Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a reply to the request for Continued Examination (RCE) filed on 03/16/2022, in which Claim(s) 1-20 are presented for examination. Claim(s) 1, 5-7, 12, 15-16 and 19-20 are amended. No claim(s) are cancelled or newly added.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/16/2022 has been entered.

Response to Argument
Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 5-7 and 19-20 have been considered. The objection of claim(s) 5-7 and 19-20 has been withdrawn.


Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicant’s arguments with respect to the rejection of claim(s) 1-20 have been considered but are moot in view of the new ground(s) of rejection.

Applicant is encouraged to schedule an interview with the Examiner prior to the next communication to compact prosecution of the case.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 2, and 10-17 are rejected under 35 U.S.C. 103 as being unpatentable over Haseeb Niazi et al. (“Group Encrypted Transport VPN (GETVPN) Design and Implementation Guide”, August 2018, cited by the applicant in the 09/16/2019 IDS) in view of Ahn et al. (US 2017/0324709 A1) further in view of Vela Sivasankaran (US 2016/0191341 A1).
Regarding Claims 1, and 16, Niazi discloses A method for securely connecting a main network to one or more subnetworks in an enterprise network through a group of enterprise routers (figure 32, page 117, figure 34, page 120), the method comprising: 
configuring a key server with an Internet Protocol (IP) address for each router in the group of enterprise routers, a group security association (SA) value for the group of enterprise routers, and a group profile for the group of enterprise routers (1.1 “Key GETVPN Benefits” & 1.2 “Technology Overview”, “group IPsec security paradigm”, key server with the GETVPN solution, group members (GMs, routers) and group security association, page 4, 5, key server configuration, page 12, figure 34, key server KS, see item 4.2.1.1.1 KS Placement); 
configuring each router in the group of enterprise routers with an Internet Protocol (IP) address for the key server and the group security association (SA) and the group profile (see 2.3 GM (routers) configuration, 2.3.2 “Configuring GDOI Group”, “A GM is configured using the same group identity defined on the KS and the address of the KS”, page 22); 
creating an encrypted virtual private network (VPN) tunnel between the main network and a subnetwork (“Enterprises must implement the any-to-any connectivity model provided by IP virtual private networks (VPNs)”, “several IPsec tunnel-based encryption solutions”, page 3); 
routing all data traffic between the main network and the subnetwork through the encrypted virtual private network (VPN) tunnel (“Enterprises must implement the any-to-any connectivity model provided by IP virtual private networks (VPNs)”, “several IPsec tunnel-based encryption solutions”, page 3); 
Niazi does not explicitly teach but Ahn teaches
monitoring for a cyberthreat notification in the enterprise network, wherein the notification includes a location having an address of the cyberthreat ([0008], “receiving, by a computing device, one or more threat indicators” i.e. notifications, [0027], “threat indicator 115 may comprise one or more network addresses indicating one or more websites that are known to be operated by cyber criminals or other malicious actors, or that display characteristics and behavior indicative of malicious operation”, [0033], “packet capture for cyber threat analysis”, [0035], “The threat management console 230 may also be configured to control and monitor operation of the threat intelligence information services supplied by threat intelligence providers 260”); 
receiving the cyberthreat notification at a cyberthreat remediator ([0008], “receiving, by a computing device, one or more threat indicators from one or more threat intelligence providers, wherein the computing device is located at a boundary between a protected network associated with the enterprise and an unprotected network”, [0027], “the threat indicators 115 provided by the threat intelligence providers”); and 
remediating a cyberthreat identified in the cyberthreat notification at the cyberthreat remediator using the address ([0008], “combining the threat indicators based on a source address and port, a destination address and port, and a protocol type (“5-tuple”) associated with the threat indicators; generating one or more packet capture and packet filtering rules based on the combined threat indicators”), 
wherein remediating the cyberthreat comprises modifying a policy to stop routing exchange using the address or cease encryption or transmission of data between the main network and the one or more subnetworks having the address ([0008], “combining the threat indicators based on a source address and port, a destination address and port, and a protocol type (“5-tuple”) associated with the threat indicators; generating one or more packet capture and packet filtering rules based on the combined threat indicators; and filtering, by the computing device, on a packet-by-packet basis, at least one packet based on at least one of the one or more (modified) capture and packet filtering rules”, [0010], “to capture the at least one packet based on the at least one of the one or more capture and packet filtering rules”, [0005], “Capturing or storing all packets”, [0050], “use threat intelligence to select only threat packets that are crossing the security boundary for logging and capture functions”, i.e. stop routing using the address),
Niazi and Ahn are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ahn with the disclosure of Niazi. The motivation/suggestion would have been for efficiently detecting threat incidents for cyber threat analysis (Ahn, Abstract).
The combined teaching of Niazi and Ahn does not explicitly teach but Sivasankaran teaches
wherein the enterprise routers comprise at least one provider router and at least one customer edge (CE) router ([0003], “a provider edge router or customer edge router of FIG. 1”);
a policy that is performed in at least one of the CE routers included in the group of enterprise routers ([0015], “apply routing policies”, [0003], “customer edge router of FIG. 1”),
Niazi, Ahn and Sivasankaran are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sivasankaran with the combined teaching of Niazi and Ahn. The motivation/suggestion would have been to secure cloud interconnect private routing (Sivasankaran, Title).

Regarding Claims 2, and 17, the combined teaching of Niazi, Ahn and Sivasankaran teaches classifying a community of network users in a Virtual Routing and Forwarding (VRF) domain that includes all routes between the main network and the one or more subnetworks into a User-U instance, a User-SP1 instance and a User-SP2 instance, where the User-U instance represents network users in the main network and the User-SP1 and User-SP2 instances represent network users in two subnetworks (Niazi, 3.9 VRF-Aware GETVPN, Virtual Routing infrastructure, Virtual Routing and Forwarding (VRF) domain, see Figure 23, 28 & 29 in pages 90-99; 4.2.1.2.1 GM Placement, Figure 32, “SP-1”, “SP-2” (page 117), and Figures 35, 39).

Regarding Claim 10, the combined teaching of Niazi, Ahn and Sivasankaran teaches wherein the group profile comprises a Group Domain of Interpretation (GDOI) profile (Niazi, “gdoi-profile”, page 18, line 11).

Regarding Claim 11, the combined teaching of Niazi, Ahn and Sivasankaran teaches classifying users in the enterprise network with different Virtual Routing and Forwarding (VRF) using MultiProtocol Label Switching into a User-U instance, a User-SP1 instance and a User-SP2 instance, where the User-U instance represents users in the main network and the User-SP1 and User-SP2 instances represent users in two subnetwork (Niazi, 3.9 VRF-Aware GETVPN, Virtual Routing infrastructure, Virtual Routing and Forwarding (VRF) domain, see Figure 23, 28 & 29 in pages 90-99; 4.2.1.2.1 GM Placement, Figure 32, “SP-1”, “SP-2” (page 117), and Figures 35, 39).

Regarding Claim 12, the combined teaching of Niazi, Ahn and Sivasankaran teaches wherein the User-SP1 and User-SP2 instances are private isolated Virtual Routing and Forwarding (VRF) instances that comprise respective ports on said one of the group of enterprise routers facing the two subnetworks and an interface in a router hosting a firewall (Niazi, Figure 32, “SP-1”, “SP-2” (page 117), and Figures 23, “Each VRF will require a unique WAN interface/sub-interface”, “firewalls to enforce access control policy based on the classification”, pages 91, 106).

Regarding Claim 13, the combined teaching of Niazi, Ahn and Sivasankaran teaches wherein the firewall is positioned in the main network where all data traffic requiring to cross from one user group to another user group in the User-U, User-SP1 or User-SP2 instances must pass through the firewall (Niazi, Figure 32, “SP-1”, “SP-2” (page 117), and Figures 23, “Each VRF will require a unique WAN interface/sub-interface”, “firewalls to enforce access control policy based on the classification”, pages 91, 106).

Regarding Claim 14, the combined teaching of Niazi, Ahn and Sivasankaran teaches wherein the firewall comprises a policy that determines whether to allow routes exchanges between User-U, User-SP1 or User-SP2 instances (Niazi, Figure 32, “SP-1”, “SP-2” (page 117), and Figures 23, “Each VRF will require a unique WAN interface/sub-interface”, “firewalls to enforce access control policy based on the classification”, pages 91, 106).

Regarding Claim 15, Niazi discloses A system for securely connecting a main network to one or more subnetworks in an enterprise network through a group of enterprise routers, including a router that creates a virtual private network (VPN) tunnel between the main network and a subnetwork (figure 32, page 117, figure 34, page 120), the system comprising: 
a key server having a GETVPN unit that includes an Internet Protocol (IP) address for each router in the group of enterprise routers, a group security association (SA) value for the group of enterprise routers, and a group profile for the group of enterprise routers (1.1 “Key GETVPN Benefits” & 1.2 “Technology Overview”, “group IPsec security paradigm”, key server with the GETVPN solution, group members (GMs, routers) and group security association, page 4, 5, key server configuration, page 12, figure 34, key server KS, see item 4.2.1.1.1 KS Placement), 
an L3VPN manager that works with the GETVPN unit to configure each router in the group of enterprise routers with an Internet Protocol (IP) address for the key server and the group security association (SA) and the group profile (see 2.3 GM (routers) configuration, 2.3.2 “Configuring GDOI Group”, “A GM is configured using the same group identity defined on the KS and the address of the KS”, page 22), 
Niazi does not explicitly teach but Ahn teaches
a cyberthreat remediator comprising a hardware processor and a memory comprising software instructions executed to listen for a cyberthreat notification, wherein the notification includes a location having an address of the cyberthreat, and, upon receiving the cyberthreat notification, modify a policy to stop routing exchange using the address or cease encryption or transmission of data between the main network and the subnetwork having the address (claim 17, “An apparatus comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, causes the apparatus to: receive, by the apparatus, a plurality of threat indicators (i.e. notifications) from one or more threat intelligence providers”, [0027], “threat indicator 115 may comprise one or more network addresses indicating one or more websites that are known to be operated by cyber criminals or other malicious actors, or that display characteristics and behavior indicative of malicious operation”, [0033], “packet capture for cyber threat analysis”, [0008], “combining the threat indicators based on a source address and port, a destination address and port, and a protocol type (“5-tuple”) associated with the threat indicators; generating one or more packet capture and packet filtering rules based on the combined threat indicators; and filtering, by the computing device, on a packet-by-packet basis, at least one packet based on at least one of the one or more (modified) capture and packet filtering rules“, [0005], “Capturing or storing all packets”, [0050], “use threat intelligence to select only threat packets that are crossing the security boundary for logging and capture functions”, i.e. stop routing using the address).
Niazi and Ahn are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ahn with the disclosure of Niazi. The motivation/suggestion would have been for efficiently detecting threat incidents for cyber threat analysis (Ahn, Abstract).
The combined teaching of Niazi and Ahn does not explicitly teach but Sivasankaran teaches
wherein the enterprise routers comprise at least one provider router and at least one customer edge (CE) router ([0003], “a provider edge router or customer edge router of FIG. 1”);
a policy that is performed in at least one of the CE routers included in the group of enterprise routers ([0015], “apply routing policies”, [0003], “customer edge router of FIG. 1”),
Niazi, Ahn and Sivasankaran are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sivasankaran with the combined teaching of Niazi and Ahn. The motivation/suggestion would have been to secure cloud interconnect private routing (Sivasankaran, Title).

Claims 3-4, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Haseeb Niazi et al. (“Group Encrypted Transport VPN (GETVPN) Design and Implementation Guide”, August 2018, cited by the applicant in the 09/16/2019 IDS) in view of Ahn et al. (US 2017/0324709 A1) further in view of Vela Sivasankaran (US 2016/0191341 A1) and further in view of Huang et al. (US 2013/0074174 A1).
Regarding Claim 3, the combined teaching of Niazi, Ahn and Sivasankaran does not explicitly teach but Huang teaches defining a set of Border Gateway Protocol (BGP) extended community attributes ([0009], “border gateway protocol (BGP) associates many attributes to a group of IP addresses”).
Niazi, Ahn, Sivasankaran and Huang are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Huang with the combined teaching of Niazi, Ahn and Sivasankaran. The motivation/suggestion would have been for firewall access control (Huang, [0003]).

Regarding Claims 4 and 18, the combined teaching of Niazi, Ahn and Sivasankaran does not explicitly teach but Huang teaches defining a Border Gateway Protocol (BGP) extended community attribute, wherein the BGP extended community attribute comprise a number value that identifies a unicast route originated from one of the User-U, User-SP1 or User-SP2 instances ([0009], “border gateway protocol (BGP) associates many attributes to a group of IP addresses (e.g., autonomous system (AS) number or community and the like)” as a number value for the unicast route).
Niazi, Ahn, Sivasankaran and Huang are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Huang with the combined teaching of Niazi, Ahn and Sivasankaran. The motivation/suggestion would have been for firewall access control (Huang, [0003]).

Claims 5-6, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Haseeb Niazi et al. (“Group Encrypted Transport VPN (GETVPN) Design and Implementation Guide”, August 2018, cited by the applicant in the 09/16/2019 IDS) in view of Ahn et al. (US 2017/0324709 A1) further in view of Vela Sivasankaran (US 2016/0191341 A1) and further in view of Huang et al. (US 2013/0074174 A1) and further in view of Paredes et al. (US 2012/0151057 A1).
Regarding Claims 5 and 19, the combined teaching of Niazi, Ahn, Sivasankaran and Huang teaches the BGP extended community attribute (Huang, [0009], “border gateway protocol (BGP) associates many attributes”),
The combined teaching of Niazi, Ahn, Sivasankaran and Huang does not explicitly teach but Paredes teaches defining a router policy in said one of the group of enterprise routers using MultiProtocol Label Switching (MPLS) Virtual Routing and Forwarding (VRF) route import or export policies, wherein the router policy instructs said one of the group of enterprise routers to export all routes of User-SP1 and User-SP2 instances to the User-U instance ([0024], “provide private network access across its network between two or more customer locations (e.g., via a Virtual Private Network "VPN", such as Layer 2 or Layer 3 Multiprotocol Label Switching "MPLS" VPNs)”, [0026], “provide scalability by enabling…Virtual Routing and Forwarding ("VRF", for example, importing and exporting)”).
Niazi, Ahn, Sivasankaran, Huang and Paredes are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Paredes with the combined teaching of Niazi, Ahn, Sivasankaran and Huang. The motivation/suggestion would have been for private delivery of virtualized cloud services (Paredes, [0002]).


Regarding Claims 6 and 20, the combined teaching of Niazi, Ahn, Sivasankaran and Huang teaches the BGP extended community attribute (Huang, [0009], “border gateway protocol (BGP) associates many attributes”),
The combined teaching of Niazi, Ahn, Sivasankaran and Huang does not explicitly teach but Paredes teaches defining a router policy in said one of the group of enterprise routers using MultiProtocol Label Switching (MPLS) Virtual Routing and Forwarding (VRF) route import or export policies, wherein the router policy instructs said one of the group of enterprise routers to export all routes of the User-U instance to the User-SP1 and User-SP2 instances ([0024], “provide private network access across its network between two or more customer locations (e.g., via a Virtual Private Network "VPN", such as Layer 2 or Layer 3 Multiprotocol Label Switching "MPLS" VPNs)”, [0026], “provide scalability by enabling…Virtual Routing and Forwarding ("VRF", for example, importing and exporting)”).
Niazi, Ahn, Sivasankaran, Huang and Paredes are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Paredes with the combined teaching of Niazi, Ahn, Sivasankaran and Huang. The motivation/suggestion would have been for private delivery of virtualized cloud services (Paredes, [0002]).

Claims 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Haseeb Niazi et al. (“Group Encrypted Transport VPN (GETVPN) Design and Implementation Guide”, August 2018, cited by the applicant in the 09/16/2019 IDS) in view of Ahn et al. (US 2017/0324709 A1) further in view of Vela Sivasankaran (US 2016/0191341 A1) and further in view of Paredes et al. (US 2012/0151057 A1).
Regarding Claim 7, the combined teaching of Niazi, Ahn and Sivasankaran does not explicitly teach but Paredes teaches defining a router policy in said one of the group of enterprise routers using MultiProtocol Label Switching (MPLS) Virtual Routing and Forwarding (VRF) route import or export policies ([0024], “provide private network access across its network between two or more customer locations (e.g., via a Virtual Private Network "VPN", such as Layer 2 or Layer 3 Multiprotocol Label Switching "MPLS" VPNs)”, [0026], “provide scalability by enabling…Virtual Routing and Forwarding ("VRF", for example, importing and exporting)”).
Niazi, Ahn, Sivasankaran and Paredes are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Paredes with the combined teaching of Niazi, Ahn and Sivasankaran. The motivation/suggestion would have been for private delivery of virtualized cloud services (Paredes, [0002]).

Regarding Claim 8, the combined teaching of Niazi, Ahn and Sivasankaran teaches where the User-U instance represents network users in the main network and the User-SP1 and User-SP2 instances represent network users in two subnetworks (Niazi, 4.2.1.2.1 GM Placement, Figure 32, “SP-1”, “SP-2” (page 117), and Figures 35, 39),
The combined teaching of Niazi, Ahn and Sivasankaran does not explicitly teach but Paredes teaches wherein the router policy instructs said one of the group of enterprise routers to export all routes of User-SP1 and User-SP2 instances to a User-U instance ([0024], “provide private network access across its network between two or more customer locations (e.g., via a Virtual Private Network "VPN", such as Layer 2 or Layer 3 Multiprotocol Label Switching "MPLS" VPNs)”, [0026], “provide scalability by enabling…Virtual Routing and Forwarding ("VRF", for example, importing and exporting)”).
Niazi, Ahn, Sivasankaran and Paredes are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Paredes with the combined teaching of Niazi, Ahn and Sivasankaran. The motivation/suggestion would have been for private delivery of virtualized cloud services (Paredes, [0002]).

Regarding Claim 9, the combined teaching of Niazi, Ahn and Sivasankaran teaches where the User-U instance represents network users in the main network and the User-SP1 and User-SP2 instances represent network users in two subnetworks (Niazi, 4.2.1.2.1 GM Placement, Figure 32, “SP-1”, “SP-2” (page 117), and Figures 35, 39),
The combined teaching of Niazi, Ahn and Sivasankaran does not explicitly teach but Paredes teaches wherein the router policy instructs said one of the group of enterprise routers to export all routes of a User-U instance to User-SP1 and User-SP2 instances ([0024], “provide private network access across its network between two or more customer locations (e.g., via a Virtual Private Network "VPN", such as Layer 2 or Layer 3 Multiprotocol Label Switching "MPLS" VPNs)”, [0026], “provide scalability by enabling…Virtual Routing and Forwarding ("VRF", for example, importing and exporting)”).
Niazi, Ahn, Sivasankaran and Paredes are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Paredes with the combined teaching of Niazi, Ahn and Sivasankaran. The motivation/suggestion would have been for private delivery of virtualized cloud services (Paredes, [0002]).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497