Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
1.       A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
   Applicant's submission filed on 1-13-2022 has been entered.

2.        Claims 1, 2, 4 - 7, 9 - 12, 14 - 17, 19, 20 are pending.  Claims 1, 2, 6, 7, 11, 12, 16 have been amended.  Claims 3, 8, 13, 18 have been cancelled.  Claims 1, 6, 11, 16 are independent.   File date is 6-13-2019.  

Claim Rejections - 35 USC § 103  
3.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1, 2, 4 - 7, 9 - 12, 14 - 17, 19, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sood et al. (US PGPUB No. 20180114012) in view of Cirkovic et al. (US Patent No. 9,479,522).     	
 
Regarding Claims 1, 6, 11, Sood discloses a method implemented by a network device to reduce bandwidth and compute resources needed by a controller of a software defined networking (SDN) controller by distributing monitoring of virtual network functions (VNFs) to data plane nodes (DPNs) in a SDN network and a network device configured to execute a method to reduce bandwidth and compute resources needed by a controller of a software defined networking (SDN) controller by distributing monitoring of virtual network functions (VNFs) to data plane nodes (DPNs) in a SDN network and a computing device functioning as a network node, the computing device to execute a plurality of virtual machines for implementing network function virtualization, wherein a virtual machine from the plurality of virtual machines is configured to execute a method to reduce bandwidth and compute resources needed by a controller of a software defined networking (SDN) controller by distributing monitoring of virtual network functions (VNFs) to data plane nodes (DPNs) in a SDN network, the method and the network device and the computing device comprising:
a)  receiving a monitoring request from the SDN controller to monitor a VNF. (Sood ¶ 004, ll 1-15: under SDN the system makes decisions about where traffic is sent (i.e. control plane), forwards traffic to selected destination (i.e. data plane); virtualizing network functions as software applications; SDN concepts facilitate network virtualization; ¶ 095, ll 1-8: each VNF is configured; packet processing flow between VNFs are setup (request/responses); packet processing flows involve operations performed by software 

Sood does not explicitly disclose for b): receiving a byte sequence from controller, and for d): matching byte sequence with monitoring response messages. 
However, Cirkovic discloses: 
b)  receiving a byte sequence from the SDN controller for the VNF; (Cirkovic col 8, ll 42-48: a signature with embedded bit patterns specifying content is employed; signature contains a unique bit pattern enabling targeted and detection of specific content; col 11, ll 7-18: identifying and retrieving predefined signatures) and 
c)  determining whether a monitoring response message from the VNF matches the byte sequence at a given offset; (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via connection; col 5, ll 44-54: bit patterns comprises a set of bits (i.e. 8 bits to 64 bits); signature includes multiple fields (i.e. start bit location, stop bit location: bit position within data structure)) and 
d)  generating entries for monitoring the VNF by matching the byte sequence with monitoring response messages from the VNF. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and subsequently tracking identified packet flows; col 11, ll 7-18: identifying 

Furthermore, Sood does not explicitly disclose sending a monitoring request message to a VNF, receiving an unexpected response, and sending a notification. 
However, Cirkovic discloses the following: 
e)  sending a monitoring request message to a malfunctioning VNF; 
f)   receiving an unexpected response from the malfunctioning VNF or determining that a response to the monitoring request message has timed out, and 
g)  sending the unexpected response or a notification of the timeout to the SDN controller. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via connection; col 5, ll 44-54: bit patterns comprises a set of bits (i.e. 8 bits to 64 bits); signature includes multiple fields (i.e. start bit location, stop bit location: bit position within data structure); col 9, ll 30-38: security isolates identified packet flows and takes corresponding action based on subscription request information; subscription requests security to reroute unauthorized packet flows to an alternative destination; event handler configured to reroute or stop packet flow carrying issues a warning to destination that packet flow carries unauthorized data))  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for b): receiving a byte sequence from controller, and for c): matching byte sequence with monitoring response messages, and sending a monitoring request message to a VNF, receiving an unexpected response, and sending a notification as taught by Cirkovic. One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network security, network optimization, and IP protection by tracking and/or monitoring of signature-based content flow including the aggregation of useful data during the routing process.  (Cirkovic col 7, ll 58-61)    

Furthermore for Claim 10, Sood discloses wherein a non-transitory computer-readable medium having stored therein an application monitor; and a processor coupled to the non-transitory computer-readable medium, the processor to execute the a virtual machine from the plurality of virtual machines, the virtual machine to execute the application monitor.  (Sood ¶ 254, ll 11-17: computer readable storage medium provides content that represents instructions that can be executed; computer performing various functions/operations described herein; (computer indicates a processor coupled to a memory for instruction storage and execution by processor))

Regarding Claims 2, 7, 12, Sood-Cirkovic discloses the method of claim 1 and the network device of claim 6 and the computing device of claim 11. 

However, Cirkovic discloses wherein further comprising: sending the monitoring response message to the controller. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via connection; col 5, ll 44-54: bit patterns comprises a set of bits (i.e. 8 bits to 64 bits); signature includes multiple fields (i.e. start bit location, stop bit location: bit position within data structure))     
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for sending a monitoring response message (based on byte sequence) to the controller as taught by Cirkovic.   One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network security, network optimization, and IP protection by tracking and/or monitoring of signature-based content flow including the aggregation of useful data during the routing process.  (Cirkovic col 7, ll 58-61)       

Regarding Claims 4, 9, Sood-Cirkovic discloses the method of claim 1 and the network device of claim 6. 
Sood does not explicitly disclose byte sequence determined from a pattern in messages.  

        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for byte sequence determined from a pattern in messages as taught by Cirkovic.  One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network security, network optimization, and IP protection by tracking and/or monitoring of signature-based content flow including the aggregation of useful data during the routing process.  (Cirkovic col 7, ll 58-61)    

Regarding Claims 5, 10, 15, Sood-Cirkovic discloses the method of claim 1 and the network device of claim 6 and the computing device of claim 11. 
Sood does not explicitly disclose sending message to controller where byte sequence is not matched.

        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for sending message to controller where byte sequence is not matched as taught by Cirkovic.  One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network security, network optimization, and IP protection by tracking and/or monitoring of signature-based content flow including the aggregation of useful data during the routing process.  (Cirkovic col 7, ll 58-61)     

Regarding Claim 14, Sood-Cirkovic discloses the computing device of claim 11. 
Sood does not explicitly disclose byte sequence determined from a pattern in messages from VNF. 
However, Cirkovic discloses wherein the byte sequence is determined from a pattern in response monitoring response messages from the VNF. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for byte sequence determined from a pattern in messages from VNF as taught by Cirkovic.  One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network security, network optimization, and IP protection by tracking and/or monitoring of signature-based content flow including the aggregation of useful data during the routing process.  (Cirkovic col 7, ll 58-61)      

Regarding Claim 16, Sood discloses a control plane device to implement a control plane of a software defined networking (SDN) network including a plurality of network devices implementing a data plane of the SDN network, the control plane device configured to execute a method to reduce bandwidth and compute resources needed by a controller of a software defined networking (SDN) controller by distributing monitoring of virtual network functions (VNFs) to data plane nodes (DPNs) in a SDN network, the control plane device comprising:
a)  a non-transitory computer-readable medium having stored therein an application monitor; and b) a processor coupled to the non-transitory computer-readable medium, the processor to execute the application monitor (Sood ¶ 254, ll 11-17: computer 
wherein the application monitor to send an initial monitoring request for a VNF to a data plane node (DPN) (Sood ¶ 004, ll 1-15: under SDN the system makes decisions about where traffic is sent (i.e. control plane), forwards traffic to selected destination (i.e. data plane); virtualizing network functions as software applications; SDN concepts facilitate network virtualization; ¶ 095, ll 1-8: each VNF is configured; packet processing flow between VNFs are setup; packet processing flows involve operations performed by software executing in separate VNFs by forwarding packets from a first VNF to a second VNF via virtual switches; virtual machine monitoring is implemented (i.e. request to monitor network traffic between VNFs)). 
 
Sood does not explicitly disclose sending a byte sequence for VNF to identify monitoring response messages. 
However, Cirkovic discloses wherein receive a monitoring response message from the DPN and send a byte sequence to the DPN for the VNF to enable the DPN to identify monitoring response messages from the VNF to forward to the application monitor. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via 

Furthermore, Sood does not explicitly disclose receiving an unexpected response. 
And, Cirkovic discloses the following: receive an unexpected response or a notification of timeout from the DPN when the DPN receives the unexpected response from a malfunctioning VNF or the response from the malfunctioning VNF times out. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via connection; col 5, ll 44-54: bit patterns comprises a set of bits (i.e. 8 bits to 64 bits); signature includes multiple fields (i.e. start bit location, stop bit location: bit position within data structure); col 9, ll 30-38: security isolates identified packet flows and takes corresponding action based on subscription request information; subscription requests security to reroute unauthorized packet flows to an alternative destination; event handler configured to reroute or stop packet flow carrying confidential information; event handler broadcasts or issues a warning to destination that packet flow carries unauthorized data))  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for sending a byte sequence for VNF to identify monitoring response messages and receiving an unexpected response as taught by Cirkovic. One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network 

Regarding Claim 17, Sood-Cirkovic discloses the control plane device of claim 16. 
Sood does not explicitly disclose application monitor to analyze monitoring message to determine byte sequence. 
However, Cirkovic discloses wherein the application monitor is further to analyze the monitoring response message to determine the byte sequence. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via connection; packet flows are blocked from traveling over connection to node due to unauthorized distribution (no match))    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for application monitor to analyze monitoring message to determine byte sequence as taught by Cirkovic.  One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network security, network optimization, and IP protection by tracking and/or monitoring of signature-based content flow including the aggregation of useful data during the routing process.  (Cirkovic col 7, ll 58-61)    

Regarding Claim 19, Sood-Cirkovic discloses the control plane device of claim 16, wherein the application monitor is further to record data related to the monitoring response message from the VNF. (Sood ¶ 072, ll 1-7: includes a secure audit/logs (i.e. storage of events associated with monitoring messages))    

Regarding Claim 20, Sood-Cirkovic discloses the control plane device of claim 16. 
Sood does not explicitly disclose application monitor to receive the monitoring message where byte sequence is not matched. 
However, Cirkovic discloses wherein the application monitor is further to receive the monitoring response message from the DPN where the byte sequence is not matched. (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via connection; packet flows are blocked from traveling over connection to node due to unauthorized distribution (no match))    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sood for application monitor to receive the monitoring message where byte sequence is not matched as taught by Cirkovic.  One of ordinary skill in the art would have been motivated to employ the teachings of Cirkovic for the benefits achieved from a system that enables improving network security, network optimization, and IP 

Response to Arguments
5.    Applicant's arguments have been fully considered but they were not persuasive. 

A.  Applicant argues on page 8 of Remarks: Applicant submits that the combination of Sood and Cirkovic does not teach, suggest or render obvious at least, for example, the newly presented features highlighted above. 

    The Examiner respectfully disagrees.  Cirkovic discloses the capability for sending a monitoring request.  Cirkovic discloses receiving a response to the monitoring request (i.e. response can be an unexpected or error type response).  And, Cirkovic discloses sending a notification based upon the response.  (Cirkovic col 8, ll 19-22: traffic filtering process is performed and allows a user to identify packet flows in accordance with signatures and tracking identified packet flows; col 11, ll 7-18: identifying and retrieving predefined signatures; predefined signatures are compared at comparator; if signatures match controller selects gating unit, packet flow is allowed to travel to node via connection; col 5, ll 44-54: bit patterns comprises a set of bits (i.e. 8 bits to 64 bits); signature includes multiple fields (i.e. start bit location, stop bit location: bit position within data structure); col 9, ll 30-38: security isolates identified packet flows and takes corresponding action based on subscription request information; subscription requests security to reroute unauthorized packet flows to an alternative destination; event handler configured to reroute or stop packet 

B.  Applicant argues on page 8 of Remarks: Accordingly, amended independent Claims 6, 11 and 16 are also not taught, suggested, or rendered obvious in view of the references cited in the Office Action at least for the reasons stated above with regards to amended independent Claim 1.

    Responses to arguments against independent claim 1 also answer arguments against independent claims 6, 11 and 16, which have similar limitations as independent claim 1.     

C.  Applicant argues on page 8 of Remarks:    ...   the remaining dependent Claims 2, 4-5, 7, 9-10, 12, 14-15, 17 and 19-20. However, as each of these claims depends upon base independent Claims 1, 6, 11 and 16, which are believed to be in condition for allowance,   ...   . 

    Responses to arguments against the independent claims also answer arguments against the associated dependent claims.     

Conclusion
February 14, 2022



Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KYUNG H SHIN/                                                                                                 2-25-2022Primary Examiner, Art Unit 2443