via encapsulation; see col. 2 line 51-65, “receive configuration data that configures the network device to provide a network overlay over a layer 3 core network using a tunneling protocol, wherein the network device for a source network and a second network device for a destination network are peer virtual tunneling endpoints for a tunnel of the tunneling protocol; receive a layer 2 (L2) packet from the source network that is destined for the destination network; derive a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulate the QoS behavior to the packet; encapsulate an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and send the encapsulated packet through the tunnel 65 to the second network device”; then see col. 6 lines 35-48 and col. 8 lines 17-43);
[determining, at the edge device of the network], a route through the network towards a destination of the packet, wherein the route includes the first infrastructure device and the second infrastructure device (Nirmala, see col. 5 lines 30-41, “PEs 10 may implement VXLAN that provides a tunneling scheme to overlay L2 networks on top of L3 networks. VXLANs 35 establish tunnels for communicating traffic, e.g., L2 broadcast, unknown unicast, and multicast (BUM) packets”).
[causing the packet to traverse the route]:
at the first infrastructure device of the network, applying the first portion of the intrusion detection rules to the packet (Nirmala, Examiner note: the first portion of the intrusion detection rule is equated to provide a network overlay over layer 3 core network using tunneling protocol; see col. 2 line 32-46, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol, and wherein the first PE device for the source network and a second PE device for the destination network are peer tunneling endpoints of a tunnel for the tunneling protocol; deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet ; and
at the second infrastructure device of the network, applying the second portion of the intrusion detection rules to the packet (Nirmala, Examiner note: the second portion of the intrusion detection rule is equated to drive a quality of service applied to the second network device when injecting the packet to destination network via encapsulation; see col. 2 line 51-65, “receive configuration data that configures the network device to provide a network overlay over a layer 3 core network using a tunneling protocol, wherein the network device for a source network and a second network device for a destination network are peer virtual tunneling endpoints for a tunnel of the tunneling protocol; receive a layer 2 (L2) packet from the source network that is destined for the destination network; derive a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulate the QoS behavior to the packet; encapsulate an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and send the encapsulated packet through the tunnel 65 to the second network device”; then see col. 6 lines 35-48 and col. 8 lines 17-43). 
Nirmala do not explicitly disclose that such packet routing between the first and second infrastructural devices as outlined above “discovering, at an edge device of the network”; “determining, at the edge device of the network” and “causing the packet to traverse the route”. However, Brandwine disclose “discovering, at an edge device of the network”,  “determining, at the edge device of the network” (Brandwine; FIG. 1B and 3; col. 16, lines 58-64; col. 17, lines 9 through col. 18, line 44; col. 44, lines 64-66 which discloses how communication are done between the nodes and finally col. 45, lines 2-30). 
Examiner further taking official position that limitation “causing the packet to traverse the route” is well known in the art of networking optimization and would be known to one of 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nirmala with the teaching of Brandwine because the use of Brandwine’s idea (Brandwine, see col. 2, lines 32-46) could provide Nirmala (Nirmala, see abstract) the ability to include optimize packet routing based on closes edge network and edge devices within the network to enhance the packet routing from source to destination in optimize manner (Brandwine, FIG. 1B).

Regarding claim 2, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: provide the packet to the first infrastructure device and to the second infrastructure device by a multicast transmission of the packet (Nirmala, see col. 5 lines 30-41, “PEs 10 may implement VXLAN that provides a tunneling scheme to overlay L2 networks on top of L3 networks. VXLANs 35 establish tunnels for communicating traffic, e.g., L2 broadcast, unknown unicast, and multicast (BUM) packets”).

Regarding claim 3, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: providing the packet from the first infrastructure device to the second infrastructure device (Nirmala, see col. 2 lines 40-49, “deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulating, by the first PE device, the QoS behavior to the packet; encapsulating, by the first PE device, an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and sending, by the first PE device, the encapsulated packet through the tunnel to the second PE device.”).

Regarding claim 4, Nirmala teaches all the limitations of claim 3. Further Nirmala teaches: wherein providing the packet from the first infrastructure device to the second infrastructure device is according to a routing algorithm (Nirmala, see col. 4 lines 1-24, “PEs 10 may exchange routing information via intermediate network 12 and process the routing information, selecting paths through its representation of the topology of the intermediate network 12 to reach all available destinations to generate forwarding information”). 

Regarding claim 5, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: at the first infrastructure device, tagging the packet to indicate the first portion of the intrusion detection rules have been applied to the packet (Nirmala, see col. 2 lines 15-18 “provide one or more technical advantages. For example, by encapsulating a QoS behavior within the tagging packet frame, the QoS behavior can be sent across any type of tunnel (i.e., tunnel protocol agnostic)”); and at the second infrastructure device, tagging the packet to indicate the second portion of the intrusion detection rules have been applied to the packet (Nirmala, first see col. 2 lines 1-21, “by encapsulating a QoS behavior within the tagging packet frame, the QoS behavior can be sent across any type of tunnel (i.e., tunnel protocol agnostic)” and col. 8 lines 1-5, “PE 10 A may encapsulate the QoS behavior 24 within a tagging packet frame, such as a tagging packet frame in accordance with the 802.lQ tag format. As one example, an 802.lQ packet may comprise a Tag Protocol Identifier (TPID) that identifies the packet as an IEEE 802.1 Q-tagged frame ”; then see col. 9 lines 35-48, “lQ packet may comprise 32 bits with 16 bits reserved for the TPID ("Reserved TPID 207A"). The reserved TPID 207A may be 16 bits set to a value of Ox8xxx to identify the frame as an IEEE 802.1 Q-tagged frame. The remaining 16 bits of the 802.1 Q packet is used to denote the QoS behavior 207B ("QOS 207B"). As one example implementation, QOS 207B may be 5 bits of the remaining 16 bits used to denote the QoS behavior derived by the source tunneling endpoint. More specifically, the source tunneling endpoint may set the first 3 bits ofQOS 207B as the priority class 207C and set the following 2 bits as the drop .

Regarding claim 6, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: at the first infrastructure device, determining that the second portion of the intrusion detection rules have not been applied to the packet; and providing the packet from the first infrastructure device to the second infrastructure device based at least on a result of the determination (Nirmala, see col. 12 lines 34-44 “where PE device 200 is a destination tunneling endpoint (e.g., PE 10 B of FIG. 1), PE device 200 may receive an encapsulated packet from a source tunneling endpoint via one of inbound links 312. Forwarding engine 306 may de-encapsulate the packet and determine the QoS behavior value encapsulated to the packet. Forwarding engine 306 forwards the QoS behavior to QoS module 360, which may apply the QoS behavior. In this way, QoS module 360 of the destination tunneling endpoint does not re-derive the QoS behavior, and instead may apply the same QoS behavior that was derived by the source tunnel endpoint”). 

Regarding claim 7, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: wherein the determining further includes determining an efficacy of the intrusion detection rules that have been applied to the packet (Nirmala, see FIG. 4 item 412 along with col. 13 lines 19-38, “when PE 10 B receives the encapsulated packet, PE 10 B may de-encapsulate the outer tunnel transport header and determine the QoS behavior encapsulated to the packet without re-deriving the QoS behavior based on customer/tenant specific QoS policies for the destination network (412). For example, PE 10 B may de-encapsulate the packet and determine the priority class and drop precedence of the QoS behavior derived by PE 1 0 A without having to re-derive the priority class and drop precedence based on customer/tenant specific QoS policies”). 

Regarding claim 8, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: providing the packet from the first infrastructure device to the second infrastructure device based at least on an overlay to which the packet belongs (Nirmala, see col. 2 lines 32-40, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein 35 the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol”; also see col. 5 lines 30-40; col. 6 lines 1-7; col. 8 lines 20-31 ….). 

Regarding claim 9, Nirmala teaches all the limitations of claim 8. Further Nirmala teaches: wherein the overlay comprises one of a group of VKLAN with security header, VXLAN without security header, IPv6 or VLAN. (Nirmala, see col. 8 lines 17-31,  “PE 10 B, a source IP address of the source VTEP, a destination IP address of the destination VTEP, and a VNI that indicates the VXLAN overlay network”). 

Regarding claim 10, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: wherein: the overlay is a first overlay; and the method further comprises providing the packet from the second infrastructure device to a third infrastructure device, based on a second overlay that is different from the first overlay (Nirmala, first see FIG. 1 item 12 as first infrastructure network along with col. 4 lines 25-26 that discloses intermediate network 12 that represent a service provider; then see col. 6 lines 8-48 that discloses item 12 will implement first overlay through either IPv6 protocol or VXLAN header to PEs 10 (PE10A (where item 12 implement overlay to second infrastructure device) and PE10B (through the header of VXLAN tunnel to destination as second overlay that the values in the header are different that the header in source header that is considered as third infrastructure device))  “FIG.1 where PEs 10 provide VXLAN, PEs 10 operate as tunneling endpoints (VTEPs) for the VXLAN tunnel 16 to encapsulate VXLAN traffic and de-capsulate VXLAN traffic when it leaves the .  

Regarding claim 11, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: the second infrastructure device applies the second portion of the intrusion detection rules based at least on the overlay to which the packet belongs (Nirmala, see col. 8 lines 17-43 that discloses PE 10 A as second infrastructure device how to encapsulate the packet with the outer tunnel transport header 26 where derived QoS behavior (intrusion detection rules) includes tunnel packet 22 and 26 (applies second portion of the intrusion detection rules)).  

Regarding claim 12, this claim defines a system claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Furthermore, Nirmala in col. two lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 1. 

Regarding claim 13, this claim defines a system claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and 

Regarding claim 14, this claim defines a system claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 3. 

Regarding claim 15, this claim defines a system claim that corresponds to method claim 4 and does not define beyond limitations of claim 4. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 4. 

Regarding claim 16, this claim defines a system claim that corresponds to method claim 5 and does not define beyond limitations of claim 5. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 5. 

Regarding claim 17, this claim defines a system claim that corresponds to method claim 6 and does not define beyond limitations of claim 6. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 6. 

Regarding claim 18, this claim defines a system claim that corresponds to method claim 7 and does not define beyond limitations of claim 7. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 7. 

Regarding claim 19, this claim defines a system claim that corresponds to method claim 8 and does not define beyond limitations of claim 8. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 8. 

Regarding claim 20, this claim defines a system claim that corresponds to method claim 10 and does not define beyond limitations of claim 10. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 10. 
Examiner note:
10.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
11.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Casado et al. U.S. 8,964,528 B2 discloses method and apparatus for robust packet distribution among hierarchical managed switching element of a network.
Nakil et al. U.S. 2015/0244617 A1 disclose physical path determination for virtual network packet flows.
Shafi et al. 2018 IEEE Access, “Fog-Assisted SDN Controlled Framework for
Enduring Anomaly Detection in an IoT Network”, disclose various attacks on IoT devices saturate the network edge and revoke IoT data from forwarding to the cloud and a fog assisted Intrusion Detection and Prevention System (IDPS) architecture that adds protection at the network edge for IoT devices.
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884. The examiner can normally be reached on M-F 8AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.