DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 6 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 6 recites the limitation “the function of the hash” in the third line of the claim.  There is insufficient antecedent basis for this limitation in the claim since “a hash” was not  recited in the any of the claims from which it is dependent.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claim(s) 1-5, 7-12, 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Parekh et al (US 20190273719) in view of Abraham et al (US 20200059459).

As to Claim 1 Parekh discloses a method comprising: communicating, by a first device responsive to receipt of a first request to establish a connection between a sender and a receiver, a second request to discover a second device between the sender and the receiver  to which to establish a tunnel (Parekh ¶0031, ¶0067- overlay network) establishing, by the first device based in part on information of a response to the second request from a second device, a tunnel between the first device and the second device (Parekh ¶0068- 1st sentence); and communicating, by the first device via the tunnel, data between the sender and the receiver (Parekh ¶0068-- establishes the virtual overlay network 150 between the source computer 110 and the destination computer 111 (in addition to a typical, unsecured, public computer network).
Parekh however is silent where the second request comprising information identifying a result of a function applied to at least a portion of a payload of the first request (Abraham ¶0037-In this way, the GRO routine considers each packet received from the virtual router for aggregation purposes as a non-tunneled, L2 packet that includes at least a portion of an L2 header,¶0064; ¶0039- last sentence; ¶0080- 2nd sentence ¶0084); Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the inventions to modify the teachings of Parekh with that of Abraham for the purpose of ensuring the authentication of network traffic (Abraham ¶0080- 3rd sentence).

As to claim 2 the combined teachings of Parekh and Abraham discloses the method of claim 1, wherein the second request has a source internet protocol (IP) address of a first virtual IP address of the first device and the response identifies a second virtual IP address of the second device (Parekh ¶0068- 1st sentence- the intermediary server 160 establishes the virtual overlay network 150 between the source computer 110 and the destination computer 111…. and designates the source computer 110 and destination computer 111 to be identified on the virtual overlay network 150 only by the corresponding source private IP address and destination private IP address).

As to claim 3 the combined teachings of Parekh and Abraham discloses the method of claim 2, further comprising establishing the tunnel using the first virtual IP address of the first device and the second virtual IP address of the second device (Abraham ¶0043- 1st sentence- a virtual address for use within a corresponding virtual network 34, where each of the virtual networks may be a different virtual subnet provided by virtual router 30A.  A VM 36 may be assigned its own virtual layer three (L3) IP address).

As to claim 4 the combined teachings of Parekh and Abraham disclose the method of claim 1, further comprising communicating the second request with a destination port set to a value to cause the second device to respond to the second request (Parekh ¶0021- extracted from the `data packet` match with any of the …destination public ports stored in the repository, then the source computer is determined to be permitted to communicate with the destination computer.)..

As to claim 5 the combined teachings of Parekh and Abraham disclose The method of claim 1, further comprising communicating the second request with the at least the portion of the first request as part of a payload of the second request  (Parekh ¶0047- the ‘communication initiation request’ is embodied into a data packet (not shown in figures) comprising a header portion and the data portion. Preferably, the header portion (of the data packet) incorporates the ‘communication initiation request’)

As to claim 7 the combined teachings of Parekh and Abraham disclose the method of claim 1, further comprising redirecting, by the first device, data received from the sender to the tunnel to be transmitted to the receiver (Parekh ¶0071- last sentence-initiation request in this case is redirected to the intermediary server (step 202) ; Abraham ¶0051- 1st sentence).

As to claim 8 Parekh discloses a system comprising: a first device configured to (Parekh 110 of Fig.1a 1b):receive a first request to establish a connection between a sender and a receiver(Parekh ¶0031, ¶0067- overlay network); and responsive to receipt of the first request, communicate a second request to discover a second device between the sender and the receiver to which to establish a tunnel(Parekh ¶0068- 1st sentence- the intermediary server 160 establishes the virtual overlay network 150 between the source computer 110 and the destination computer 111…. and designates the source computer 110 and destination computer 111 to be identified on the virtual overlay network 150 only by the corresponding source private IP address and destination private IP address) establish, based in part on information of a response to the second request from a second device, a tunnel between the first device and the second device; and communicate via the tunnel data between the sender and the receiver((Parekh ¶0068- establishes the virtual overlay network 150 between the source computer 110 and the destination computer 111 (in addition to a typical, unsecured, public computer network ).
Parekh however is silent where wherein the second request includes information identifying a result of a function applied to at least a portion of a payload of the first request; However in an analogous art Abraham remedies this deficiency: (Abraham ¶0037-In this way, the GRO routine considers each packet received from the virtual router for aggregation purposes as a non-tunneled, L2 packet that includes at least a portion of an L2 header,¶0064; ¶0039- last sentence; ¶0080- 2nd sentence ¶0084); Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the inventions to modify the teachings of Parekh with that of Abraham for the purpose of ensuring the authentication of network traffic (Abraham ¶0080- 3rd sentence).

As to claim 9  the combined teachings of Parekh and Abraham disclose the system of claim 8, wherein the second request has a source internet protocol (IP) address of a first virtual IP address of the first device and the response identifies a second virtual IP address of the second device(Parekh ¶0068- 1st sentence- the intermediary server 160 establishes the virtual overlay network 150 between the source computer 110 and the destination computer 111…. and designates the source computer 110 and destination computer 111 to be identified on the virtual overlay network 150 only by the corresponding source private IP address and destination private IP address)..

As to claim 10 the combined teachings of Parekh and Abraham disclose The system of claim 8, wherein the tunnel is established using the first virtual IP address of the first device and the second virtual IP address of the second device(Parekh ¶0068- 1st sentence- and designates the source computer 110 and destination computer 111 to be identified on the virtual overlay network 150 only by the corresponding source private IP address and destination private IP address,.

As to claim 11 the combined teachings of Parekh and Abraham disclose the system of claim 8, wherein the second request has a destination port set to a value to cause the second device to respond to the second request (Parekh ¶0021- extracted from the `data packet` match with any of the …destination public ports stored in the repository, then the source computer is determined to be permitted to communicate with the destination computer.).

As to claim 12 the combined teachings of Parekh and Abraham disclose the system The system of claim 8, wherein the second request includes at least the portion of the first request as part of the payload of the second request(Parekh ¶0047- the ‘communication initiation request’ is embodied into a data packet (not shown in figures) comprising a header portion and the data portion. Preferably, the header portion (of the data packet) incorporates the ‘communication initiation request’) 

As to claim 14 the combined teachings of Parekh and Abraham disclose the system of claim 8, wherein the first device is further configured to redirect data received from the sender to the tunnel to be transmitted to the receiver(Parekh ¶0071- last sentence-initiation request in this case is redirected to the intermediary server (step 202) ; Abraham ¶0051- 1st sentence).

As to claim 15 Parekh discloses a system comprising: a first device that is intermediary to a client and a server(Parekh ¶0068- 1st sentence- the intermediary server 160 establishes the virtual overlay network 150 between the source computer 110 and the destination computer 111…., the first device configured to:
communicate a discovery request to discover a second device that intermediary to the client and the server responsive, the discovery request being communicated responsive to receipt of a request of the client to connect to the server(Parekh ¶0031, ¶0067- overlay network);  establish a tunnel between the first device and the second device; and communicate via the tunnel network traffic between the client and the server (Parekh ¶0068- establishes the virtual overlay network 150 between the source computer 110 and the destination computer 111 (in addition to a typical, unsecured, public computer network ).
Parekh however is silent where the discovery request including a hash of at least a portion of a payload of the request; and establish the tunnel based at least in part to a response from the second device identifying the same hash. However in an analogous art Abraham remedies this deficiency: (Abraham ¶0037-In this way, the GRO routine considers each packet received from the virtual router for aggregation purposes as a non-tunneled, L2 packet that includes at least a portion of an L2 header,¶0064; ¶0039- last sentence; ¶0080- 2nd sentence ¶0084); Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the inventions to modify the teachings of Parekh with that of Abraham for the purpose of ensuring the authentication of network traffic (Abraham ¶0080- 3rd sentence).

Claim 16- 20 are rejected under 35 U.S.C. 103 as being unpatentable over Parekh in view of Abraham and further in view of Sinha et al (US 20220078090).

As to claim 16 the combined teachings of Parekh and Abraham discloses the system of claim 15, however silent wherein the first device has a first connection with the client and the second device has a second connection with the server. However in an analogous art Sinha remedies this deficiency: (Sinha Fig.12, ¶0099- 1st and last sentences- FIG. 12 is a network diagram of a trace between a user 102 and the destination 570 with an opaque tunnel 590 between a tunnel client 510 and a tunnel server 520......  the opaque tunnel 590 can be referred to as an overlay tunnel. Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the inventions to modify the combined teachings of Parekh  and Abraham with that of Sinha for the purpose of a delivery of data between client and server through an overlay tunnel.

As to claim 17 the combined teachings of Parekh Abraham and Sinha disclose the system of claim 16, wherein network traffic of the client is received via the first connection and communicated to the second device via the tunnel so that the second device communicates the network traffic via the second connection to the server (Sinha , Fig.12, ¶0099)

As to claim 18 the combined teachings of Parekh Abraham and Sinha disclose system of claim 16, wherein the first device is further configured to set a port of the discovery request to a value for which the second device identifies as being the port to respond to the discovery request(Parekh ¶0021- extracted from the `data packet` match with any of the …destination public ports stored in the repository, then the source computer is determined to be permitted to communicate with the destination computer.).

As to claim 19 the combined teachings of Parekh Abraham and Sinha disclose system of claim 16, wherein the first device is configured to establish the tunnel with the second device using a virtual internet protocol (IP) address of the second device(Parekh ¶0068- 1st sentence- and designates the source computer 110 and destination computer 111 to be identified on the virtual overlay network 150 only by the corresponding source private IP address and destination private IP address,..

As to claim 20 the combined teachings of Parekh Abraham and Sinha disclose system of claim 16, wherein the first device is configured to encapsulate network traffic of the client for communications via the tunnel. (Parekh ¶0031- 4th sentence- the communication initiation request` is encapsulated with the `public addressing information`, and the combination of the.) (Abraham ¶0046- last sentence).


Allowable Subject Matter
Claim 6 and 13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DERRICK V ROSE whose telephone number is (571)270-7460. The examiner can normally be reached 9am- 6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, YEMANE MESFIN can be reached on 571-272-3927. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DERRICK V ROSE/Examiner, Art Unit 2462