Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is the initial office action that has been issued in response to patent application, 16/917,490, filed on 06/30/2020. Claims 1-20, as originally filed, are currently pending and have been considered below. Claim 1, 11 and 20 are independent claim.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 03/11/2021 and 12/22/2021 are in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The drawings filed on 06/30/2020 are accepted by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Panchal (US Patent Application No 2021/0136870 A1) in view of Jain (US Patent Application Publication No 2015/0095969 A1). 

Regarding Claim 1, Panchal discloses a system, comprising: 
a processor configured to (Panchal, ¶[0080], Fig-8): 
monitor network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); 

enforce a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced); and 
a memory coupled to the processor and configured to provide the processor with instructions (Panchal, ¶[0080], Fig-8). 
Panchal does not explicitly teach the following limitation that Jain teaches:
the security platform (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], DDOS attack mitigation 
Panchal in view of Jain are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Jain to include the idea of an integrated solution to the distributed denial of service attacks mitigation for a large network by applying attack mitigation policies.

Regarding Claim 2, Panchal in view of Jain discloses the system recited in claim 1, wherein the plurality of parameters extracted from the PFCP message at the security platform include a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may 

Regarding Claim 3, Panchal in view of Jain discloses the system recited in claim 1, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation).
 
Regarding Claim 4, Panchal in view of Jain discloses the system recited in claim 1, wherein the processor is further configured to: 
parse the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for 

Regarding Claim 5, Panchal in view of Jain n discloses the system recited in claim 1, wherein the processor is further configured to: parse the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). 

Regarding Claim 6, Panchal in view of Jain discloses the system recited in claim 1, wherein the security platform monitors network traffic to and/or in a core network for a 5G network to secure control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate 

Regarding Claim 7, Panchal in view of Jain discloses the system recited in claim 1, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). 

Regarding Claim 8, Panchal in view of Jain discloses the system recited in claim 1, wherein the security platform is configured to perform detection and prevention of Session Endpoint Identifier (SEID) Spoofing attacks for securing control and user plane separation in the mobile 

Regarding Claim 9, Panchal in view of Jain discloses the system recited in claim 1, wherein the processor is further configured to: block the new session from accessing a resource based on the security policy (Jain, ¶[0059], the DDOS attack mitigation appliance may send the granular traffic information, packet drop statistics to the central controller so that the controller may adjust the mitigation policies).
 
Regarding Claim 10, Panchal in view of Jain discloses the system recited in claim 1, wherein the processor is further configured to: allow the new session to access a resource based on the security policy (Jain, ¶[0024], within the data plane, the DDoS attack mitigation appliance decides whether to drop or to allow incoming packets based on behavioral policies set by the DDoS attack mitigation central controller).

Regarding Claim 11, Panchal discloses a method, comprising: 

extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and 
enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such 
Panchal does not explicitly teach the following limitation that Jain teaches:
the security platform (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], DDOS attack mitigation appliances specialize in the data path, i.e., packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0051]- ¶[0052], Fig-5A &5B).
Panchal in view of Jain are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Jain to include the idea of an integrated solution to the distributed denial of service attacks mitigation for a large network by applying attack mitigation policies.

Regarding Claim 12, Panchal in view of Jain discloses the method of claim 11, wherein the plurality of parameters extracted from the PFCP 

Regarding Claim 13, Panchal in view of Jain discloses the method of claim 11, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). 

Regarding Claim 14, Panchal in view of Jain discloses the method of claim 11, further comprising: parsing the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). 

Regarding Claim 15, Panchal in view of Jain discloses the method of claim 11, further comprising: parsing the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment 

Regarding Claim 16, Panchal in view of Jain discloses the method of claim 11, wherein the security platform monitors network traffic to and/or in a core network for a 5G network to secure control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation. Also Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network). 

Regarding Claim 17, Panchal in view of Jain discloses the method of claim 11, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral 

Regarding Claim 18, Panchal in view of Jain discloses the method of claim 11, wherein the security platform is configured to perform detection and prevention of Session Endpoint Identifier (SEID) Spoofing attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). 

Regarding Claim 19, Panchal in view of Jain discloses the method of claim 11, further comprising: allowing or blocking the new session from accessing a resource based on the security policy (Jain, ¶[0059], the DDOS attack mitigation appliance may send the granular traffic information, packet drop statistics to the central controller so that the controller may adjust the mitigation policies).
Regarding Claim 20, Panchal discloses a computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); 
extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and 

Panchal does not explicitly teach the following limitation that Jain teaches:
the security platform (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], DDOS attack mitigation appliances specialize in the data path, i.e., packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0051]- ¶[0052], Fig-5A &5B).
Panchal in view of Jain are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Jain to include the idea of an integrated solution to the distributed .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 



/WASIKA NIPA/           Primary Examiner, Art Unit 2433