Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on April 7, 2020 is v in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pularikkal; Gangadharan Byju et al, US 20190036888, January, 31, 29019 hereafter referred to as Pularikkal, in view of Devarajan; Srikanth et al, US 20200259792 A1, August 13, 2020 hereafter referred to as Devarajan.

           As to claim 1, Pularikkal teaches a method for validating a firewall policy rule - Pularikkal [0019] FIG. 1A is a schematic diagram of a network environment 10 that selectively allows carrier Wi-Fi calling/messaging.  Here, the claimed ‘method’ is illustrated by Pularikkal as ‘FIG. 1A’.  The claimed ‘validating firewall policy rule’ is taught by Pularikkal as ‘selectively allows’ because the Firewall is subject to selection of Access Control 160 of Figure 1 which implement the claimed ‘policy rules’) comprising a source, a destination, and an action - Pularikkal [0021] the network security controller 130 establishes, monitors and/or maintains security criteria 132 associated with the enterprise network 100. In some implementations, the security criteria 132 define a set of trusted sources 134, a set of trusted destinations 136 and/or a set of predefined communication parameters 138 for Wi-Fi calls/messages. Here, the claimed ‘source’ is taught by Pularikkal as ‘trusted sources 134’.  The claimed ‘destination’ is taught by Pularikkal as ‘trusted destinations 136’ whereas the claimed ‘an action’ is taught by Pularikkal as ‘calls’), wherein the source or the destination is specified by an expression matching on a fully qualified domain name (FQDN) - Pularikkal [0021] the trusted destinations 136 indicate external entities with which mobile devices inside the enterprise network 100 are permitted to communicate via Wi-Fi calls/messages (e.g., Fully Qualified Domain Names (FQDNs) that have been whitelisted.  Here, the claimed ‘specified’ is taught by Pularikkal as ‘indicate’ since the call/message construct would indicate the expression), the expression having a corresponding expression identifier - Pularikkal [0022] …the request 22 includes a source identifier (ID) 24, a destination ID 26 and/or communication parameters 280. Here, the claimed ‘expression identifier’ is taught by Pularikkal as ‘ID’ since the identifications are part of the FQDN rule requirement as per instant specification at [0001]), the method comprising: 
            in response to detecting a new expression in a policy rule, updating a global version number to a new value - Pularikkal [0026] the network security controller 130 updates the list of whitelisted FQDNs based on an enterprise policy to allow or deny calls corresponding to specific mobile operators.  Here, the claimed ‘policy rule’ is taught by Pularikkal as ‘whitelisted’ whereas the claimed ‘new value’ is taught by Pularikkal as ‘updates the list’ because an update to the FQDN domain tables to new versioning provides a new value FQDN as per instant specification [0013-0014]), 
            identifying a particular IP address that corresponds to an FQDN matching on the new expression - Pularikkal [0038] … the network security controller 130 determines that the intraflow pattern does not match predefined patterns for Wi-Fi calling/messaging);
            storing an entry comprising the particular IP address, the new expression and an entry version number in a first data structure - Pularikkal [0050] the memory 806 or the non-transitory computer readable storage medium of the memory 806 stores the following programs, modules and data structures, or a subset thereof including an optional operating system 808, a request validation module 810, enterprise security criteria 820 and a session establishment module 830), the entry version number being assigned the new value - Pularikkal [0040] FIG. 6 is a flowchart representation of a method 600 of establishing a communication session for Wi-Fi calling/messaging and establishing the end-to-end encrypted session based on the request satisfying the enterprise security criterion. Here, the claimed ‘entry version number’ is taught by Pularikkal as ‘establishing a communication session’ because a new session requires a new entry which is identified distinctly by a value);
             in response to detecting a new connection to a destination IP address: finding a matching entry in the first data structure corresponding to the destination IP address - …- Pularikkal [0031] the network security controller 130 collects and stores matching patterns for various SIP implementations used for carrier Wi-Fi calling/messaging. In some implementations, for RTP streams, the network security controller 130 collects and stores matching patterns as a reference for all common codecs. CAÑETE DOES NOT TEACH            determining whether the global version number matches the entry version number for the matching entry - Pularikkal [0031] the network security controller 130 grants the request 22 in response to the communication parameters 28 being the same as or within a threshold of the predefined communication parameters 138);             and in response to determining that the global version number does not match the entry version number for the matching entry, sending update information to a slowpath process that associates an updated configuration information for the matching entry -- Pularikkal [0038] FIG. 5 illustrates a sequence diagram for an example intraflow pattern check…the network security controller 130 determines that the intraflow pattern does not match predefined patterns for Wi-Fi calling/messaging. At 508, the network security controller 130 instructs the firewall 120 to block the IPSec flow for the mobile device 20 (e.g., by removing the dACL for the mobile device 20. Here, the claimed ‘global version number’ is taught by Pularikkal as ‘predefined pattern’ because the global version number is stored which whereas the claimed ‘entry version number’ is taught by Pularikkal as ‘intraflow pattern’.  The claimed ‘update information’ is taught by Pularikkal as ‘instructs the firewall’ because a new session requires a new entry which is identified distinctly by a value.  The claimed ‘updated configuration information’ is taught by Pularikkal as ‘dACL’ because to remove the list  updates the information to a null state), the update information comprising the destination IP address and an expression of the matching entry to cause the slowpath process to update a second data structure, the update information comprising the destination IP address and an expression of the matching entry to cause the slowpath process to update a second data structure - Pularikkal the method 600 includes establishing or triggering establishment of the requested session in response to the request satisfying the enterprise security criterion (e.g., establishing the encrypted communication tunnel 162 shown in FIG. 1B). As represented by block 630a, in some implementations, the method 600 includes adding the device address and the external entity address to an Access Control List (ACL).  PULARIKKAL SUGGESTS sending update information to a slowpath process that associates an updated configuration information for the matching entry, HOWEVER, IN AN sending update information to a slowpath process that associates an updated configuration information for the matching entry – Devarajan [0129] Every packet hits the firewall 602 which requires the firewall 602 to process packets as efficiently as possible. This is achieved by having slow and fast paths for packet processing. The slow path deals with the very first packet of a new session. It is slow because the corresponding policy has to be found and firewall resources allocated (memory, ports, etc.) for the session.  Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique of slowpath processing  taught by Devarajan to the Enterprise Network 100 of Pularikkal would have yielded predicable results and resulted in an improved network, namely, a network that would positively benefits Enterprise Network 100 establishing a slowpath process of Devarajan thereby enabling specific FQDN processing that updates global versions based on entry versions in accordance with the qualifications of the domain name protocol).

              As to claim 2, the combination of Pularikkal and Devarajan teaches the method of Claim 1, wherein the identifying a particular IP address that corresponds to an FQDN matching on the new expression comprises inspecting DNS response packets using a deep packet inspection approach - Devarajan [0162].. As described herein, the cloud firewall 602 includes 1) Application awareness—Identify applications regardless of port, protocol, evasive tactic, or SSL using DPI engine; 2) User awareness—Identify users, groups, and locations, regardless of IP address; 3) Real-time, granular control and visibility—Globally unified administration, policy management, and reporting; 4) Fully qualified domain name (FQDN) policies). The rationale for Pularikkal to consider Devarajan qualified domain name policies in claim 1 apply here in claim 2.

               As to claim 3, the combination of Pularikkal and Devarajan teaches the method of Claim 1, wherein the update information is sent to a slowpath process by communicating a pointer to a descriptor of the update information to the slowpath process - Devarajan  [0130] Here is a description of policy evaluation of the first packet in a session -  the slow path: …every  packet hits the firewall code first—it is intercepted on the ip_input( ) level; … if the packet destined to one of the cloud system 500's IP addresses, a pass up session is created, and the packet is forwarded up to the network stack.  Here, the claimed ‘pointer’ being communicated is taught by Devarajan as ‘firewall code’ because a code points to additional data whereas the claimed ‘descriptor’ is taught by Devarajan as ‘policy evaluation’ because evaluating the policy requires inspecting its descriptive criteria). The rationale for considering Devarajan slowpath with prior art Pularikkal in claim 1 applies here in claim 3


             As to claim 4, the combination of Pularikkal and Devarajan teaches the method of Claim 1, wherein the detecting a new expression in a policy rule comprises detecting that the policy rule, stored in a firewall policy, has been modified by replacing, in the policy rule, an old expression with the new expression - Devarajan [0144] …to determine network application (which mostly comes from layer 7) DPI engine usually has to see more than one packet. That is why all filtering rules with “other-than-any” network application components are replaced with similar rules where network application is any and action is allowed.  The rationale for combining Pularikkal with Devarajan firewall policy rules in claim 1 apples here in claim 4.

              As to claim 5, the combination of Pularikkal and Devarajan teaches the method of Claim 1, wherein the detecting a new expression in a policy rule comprises detecting that the policy rule is a new rule stored in a firewall policy - Pularikkal [0024] …the firewall 120 maintains an access control list, and the access control command 160 instructs the firewall 120 to add the mobile device 20 and/or the external entity 30 to the access control list so that the end-to-end encrypted traffic can flow between the mobile device 20 and the external entity 30).

                As to claim 6, the combination of Pularikkal and Devarajan teaches the method of Claim 1, wherein the identifying a particular IP address that corresponds to an FQDN matching on the new expression further comprises identifying, in the second data structure, an expression entry that includes the new expression that matches on the FQDN - Pularikkal [0033] … For example, in some implementations, during the first stage of admission control, the access control command 160 instructs the firewall 120 to open ports 500 and 4500 (e.g., via a dynamic Access Control List (ACL)), and allow (e.g., only allow) inbound and outbound IKEv2 messages for the mobile device 20); determining an expression identifier associated with the expression entry; and storing, in the first data structure, the expression identifier in the entry that also comprises the particular IP address, the new expression, and the entry version number - Pularikkal [0033 and 0050] since at ‘33 … In some implementations, encrypted data packets are not allowed during the first stage of admission control, but are allowed during the second stage of admission control since at ’50 the memory 806 or the non-transitory computer readable storage medium of the memory 806 stores the following programs, modules and data structures, or a subset thereof including an optional operating system 808, a request validation module 810, enterprise security criteria 820 and a session establishment module 830. .  Here, the claimed ‘determining’ is taught by Pularikkal as ‘not allowed’ meaning the firewall identifies the expression identifier. The claimed ‘first data structure’ is taught by Pularikkal as ‘enterprise security criteria 820’ because whitelists are stored therein. The claimed ‘expression entry’ is taught by Pularikkal as ‘admission controls’ because the packet includes the new expression and a version number whereby allowance during the second stage updates the FQDN).

              As to claim 7, the combination of Pularikkal and Devarajan teaches the method of Claim 1, wherein the policy rule is provided by a management plane or a local management plane - Pularikkal [0035] a failed second stage admission control results in the network security controller 130 removing (e.g., revoking) the ACL rules and causes the abortion of IKEv2 negotiation).

           As to claim 8, claim 8 is one or more non-transitory computer-readable storage media that is directed to the method of claim 1.  Therefore, claim 8 is rejected for the reasons as set forth in claim 1.

          As to claim 9, claim 9 is one or more non-transitory computer-readable storage media that is directed to the method of claim 2.  Therefore, claim 9 is rejected for the reasons as set forth in claim 2.

          As to claim 10, claim 10 is one or more non-transitory computer-readable storage media that is directed to the method of claim 3.  Therefore, claim 10 is rejected for the reasons as set forth in claim 3.

         As to claim 11, claim 11 is one or more non-transitory computer-readable storage media that is directed to the method of claim 4.  Therefore, claim 11 is rejected for the reasons as set forth in claim 4.

         As to claim 12, claim 12 is one or more non-transitory computer-readable storage media that is directed to the method of claim 5.  Therefore, claim 12 is rejected for the reasons as set forth in claim 5.

         As to claim 13, claim 13 is one or more non-transitory computer-readable storage media that is directed to the method of claim 6.  Therefore, claim 13 is rejected for the reasons as set forth in claim 6.

         As to claim 14, claim 14 is one or more non-transitory computer-readable storage media that is directed to the method of claim 7.  Therefore, claim 14 is rejected for the reasons as set forth in claim 7.

             As to claim 15, claim 15 is a hypervisor that teaches the method of claim 1.  Therefore claim 15 is rejected for the reasons as set forth in claim 1.  The claimed hypervisor is a preamble of the claim and is deemed no patentable weight per MPEP 2111.1 as the hypervisor is not further limited by the body of the claims.

          As to claim 16, claim 16 is a hypervisor that teaches the method of claim 2.  Therefore claim 16 is rejected for the reasons as set forth in claim 2.  The claimed hypervisor is a preamble of the claim and is deemed no patentable weight per MPEP 2111.1 as the hypervisor is not further limited by the body of the claims.

          As to claim 17, claim 17 is a hypervisor that teaches the method of claim 3.  Therefore claim 17 is rejected for the reasons as set forth in claim 3.  The claimed hypervisor is a preamble of the claim and is deemed no patentable weight per MPEP 2111.1 as the hypervisor is not further limited by the body of the claims.

          As to claim 18, claim 18 is a hypervisor that teaches the method of claim 4.  Therefore claim 18 is rejected for the reasons as set forth in claim 4.  The claimed hypervisor is a 

         As to claim 19, claim 19 is a hypervisor that teaches the method of claim 5.  Therefore claim 19 is rejected for the reasons as set forth in claim 5.  The claimed hypervisor is a preamble of the claim and is deemed no patentable weight per MPEP 2111.1 as the hypervisor is not further limited by the body of the claims..

            As to claim 20, claim 20 is a hypervisor that teaches the method of claim 6.  Therefore claim 20 is rejected for the reasons as set forth in claim 6.  The claimed hypervisor is a preamble of the claim and is deemed no patentable weight per MPEP 2111.1 as the hypervisor is not further limited by the body of the claims.

Examiner note: See Subramaniyan; Moorthi et al, US 20190014088 A1; January 10, 2019 for the preamble hypervisor [0073].

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
 /WILLIAM B JONES/Examiner, Art Unit 249103/10/2020

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491