Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This communication is in response to the application filed on 09/28/2020 in which Claims 1-23 are presented for examination.
Drawings
The applicant’s drawings submitted on 09/28/2020 are acceptable for examination purposes. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bordeleau U.S. Publication No 20200275357 A1, in view of Townsley U.S 20080198858 A1.
As to claim 1, Bordeleau teaches a method for enabling secure communication comprising (Bordeleau Fig. 1): providing a first virtual network function ("VNF") at a first network location (Bordeleau Pa. [0191]) [the first VNF 2835 is implemented in the main office datacenter 2805.]; providing a second VNF at a second network location (Bordeleau Pa. [0067]) [the second network service VNF B is implemented in the core cloud 210]; constructing a first Layer 3 virtual private network ("L3 VPN") tunnel by the first VNF and the second VNF between the first network location and the second network location (Bordeleau Fig. 1) [Slice selectors 1-k represent multiple VPNs, as disclosed  on paragraph [0057], Each of these network slices represents a network service path (i.e., an ordered set of network services performed on data messages assigned to the slice). These network services can include firewalls, load balancers, network address translation, metering (e.g., for billing purposes) functions, VPN gateways. Further, paragraph [0008] discloses “Network slice selectors may assign data messages to slices using different techniques in different embodiments. Slice selection may be based on a combination of layer 2 to layer 4 (L2-L4) headers and/or by performing deep packet inspection (e.g., to classify traffic based on data in the layer 5 to layer 7 (L5-L7) headers”]
It is noted that Bordeleau does not appear explicitly disclose connecting a first local area network ("LAN") at the first network location and a second LAN at the second network location by the first L3 VPN tunnel.  
However, Townsley discloses connecting a first local area network ("LAN") at the first network location and a second LAN at the second network location by the first L3 VPN tunnel (Townsley Fig. 1, Pa. [0033]) [network 100 with devices on different. LANs. Network 100 includes a service provider packet switched layer 3 (L3) subnetwork 110 and three layer 2 or layer 3 or both (L2/L3) local area networks (LANs) 152a, 152b, 152c (among others, collectively referenced hereinafter as LAN 152) [0036] (each RG 150 also includes an L2/L3 VPN manager process, such as L2/L3 VPN manager processes 130a, 130b, 130c (among others, collectively referenced hereinafter as L2/L3 VPN manager process 130). As described in more detail below, each L2/L3 VPN manager process 130 establishes a persistent tunnel)]
Thus, at the time of the invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Townsley to the virtual private network of Bordeleau would have yield predictable results and resulted in an improved system, namely, a system that would provide a virtual private network within a larger area network (Townsley Pa. [0002])

As to claim 2, Bordeleau teaches further comprising: receiving first data from a first user at the first network location; transmitting the first data to the second network location via the first L3 VPN tunnel; constructing a second L3 VPN tunnel by the first VNF and the second VNF between the first network location and the second network location; receiving second data from a second user at the first network location; and transmitting the second data to the second network location via the second L3 VPN tunnel (Bordeleau Fig. 2, Pa. [0185]) [use distributed service chaining such that a forwarding element on the same host computer as the first VNF 2725 automatically forwards the data traffic to the second VNF 2730 rather than returning the data traffic to the slice selector 2715. Some such embodiments accomplish this by automatically forwarding traffic received from the interface to which one VNF connects to the next VNF in the service chain, while in other such embodiments the slice selector appends a tag or set of tags to the data messages that is used by forwarding elements along the service chain to forward the messages to the next VNF in the service chain.]

As to claim 3, claim 3 recites the claimed that contain similar limitations as claim 1; therefore, it is rejected under the same rationale. In addition, Bordeleau discloses a third VNF (Bordeleau Fig. 2, Pa. [0064]) [The first VNF A is implemented in the edge clouds 205 and 207, the second and third VNFs B and C are implemented in the core cloud 210, and the fourth VNF D is implemented in a public cloud 215. In a network (e.g., a 5G network) that uses multi-access edge]

As to claim 4, the combination of Bordeleau and Townsley teaches further comprising: detecting by the first VNF an attack on the first LAN; and blocking by the first VNF the attack on the first LAN (Bordeleau Fig. 2, Pa. [0185 & 0205]) [istributed service chaining such that a forwarding element on the same host computer as the first VNF 2725 automatically forwards the data traffic to the second VNF 2730 rather than returning the data traffic to the slice selector 2715.] In addition, detecting/ blocking attack on a computer network relates to well-known option in the field of intrusion detection of computer network, in order to control communication between authenticated devices that the skilled person would consider with no inventive skills. 

As to claim 5, Bordeleau teaches further comprising: providing the first VNF on a first edge cloud at the first network location; and providing the second VNF on a second edge cloud at the second network location (Bordeleau Fig. 1, Pa. [0060]) [The last network slice 115 includes the same three network services as slice 105 (VNFs A and B as well as PNF C) followed by a CNF F. In some embodiments, the same VM can implement a VNF for multiple different network slices. In this example, one VM might implement the same VNF B for all three of the illustrated network slices 105-115. If this VNF is located within the edge clouds, then a single VM may be instantiated in each edge cloud (e.g., for each slice selector]


As to claims 6-7, the combination of Bordeleau and Townsley teaches further comprising: monitoring by the first VNF network traffic that terminates on the first edge cloud; and enabling by the first VNF a security measure against the network traffic based on the monitoring; further comprising: monitoring by the first VNF network traffic that terminates on the first LAN; and enabling by the first VNF a security measure against the network traffic based on the monitoring (Townsley Pa. [0071]) [the tunnel protocol payload 434 is encrypted, using an encryption protocol, such as IPSec, well known in the art of secure VPN]
Thus, at the time of the invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Townsley to the virtual private network of Bordeleau would have yield predictable results and resulted in an improved system, namely, a system that would provide a virtual private network within a larger area network (Townsley Pa. [0002])
As to claims 8-9, the combination of Bordeleau and Townsley teaches further comprising implementing the first edge cloud on a universal customer premises equipment ("uCPE"); further comprising implementing the first edge cloud on a virtual customer premises equipment ("vCPE") (Townsley Pa. [0034]) [Edge nodes 120 are intermediate network nodes on SP premises that are connected to customer premises equipment via attachment circuits.]
Thus, at the time of the invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Townsley to the virtual private network of Bordeleau would have yield predictable results and resulted in an improved system, namely, a system that would provide a virtual private network within a larger area network (Townsley Pa. [0002])
As to claims 10-11, the combination of Bordeleau and Townsley teaches further comprising encrypting by the first VNF a communication via the first L3 VPN tunnel; receiving by the first VNF network traffic from the first LAN; and masquerading the network traffic by the first VNF via the first L3 VPN tunnel (Townsley Pa. [0071]) [the tunnel protocol payload 434 is encrypted, using an encryption protocol, such as IPSec, well known in the art of secure VPN.]
Thus, at the time of the invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Townsley to the virtual private network of Bordeleau would have yield predictable results and resulted in an improved system, namely, a system that would provide a virtual private network within a larger area network (Townsley Pa. [0002])

As to claim 12, claim 12 recites the claimed that contain similar limitations as claim 1; therefore, it is rejected under the same rationale. In addition, Bordeleau discloses “configuration of VNF” [0007] [each datacenter has its own suite of lower-level controllers. These controllers may include compute controllers (e.g., for configuring VMs that implement the VNFs), network controllers (e.g., for configuring forwarding elements to transmit data messages between the slice selector(s) and the network services),]

As to claims 13-17, claims 13-17 recites the claimed that contain similar limitations as claim 1; therefore, they are rejected under the same rationale. In addition, enabling/ disabling function relates to well-known option in the field of computer network, in order to control communication between authenticated devices that the skilled person would consider with no inventive skills. 

As to claims 18-19, the combination of Bordeleau and Townsley teaches further comprising transmitting Layer 2 ("L2") packets from the first network location to the second network location via the first L3 VPN tunnel (Bordeleau Fig. 1, Pa. [0060]) [assign data messages to slices using different techniques in different embodiments. Slice selection may be based on a combination of layer 2 to layer 4 (L2-L4) headers and/or by performing deep packet inspection (e.g., to classify traffic based on data in the layer 5 to layer 7 (L5-L7)]; further comprising encapsulating the L2 packets by outer headers and provider labels (Bordeleau Fig. 1, Pa. [0079]) [his configuration includes forwarding according to, e.g., a logical forwarding plane that connects the various entities of a slice (the slice selector and the network services), as well as performing encapsulation on data messages to tunnel those data messages between the entities within the datacenter]

As to claim 20, claim 20 recites the claimed that contain similar limitations as claim 1; therefore, it is rejected under the same rationale.

As to claim 21, claim 21 recites the claimed that contain similar limitations as claim 1; therefore, it is rejected under the same rationale.
As to claims 22-23, the combination of Bordeleau and Townsley teaches wherein establishing the L3 VPN tunnel comprises updating a plurality of internet protocol ("IP") addresses (Townsley Pa. [0018]) [to set up a control channel and negotiate private Internet Protocol (IP) addresses] the method further comprising updating a routing table of the first routing device to reflect the updated plurality of IP addresses (Bordeleau Fig. 1, Pa. [0116]) [pre-populated connection-to-slice mapping table or gradually populate the table with updates as endpoint devices initiate connections]; the plurality of IP addresses comprising a series of IP address families comprising at least one of IPv4, IPv6, IP multicast, or VPNv4 (Townsley Pa. [0025]) [a public IPv4 address associates different ports included in a transport (layer 4) header received at the node with different devices on a LAN that might have different private IPv4 addresses]
Thus, at the time of the invention, it would have been recognized by one of ordinary skill in the art, that applying the known technique taught by Townsley to the virtual private network of Bordeleau would have yield predictable results and resulted in an improved system, namely, a system that would provide a virtual private network within a larger area network (Townsley Pa. [0002])

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438. The examiner can normally be reached Monday -Thursday 7:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B. Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EVANS DESROSIERS/Primary Examiner, Art Unit 2491