Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 1, 8, 9 14, 15, and 20 are objected to because of the following informalities: 
Claim 1, line 4 recites “IP” which should be changed to --Internet Protocol (IP)--.  Line 12 further recites “apply dynamic policy” which should be changed to --apply a dynamic policy--. 
Claim 9, line 3 recites “IP” which should be changed to --Internet Protocol (IP)--.  Page 2, line 1 further recites “applying dynamic policy” which should be changed to --applying a dynamic policy--
Claim 15, line 4 recites “IP” which should be changed to --Internet Protocol (IP)--.  Page 2, line 7 further recites “applying dynamic policy” which should be changed to --applying a dynamic policy--
Further, claims 1, 9, and 15 each recite “to block the new IP flow to access a resource” which may be better recited as either --to block the new IP flow from accessing a resource-- or --to block the new IP flow to access of a resource--.
Additionally, claims 8, 14, and 20 each recite “from accessing” which should be changed to --to access--.
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may 
Claims 1, 8, 9, 14, 15, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 9, 10, and 15 of U.S. Patent No. 10,601,776. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter recited within the instant application claims 1, 8, 9, 14, 15, and 20 overlaps, and is thus unpatentable, in view of respective claims 1, 9, 10, and 15 of the ‘776 patent.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,594,734. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter recited within each respective claim 1-20 of the instant application overlaps, and is anticipated by, the same respective claims 1-20 of the ‘734 patent.
Claims 1, 2, 5, 7-10, 13-16, 19, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 7-11, 14-17, and 20 of U.S. Patent No. 11,233,829. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter recited within the instant application claims 1, 2, 5, 7-10, 13-16, 19, and 20 overlaps, and is thus unpatentable, in view of respective claims 1-4, 7-11, 14-17, and 20 of the ‘829 patent.

Claim Rejections - 35 USC § 112

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "a subscriber with a new IP flow" in line 8.  There is insufficient antecedent basis for this limitation in the claim because the same “a subscriber with a new IP flow” is recited in lines 3-4. 
Claim 9 recites the limitation "a subscriber with a new IP flow" in line 7.  There is insufficient antecedent basis for this limitation in the claim because the same “a subscriber with a new IP flow” is recited in line 3.
Claim 15 recites the limitation "a subscriber with a new IP flow" in page 2, line 2.  There is insufficient antecedent basis for this limitation in the claim because the same “a subscriber with a new IP flow” is recited in page 1, line 4.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Aaron” (US 2008/0115190) in view of “Reznik” (US 2015/0142986).

Regarding Claim 1:
Aaron teaches:
A system (Fig. 2), comprising: 
a processor of a security platform (Fig. 2, elements 10 & 30; ¶0033, “Each firewall 30 includes a firewall agent 32 downloaded from the network service 10”) configured to: 
monitor network traffic on a service provider network to identify a subscriber 5with a new IP flow (¶0039, “Each firewall 30 includes a firewall agent 32 … that is configured to detect communications associated with users on the network 40 … A firewall agent 32 may collect various types of information including … N-tuple information”), 
communicate with an orchestrator and/or another network element on a service provider network to identify a subscriber with a new IP flow (¶0040, “This information may be collected … from other devices on the local network 40 and/or on the Internet 20”);  
10associate the subscriber with the new IP flow at the security platform and select a security policy to apply at the security platform to the new IP flow based on the subscriber (¶0042, “The activity analyzer component 12 is configured to receive information from firewall agents 32 and from user-activity agents 52 … (e.g., information about monitored user activity at user devices 50, about detected user communications, information about attempts by software applications on user devices 50 to communicate through firewalls 30, etc.). The activity analyzer component 12 is configured to retrieve relevant rules and data from the database 16, analyze the information received from the firewall agent 32 and user-activity agent 52 to determine what firewall rule detail level is required by and/or appropriate to user activity, and assign users to firewall policy groups”); 
apply dynamic policy per the new IP flow (¶0053, “… dynamically assigning computer network users to firewall policy groups…”) with the security policy for IP addresses associated with the subscriber on the service provider network based on one or 15more messages intercepted during monitoring of the network traffic on the service provider network at the security platform (¶0045, “The activity analyzer component 12 serves as means for assigning a user to a first or initial firewall policy group … serves as means for reassigning users to different firewall policy groups if monitored user activity indicates that a change in detail/detail level of rules is necessary”); and 
“The firewall agent 32 implements the decision of the activity analyzer component 12 with respect to firewall policy group assignments at a respective firewall 30”) to block the new IP flow to access a resource based on the security policy (¶0032, “The term “security policy”… refers to the rules … utilized by a firewall to determine if a particular communication through the firewall should be allowed or blocked or dropped”; ¶0039, “Also, a firewall agent 32 is configured to detect blocked communication attempts through a firewall 30 by software applications executing on user devices 50. A firewall agent 32 collects various information about communication attempts blocked by a firewall 30 and communicates this information to the network service 10”; ¶0054); and 
a memory coupled to the processor and configured to provide the processor with 20instructions (¶0023 & ¶0024).
Aaron does not disclose:
… wherein the security platform is configured to monitor and/or communicate on one or more 3rd Generation Partnership Project (3GPP) related interfaces; 
Reznik teaches:
… wherein the security platform (Fig. 1E, element 182) is configured to monitor and/or communicate on one or more 3rd Generation Partnership Project (3GPP) related interfaces (Fig. 1E depicts element 182 communicating with 3GPP elements 109; ¶0066, “ The ASN gateway 182 may serve as a traffic aggregation point and may be responsible for paging, caching of subscriber profiles, routing to the core network 109, and the like”);

	The motivation is to integrate components that can interoperate with different protocols, such as 3GPP, in order to monitor communications that occur overly such protocols. This allows a data flow monitoring system, such as in Aaron, to monitor and communicate data flows associated with commonly utilized protocols, such as 3GPP.

Regarding Claim 2:
The system recited in claim 1, wherein Aaron in view of Reznik further teaches the security platform includes a firewall (Aaron, Fig. 2, element 30; ¶0038, “… a network firewall 30…”), wherein the firewall is configured with a plurality of security policies for IP addresses (Aaron, Fig. 1 depicts a plurality of different security policy groups; ¶0039, “… N-tuple information (e.g., source and destination addresses of a communication…)”) associated with a plurality of subscribers using the service provider network (Aaron, ¶0046, “Users may be assigned to various different initial firewall policy groups”), and wherein the security platform applies dynamic policy per IP flow for wireless and wired devices (Aaron, Fig. 2, element 50; ¶0036, “Although illustrated as a personal computer (PC),  user device 50 represents any type of device that is configured to run software applications … hand-held computers, laptop computers…”).

Regarding Claim 3:
The system recited in claim 1, wherein Aaron in view of Reznik further teaches the security platform includes a plurality of firewalls (Aaron, Fig. 2, elements 30) and a firewall manager for managing the plurality of firewalls (Aaron, Fig. 2, elements 32).

Regarding Claim 4:
The system recited in claim 1, wherein Aaron in view of Reznik further teaches the security platform includes a firewall (Aaron, Fig. 2, element 30), and wherein the firewall communicates with the orchestrator or the another network element using an Application Programming Interface (API) to identify the subscriber associated with the new IP 30flow (Reznik, ¶0082, “As described above, applications (e.g. such as applications that may communicate with each other through IP addresses, for example, using a "socket interface" (e.g. an application programming interface (API))”).
The motivation to reject claim 4 under Reznik is the same motivation used to reject claim 1 under Reznik when combined with Aaron.

Regarding Claim 5:
The system recited in claim 1, wherein Aaron in view of Reznik further teaches the security platform includes a firewall (Aaron, Fig. 2, element 30), and wherein the firewall communicates with the orchestrator or the another network element using an Application Programming Interface (API) to identify the subscriber associated with the new IP flow (Reznik, ¶0082, “As described above, applications (e.g. such as applications that may communicate with each other through IP addresses, for example, using a "socket interface" (e.g. an application programming interface (API))”) to apply a plurality of security policies in real-time as data calls are setup and modified on 5the service provider network (Reznik, ¶0003, “Today, however, both voice calls and data connectivity have become primary purposes of cellular or mobile communications … the cellular customers or users tend to run a number of applications on their mobile devices that may take advantage of service differentiation among various services including third-party services that may be connected by mobile networks. Such applications may include interactive games, e-book reader applications, heart monitoring applications, and the like that may run on a mobile device and may use service differentiation to, for example, enable content delivery and/or transmission, schedule or use resources, and the like. Moreover, such service differentiation may be associated with differentiated methods for allowing subscriber's access to services, for keeping track of the mobile network resources used and for charging for such resources and/or services”).
The motivation to reject claim 5 under Reznik is the same motivation used to reject claim 1 under Reznik when combined with Aaron.

Regarding Claim 6:
The system recited in claim 1, wherein Aaron in view of Reznik further teaches the security platform includes a firewall (Aaron, Fig. 2, element 30), and wherein the firewall communicates with one or more of a Policy Control and Charging Rules Function (PCRF) entity, an Authentication, Authorization, and Accounting (AAA) server (Reznik, Fig. 1E, element 182 communicates with AAA element 186), Lightweight Directory Access Protocol (LDAP) server, or Traffic Detection Function (TDF) 10entity using an “As described above, applications (e.g. such as applications that may communicate with each other through IP addresses, for example, using a "socket interface" (e.g. an application programming interface (API))”). 
The motivation to reject claim 6 under Reznik is the same motivation used to reject claim 1 under Reznik when combined with Aaron.

Regarding Claim 7:
The system recited in claim 1, wherein Aaron in view of Reznik further teaches the security platform includes a firewall (Aaron, Fig. 2, element 30), and wherein the firewall communicates with one or more of a Policy Control and Charging Rules Function (PCRF) entity, an Authentication, Authorization, and Accounting (AAA) server (Reznik, Fig. 1E, element 182 communicates with AAA element 186), 15Lightweight Directory Access Protocol (LDAP) server, or Traffic Detection Function (TDF) entity using a network protocol to identify the subscriber associated with the new IP flow (Reznik, ¶0082, “As described above, applications (e.g. such as applications that may communicate with each other through IP addresses, for example, using a "socket interface" (e.g. an application programming interface (API))”; ¶0069, “As shown in FIG. 1E, the RAN 105 may be connected to the core network 109. The communication link between the RAN 105 and the core network 109 may defined as an R3 reference point that includes protocols for facilitating data transfer and mobility management capabilities, for example”).

Regarding Claim 8:
The system recited in claim 1, wherein Aaron in view of Reznik further teaches the processor of the security platform is further configured to: 
allow another new IP flow from accessing another resource based on the security policy (Aaron, (¶0032, “The term “security policy”… refers to the rules … utilized by a firewall to determine if a particular communication through the firewall should be allowed or blocked or dropped”; ¶0014, “… if a firewall agent detects a blocked communication attempt by a respective firewall, the network service determines whether to move the user involved in the communication attempt to a different firewall policy group so that the communication is allowed through the firewall”).

Regarding Claims 9-14:
Method claims 9-14 correspond to respective system claims 1-5 and 8, and contain no further limitations. Therefore claims 9-14 are each rejected using the same rationale applied to reject claims 1-5 and 8, respectively.

Regarding Claims 15-20:
Computer program product claims 15-20 correspond to respective system claims 1-5 and 8, and contain no further limitations. Therefore claims 15-20 are each rejected using the same rationale applied to reject claims 1-5 and 8, respectively.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.