DETAILED ACTION
Continued Examination under 37 CFR 1.114
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on Apr. 11, 2022 has been entered. 
Claims 1, 2, and 12 are amended. Therefore, claims 1-20 are presented for examination. Now claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Applicant’s Arguments
3.	Applicant’s arguments regarding the rejection of the claims under 35 USC 103 are moot in view of new or modified ground of rejection since they are based solely on newly added limitations of the claims which are addressed in the rejection rendered below. However, examiner makes the following remarks regarding the newly added limitations incorporated into independent claims:
	a) Applicant has noted that paragraph 0024-0026 of applicant’s specification supports the newly added limitation “wherein the second portion of the intrusion detection rules are applied by the second infrastructure device based at least in part on the first portion of the intrusion detection rule; and based at least in part on the first portion of the intrusion detection rules and the second portion of the intrusion detection rules” ( see first paragraph of page 7 of applicant’s remarks). Examiner has reviewed paragraph 0024-0026 of applicant’s specification and has come to conclusion that such claimed support for newly added limitations is not explicit but may be implied in broadest interpretation of the newly added limitation in view of paragraph 0024-0026 of applicant’s specification. Examiner has added examiner interpretation of the newly added limitation under “claims interpretation” header to make the position of the office clear and expedite the prosecution of the applicant’s application.
b) Examiner no longer can maintain the rejection of dependent claims 5, 6, 16 and 17 since those limitation further limits and directly relates to the rules governing the first portion or second portion rules based on packet transmission, conditioned on either first portion or second portion rules based on examiner broadest interpretation of newly added limitation of the independent claims (see examiner interpretation under “claims interpretation header below). 
c) Therefore, the rejection of claims 5,6,16 and 17 under 35 USC 103 are withdrawn (see allowable subject matter below). The rejection of claims 7 and 18 are withdrawn due their dependency on claims 6 and 17 respectively (see allowable subject matter below).

Examiner further refer applicant to the following MPEP citations:
¶ 7.37.11    Unpersuasive Argument: General Allegation of Patentability
Applicant’s arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
¶ 7.37.12    Unpersuasive Argument: Novelty Not Clearly Pointed Out
Applicant’s arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
¶ 7.37.13    Unpersuasive Argument: Arguing Against References Individually
In response to applicant’s arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Claims Interpretation

4.	Examiner interpret the broadest interpretation of the limitation in view of applicant specification that the newly added limitation “wherein the second portion of the intrusion detection rules are applied by the second infrastructure device based at least in part on the first portion of the intrusion detection rule; and based at least in part on the first portion of the intrusion detection rules and the second portion of the intrusion detection rules” as follows:
1) transmission of packet(s) from the first infrastructure device or second infrastructure device are based on first rule or second rule or first portion of the rule or second portion of the rule (see applicant’s paragraph 0024-0026 specification).
2) continuation of the packet(s) transmission through another device or back and forth between the two infrastructure devices as outlined in “1” above are based on following any of the rules set by infrastructure devices as outlined in “1” above or rules not applied to the packet(s) (see applicant’s paragraph 0024-0026 specification). As an example: packet is transmitted from device 1 to 2 or vice versa based on rules set by either device, and then on continuation of transmission from the receiving device it travels based on options (rules or portion of rules set by first device or second device (packet(s) origination device); rules or portion of rules set by second device or first device (packet(s) receiving deice); or rules not applied to the packet(s) or combination of rules set by first and second infrastructure devices.
Therefore, based on such interpretations of the newly added limitation the rejection of the independent claims is modified accordingly (see the rejection of the claims under 35 USC 103 below).

5.	Examiner has incorporated the previous interpretation of applicant’s claims limitations with exception of newly added limitation as it is outlined below.
Applicant refers to the limitation “discovering, at an edge device of the network, a first infrastructure device in the network that applies a first portion of the intrusion detection rules and a second infrastructure device in the network that applies a second portion of the intrusion detection rules”. Examiner has reviewed applicant’s specification and nowhere in the specification is pointed out explicitly “edge device”, therefore Examiner interpret the broadest interpretation of the limitation in view of applicant specification that “edge device in a network” is the device network adjoining to the node in the path of the packet for traveling, and “first infrastructure device” as a device within that network device analyzing the packet in order to process the “portion of the intrusion detection rules”, where such devices could be routers, switches, etc.
6.	Examining the applicant’s claims based on item 5 understanding means the second part of claims are similar to original claims, that is “a first infrastructure device in the network that applies a first portion of the intrusion detection rules and a second infrastructure device in the network that applies a second portion of the intrusion detection rules” are equivalent to applicant’s limitation “at the first infrastructure device of the network, applying the first portion of the intrusion detection rules and the second infrastructure device of the network, applying the second portion of the intrusion detection rules” which were addressed in previous rejection rendered on non-final rejection on 12/09/2021. 
7.	Examiner interpret the limitation “causing the packet to traverse the route” as it is understood in the art of networking as packet being forwarded through the route based on the rules set or rules met.
Therefore, the only disclosure lacks by applicant’s amendments by Nirmala is where the edge device and edge network work in harmony to find the best route for the packets. All limitations are taught by Nirmala with exception of explicitly disclosing edge device close the first network or second network, etc. which is disclosed by secondary reference noted below.

Claim Rejections - 35 USC § 103
8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
10.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

9.	Claims 1-4, 8-15, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nirmala et al. U.S. 10,880,121 hereinafter “Nirmala” Filed Mar. 29, 2019 in view of Brandwine et al. U.S. 8,396,946 hereinafter “Brandwine” filed Mar. 31, 2010.

Regarding claim 1, Nirmala teaches: A method of applying intrusion detection rules to a packet in a network (Nirmala, first see col. 2 lines 32-67 and for intrusion detection rules examiner equates rules to QoS policies (see col. 1 lines 50-63), “a method includes receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network”), comprising: 
[discovering, at an edge device of the network], a first infrastructure device in the network that applies a first portion of the intrusion detection rules (Nirmala, Examiner note: the first portion of the intrusion detection rule is equated to provide a network overlay over layer 3 core network using tunneling protocol; see col. 2 line 32-46, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol, and wherein the first PE device for the source network and a second PE device for the destination network are peer tunneling endpoints of a tunnel for the tunneling protocol; deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulating, by the first PE device, the QoS behavior to the packet; encapsulating, by the first PE device, an outer tunnel transport header that identifies the peer tunneling endpoints to the packet”; then see col. 6 lines 35-48 and col. 8 lines 17-43) and a second infrastructure device in the network that applies a second portion of the intrusion detection rules (Nirmala, Examiner note: the second portion of the intrusion detection rule is equated to drive a quality of service applied to the second network device when injecting the packet to destination network via encapsulation; see col. 2 line 51-65, “receive configuration data that configures the network device to provide a network overlay over a layer 3 core network using a tunneling protocol, wherein the network device for a source network and a second network device for a destination network are peer virtual tunneling endpoints for a tunnel of the tunneling protocol; receive a layer 2 (L2) packet from the source network that is destined for the destination network; derive a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulate the QoS behavior to the packet; encapsulate an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and send the encapsulated packet through the tunnel 65 to the second network device”; then see col. 6 lines 35-48 and col. 8 lines 17-43), wherein the second portion of the intrusion detection rules are applied by the second infrastructure device based at least in part on the first portion of the intrusion detection rule (Nirmala, FIG. 4, item 404 where examiner consider “QOS behavior” as being injected as one portion of rule set by first infrastructure 10A, and item 406 encapsulation as second portion of rule set by first structure; and item 414 as applying the “the first portion from 10a in second infrastructure 10b based on second rule item 412 which determines the behaviors received and then based on its second rule policy for destination network apply the rule which is based on item 414 as described; col. 3, lines 43-49 disclose that 10a-b relates to infrastructure PE devices);
[determining, at the edge device of the network] and based at least in part on the first portion of the intrusion detection rules and the second portion of the intrusion detection rule (Nirmala, FIG. 4, item 412 and 414 which examiner equate to applicant’s second and first portion rules respectively; col. 3, lines 43-49 disclose that 10a-b relates to infrastructure PE devices), a route through the network towards a destination of the packet, wherein the route includes the first infrastructure device and the second infrastructure device (Nirmala, see col. 5 lines 30-41, “PEs 10 may implement VXLAN that provides a tunneling scheme to overlay L2 networks on top of L3 networks. VXLANs 35 establish tunnels for communicating traffic, e.g., L2 broadcast, unknown unicast, and multicast (BUM) packets”).
[causing the packet to traverse the route]:
at the first infrastructure device of the network, applying the first portion of the intrusion detection rules to the packet (Nirmala, Examiner note: the first portion of the intrusion detection rule is equated to provide a network overlay over layer 3 core network using tunneling protocol; see col. 2 line 32-46, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol, and wherein the first PE device for the source network and a second PE device for the destination network are peer tunneling endpoints of a tunnel for the tunneling protocol; deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulating, by the first PE device, the QoS behavior to the packet; encapsulating, by the first PE device, an outer tunnel transport header that identifies the peer tunneling endpoints to the packet”; then see col. 6 lines 35-48 and col. 8 lines 17-43); and
at the second infrastructure device of the network, applying the second portion of the intrusion detection rules to the packet (Nirmala, Examiner note: the second portion of the intrusion detection rule is equated to drive a quality of service applied to the second network device when injecting the packet to destination network via encapsulation; see col. 2 line 51-65, “receive configuration data that configures the network device to provide a network overlay over a layer 3 core network using a tunneling protocol, wherein the network device for a source network and a second network device for a destination network are peer virtual tunneling endpoints for a tunnel of the tunneling protocol; receive a layer 2 (L2) packet from the source network that is destined for the destination network; derive a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulate the QoS behavior to the packet; encapsulate an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and send the encapsulated packet through the tunnel 65 to the second network device”; then see col. 6 lines 35-48 and col. 8 lines 17-43). 
Nirmala does not explicitly disclose that such packet routing between the first and second infrastructural devices as outlined above “discovering, at an edge device of the network”; “determining, at the edge device of the network” and “causing the packet to traverse the route”. 
However, Brandwine discloses “discovering, at an edge device of the network”, “determining, at the edge device of the network” (Brandwine; FIG. 1B and 3; col. 16, lines 58-64; col. 17, lines 9 through col. 18, line 44; col. 44, lines 64-66 which discloses how communication are done between the nodes and finally col. 45, lines 2-30). 
Examiner further taking official position that limitation “causing the packet to traverse the route” is well known in the art of networking optimization and would be known to one of ordinary skilled in the art of networking (see item 7 above on examiner interpretation of the claim or just google traversing the packet in a network environment).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nirmala with the teaching of Brandwine because the use of Brandwine’s idea (Brandwine, see col. 2, lines 32-46) could provide Nirmala (Nirmala, see abstract) the ability to include optimize packet routing based on closes edge network and edge devices within the network to enhance the packet routing from source to destination in optimize manner (Brandwine, FIG. 1B).

Regarding claim 2, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: providing the packet to the first infrastructure device and to the second infrastructure device by a multicast transmission of the packet (Nirmala, see col. 5 lines 30-41, “PEs 10 may implement VXLAN that provides a tunneling scheme to overlay L2 networks on top of L3 networks. VXLANs 35 establish tunnels for communicating traffic, e.g., L2 broadcast, unknown unicast, and multicast (BUM) packets”).

Regarding claim 3, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: providing the packet from the first infrastructure device to the second infrastructure device (Nirmala, see col. 2 lines 40-49, “deriving, by the first PE device, a Quality of Service (QoS) behavior for the packet to be applied by the second network device when injecting the packet to the destination network; encapsulating, by the first PE device, the QoS behavior to the packet; encapsulating, by the first PE device, an outer tunnel transport header that identifies the peer tunneling endpoints to the packet; and sending, by the first PE device, the encapsulated packet through the tunnel to the second PE device.”).

Regarding claim 4, Nirmala teaches all the limitations of claim 3. Further Nirmala teaches: wherein providing the packet from the first infrastructure device to the second infrastructure device is according to a routing algorithm (Nirmala, see col. 4 lines 1-24, “PEs 10 may exchange routing information via intermediate network 12 and process the routing information, selecting paths through its representation of the topology of the intermediate network 12 to reach all available destinations to generate forwarding information”). 

Regarding claim 8, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: providing the packet from the first infrastructure device to the second infrastructure device based at least on an overlay to which the packet belongs (Nirmala, see col. 2 lines 32-40, “receiving, by a first provider edge (PE), a layer 2 (L2) packet from a source network that is destined for a destination network, wherein 35 the first PE device is configured to provide a network overlay over a layer 3 core network using a tunneling protocol”; also see col. 5 lines 30-40; col. 6 lines 1-7; col. 8 lines 20-31 ….). 

Regarding claim 9, Nirmala teaches all the limitations of claim 8. Further Nirmala teaches: wherein the overlay comprises one of a group of VKLAN with security header, VXLAN without security header, IPv6 or VLAN. (Nirmala, see col. 8 lines 17-31,  “PE 10 B, a source IP address of the source VTEP, a destination IP address of the destination VTEP, and a VNI that indicates the VXLAN overlay network”). 

Regarding claim 10, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: wherein: the overlay is a first overlay; and the method further comprises providing the packet from the second infrastructure device to a third infrastructure device, based on a second overlay that is different from the first overlay (Nirmala, first see FIG. 1 item 12 as first infrastructure network along with col. 4 lines 25-26 that discloses intermediate network 12 that represent a service provider; then see col. 6 lines 8-48 that discloses item 12 will implement first overlay through either IPv6 protocol or VXLAN header to PEs 10 (PE10A (where item 12 implement overlay to second infrastructure device) and PE10B (through the header of VXLAN tunnel to destination as second overlay that the values in the header are different that the header in source header that is considered as third infrastructure device))  “FIG.1 where PEs 10 provide VXLAN, PEs 10 operate as tunneling endpoints (VTEPs) for the VXLAN tunnel 16 to encapsulate VXLAN traffic and de-capsulate VXLAN traffic when it leaves the VXLAN tunnel. For example, PE 10 A may receive L2 traffic from customer network A, and encapsulate the L2 traffic with a VXLAN header to tunnel the traffic across VXLAN tunnel 16 to a destination VTEP, e.g., PE 10 B. In this way, PEs 10 provide an EVPN-VXLAN network overlay using a VLXAN underlay to transport L2 communications, such as Ethernet packets or "frames," for customer networks 6, in a transparent manner, i.e., as if the core network 12 does not exist and customer networks 6 were instead directly connected”; also see col. 8 lines 17-32).  

Regarding claim 11, Nirmala teaches all the limitations of claim 1. Further Nirmala teaches: the second infrastructure device applies the second portion of the intrusion detection rules based at least on the overlay to which the packet belongs (Nirmala, see col. 8 lines 17-43 that discloses PE 10 A as second infrastructure device how to encapsulate the packet with the outer tunnel transport header 26 where derived QoS behavior (intrusion detection rules) includes tunnel packet 22 and 26 (applies second portion of the intrusion detection rules)).  

Regarding claim 12, this claim defines a system claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Furthermore, Nirmala in col. two lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 1. 

Regarding claim 13, this claim defines a system claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 2.

Regarding claim 14, this claim defines a system claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 3. 

Regarding claim 15, this claim defines a system claim that corresponds to method claim 4 and does not define beyond limitations of claim 4. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 4. 

Regarding claim 19, this claim defines a system claim that corresponds to method claim 8 and does not define beyond limitations of claim 8. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 8. 
Regarding claim 20, this claim defines a system claim that corresponds to method claim 10 and does not define beyond limitations of claim 10. Furthermore, Nirmala in col. 2 lines 66-67 and col. 3 line 1 discloses non-transitory medium includes programmable processor and memory that execute the system. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 10. 

Examiner note:
10.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Allowable Subject Matter
11.	Claims 5-7 and 16-18 are objected to as having allowable subject matter and would be allowed if it incorporate the limitations of the base claim they depend on and all intervening claims. The reason for allowance will be furnished upon allowance of the application.

Conclusion
12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Miller et al. U.S. 9,935,829 B1 discloses method and apparatus for a control-plane component of a virtualization-based packet processing service where by providing metadata to the client, to be used to establish connectivity between the cluster and one or more sources of the traffic whose packets are to be processed based on one or more packet processing rules.
Shafi et al. 2018 IEEE, “Fog-Assisted SDN Controlled Framework for Enduring Anomaly Detection in an IoT Network” discloses a fog-assisted software defined networking (SDN) driven intrusion detection/prevention system (IDPS) for IoT networks.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884. The examiner can normally be reached on M-F 8AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.

/KHALIL NAGHDALI/Primary Examiner, Art Unit 2437