Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 05/31/2022 has been acknowledged. Claims 1-20 are currently pending and have been considered below. Claim 1, 11 and 20 are independent claim. Claim 1, 11 and 20 have been amended. No claim is added new.

Response to Arguments
Applicant's arguments added in the amendment filed on 05/31/2022 have been fully considered but moot in view of new ground of rejection. The reasons set forth below.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1-6, 11-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Panchal (US Patent Application No 2021/0136870 A1) in view of Shetty (US Patent No 9,438,699 B1). 

Regarding Claim 1, Panchal discloses a system, comprising: 
a processor configured to (Panchal, ¶[0080], Fig-8): 
monitor network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); 
extract a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and 
enforce a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced); and 
a memory coupled to the processor and configured to provide the processor with instructions (Panchal, ¶[0080], Fig-8). 
Panchal does not explicitly teach the following limitation that Shetty teaches:
wherein the plurality of parameters include a sequence number of a PFCP request message and a sequence number of a PFCP response message (Shetty, col 8, line 60-65, mobile gateway 8 includes a decentralized data plane and packet forwarding functionality is distributed among a plurality of forwarding units. Col 14, line 35-40, packet forwarding engine. Col 12, line 10-20, The 3-way hand shake generally includes a client sending a SYN packet to a server, the server responding with a SYN-ACK packet, and the client responding with an ACK packet. The 3-way handshake allows intermediate devices to initialize their state for the TCP connection using the sequence numbers passed between the source and the destination);
compare the sequence number of the PFCP request message with the sequence number of the PFCP response message (Shetty, col 18, line 55-65, the client and server forward probe packets. The TCP proxy service unit intercepts these probe packets and extracts sequence numbers from each. In this manner, the TCP proxy service unit determines the current sequence numbers for both the client-to-server packet flow and the service-to-client packet flow. The TCP proxy service unit may then acknowledge receipt of the probe packets, which signals to the client and server that the network session may resume normally.); and 
in response to a determination that the sequence number the PFCP request message matches the sequence number of the PFCP response message, allow the PFCP response message (Shetty, col 22, line 5-20, mobile device 6B sends a synchronization (SYN) packet, including an initial sequence number, to the server device (100). This initial sequence number represents the current sequence number of the client-to-server packet flow of a new network session. The server device receives the SYN packet (102) and responds with a SYN-ACK (acknowledgement) packet that includes a separate, initial sequence number (104). The initial sequence number of the SYN-ACK packet represents the current sequence number of the server-to-client packet flow of the network session. The SYN-ACK packet also acknowledges the current sequence number of the client-to-server packet flow. Mobile device 6B then receives the SYN-ACK packet (106) and sends an ACK packet (108), acknowledging the current sequence number of the server-to-client packet flow. The server device also receives this ACK packet (110). At this point, mobile device 6B and the server device may exchange packets for the network session).
Panchal in view of Shetty are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Shetty to include the idea of proxying data of network session. Dropping the traffic may cause a decrease in performance and may result in SYN floods in the network. Proxying the traffic will overcome the disadvantages.

Regarding Claim 2, Panchal in view of Shetty discloses the system recited in claim 1, wherein the plurality of parameters extracted from the PFCP message at the security platform include a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165).

Regarding Claim 3, Panchal in view of Shetty discloses the system recited in claim 1, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Shetty, col 13, line 35-40, mobile gateway is divided into two logical or physical planes to include a first control plane and a second data or forwarding plane).
 
Regarding Claim 4, Panchal in view of Shetty discloses the system recited in claim 1, wherein the processor is further configured to: 
parse the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). 

Regarding Claim 5, Panchal in view of Shetty discloses the system recited in claim 1, wherein the processor is further configured to: parse the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). 

Regarding Claim 6, Panchal in view of Shetty discloses the system recited in claim 1, wherein the security platform monitors network traffic to and/or in a core network for a 5G network to secure control and user plane separation in the mobile network (Shetty, col 13, line 35-40, mobile gateway is divided into two logical or physical planes to include a first control plane and a second data or forwarding plane. Also Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network). 

Regarding Claim 11, Panchal discloses a method, comprising: 
monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); 
extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and 
enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced).
Panchal does not explicitly teach the following limitation that Shetty teaches:
wherein the plurality of parameters include a sequence number of a PFCP request message and a sequence number of a PFCP response message (Shetty, col 8, line 60-65, mobile gateway 8 includes a decentralized data plane and packet forwarding functionality is distributed among a plurality of forwarding units. Col 14, line 35-40, packet forwarding engine. Col 12, line 10-20, The 3-way hand shake generally includes a client sending a SYN packet to a server, the server responding with a SYN-ACK packet, and the client responding with an ACK packet. The 3-way handshake allows intermediate devices to initialize their state for the TCP connection using the sequence numbers passed between the source and the destination);
comparing the sequence number of the PFCP request message with the sequence number of the PFCP response message (Shetty, col 18, line 55-65, the client and server forward probe packets. The TCP proxy service unit intercepts these probe packets and extracts sequence numbers from each. In this manner, the TCP proxy service unit determines the current sequence numbers for both the client-to-server packet flow and the service-to-client packet flow. The TCP proxy service unit may then acknowledge receipt of the probe packets, which signals to the client and server that the network session may resume normally.); and 
in response to a determination that the sequence number the PFCP request message matches the sequence number of the PFCP response message, allow the PFCP response message (Shetty, col 22, line 5-20, mobile device 6B sends a synchronization (SYN) packet, including an initial sequence number, to the server device (100). This initial sequence number represents the current sequence number of the client-to-server packet flow of a new network session. The server device receives the SYN packet (102) and responds with a SYN-ACK (acknowledgement) packet that includes a separate, initial sequence number (104). The initial sequence number of the SYN-ACK packet represents the current sequence number of the server-to-client packet flow of the network session. The SYN-ACK packet also acknowledges the current sequence number of the client-to-server packet flow. Mobile device 6B then receives the SYN-ACK packet (106) and sends an ACK packet (108), acknowledging the current sequence number of the server-to-client packet flow. The server device also receives this ACK packet (110). At this point, mobile device 6B and the server device may exchange packets for the network session).
Panchal in view of Shetty are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Shetty to include the idea of proxying data of network session. Dropping the traffic may cause a decrease in performance and may result in SYN floods in the network. Proxying the traffic will overcome the disadvantages.

Regarding Claim 12, Panchal in view of Shetty discloses the method of claim 11, wherein the plurality of parameters extracted from the PFCP message at the security platform include a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165).

Regarding Claim 13, Panchal in view of Shetty discloses the method of claim 11, wherein the security platform is configured with a plurality of security policies to secure control and user plane separation in the mobile network (Shetty, col 13, line 35-40, mobile gateway is divided into two logical or physical planes to include a first control plane and a second data or forwarding plan). 

Regarding Claim 14, Panchal in view of Shetty discloses the method of claim 11, further comprising: parsing the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165). 

Regarding Claim 15, Panchal in view of Shetty discloses the method of claim 11, further comprising: parsing the PFCP message to extract a Node ID related to a PFCP association (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a (tunnel endpoint identifier) TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165).

Regarding Claim 16, Panchal in view of Shetty discloses the method of claim 11, wherein the security platform monitors network traffic to and/or in a core network for a 5G network to secure control and user plane separation in the mobile network (Shetty, col 13, line 35-40, mobile gateway is divided into two logical or physical planes to include a first control plane and a second data or forwarding plane. Also Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network). 

Regarding Claim 20, Panchal discloses a computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
monitoring network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network (Panchal, ¶[0011] & ¶[0013], systems may perform pseudo-slicing within a 4G and 5G wireless network. ¶[0033], the controller may use PFCP session establishment message to initiate the bearer establishment procedure. ¶[0068], SAEGW - C 175 may perform a PFCP session establishment procedure with SAEGW - U 165 to setup a PFCP session between the control plane function and the user plane function); 
extracting a plurality of parameters from the PFCP message at the security platform (Panchal, ¶[0034], assign a bearer identifier to identify the established bearer context for first pseudo-slice. Bearer identifier may correspond to an IP address or another address. ¶[0068], a PFCP session establishment request message to establish a new PFCP session context. The address for endpoint may be identified with a TEID, an IP address and/or a port number. ¶[0068], the PFCP Session Establishment Response message may include the bearer identifier and/or addressing for reaching SAEGW - U 165); and 
enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network (Panchal, ¶[0014], a Control and User Plane Separation (CUPS) architecture, such that control plane and user plane functionality may be separated and/or provided by different devices. ¶[0022], in CUPS architecture, element 175 and 180 may operate as separate devices. ¶[0027], PCRF may provide these policies and/or policy identifiers so that policies can be enforced).
Panchal does not explicitly teach the following limitation that Shetty teaches:
wherein the plurality of parameters include a sequence number of a PFCP request message and a sequence number of a PFCP response message (Shetty, col 8, line 60-65, mobile gateway 8 includes a decentralized data plane and packet forwarding functionality is distributed among a plurality of forwarding units. Col 14, line 35-40, packet forwarding engine. Col 12, line 10-20, The 3-way hand shake generally includes a client sending a SYN packet to a server, the server responding with a SYN-ACK packet, and the client responding with an ACK packet. The 3-way handshake allows intermediate devices to initialize their state for the TCP connection using the sequence numbers passed between the source and the destination);
comparing the sequence number of the PFCP request message with the sequence number of the PFCP response message (Shetty, col 18, line 55-65, the client and server forward probe packets. The TCP proxy service unit intercepts these probe packets and extracts sequence numbers from each. In this manner, the TCP proxy service unit determines the current sequence numbers for both the client-to-server packet flow and the service-to-client packet flow. The TCP proxy service unit may then acknowledge receipt of the probe packets, which signals to the client and server that the network session may resume normally.); and 
in response to a determination that the sequence number the PFCP request message matches the sequence number of the PFCP response message, allow the PFCP response message (Shetty, col 22, line 5-20, mobile device 6B sends a synchronization (SYN) packet, including an initial sequence number, to the server device (100). This initial sequence number represents the current sequence number of the client-to-server packet flow of a new network session. The server device receives the SYN packet (102) and responds with a SYN-ACK (acknowledgement) packet that includes a separate, initial sequence number (104). The initial sequence number of the SYN-ACK packet represents the current sequence number of the server-to-client packet flow of the network session. The SYN-ACK packet also acknowledges the current sequence number of the client-to-server packet flow. Mobile device 6B then receives the SYN-ACK packet (106) and sends an ACK packet (108), acknowledging the current sequence number of the server-to-client packet flow. The server device also receives this ACK packet (110). At this point, mobile device 6B and the server device may exchange packets for the network session).
Panchal in view of Shetty are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Shetty to include the idea of proxying data of network session. Dropping the traffic may cause a decrease in performance and may result in SYN floods in the network. Proxying the traffic will overcome the disadvantages.

Claim 7-10 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Panchal (US Patent Application No 2021/0136870 A1) in view of Shetty (US Patent No 9,438,699 B1) and further in view of Jain (US Patent Application Publication No 2015/0095969 A1). 

Regarding Claim 7, Panchal in view of Shetty and Jain discloses the system recited in claim 1, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). 
Panchal in view of Shetty and Jain are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “network security”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Panchal in view of Shetty and Jain to include the idea of an integrated solution to the distributed denial of service attacks mitigation for a large network by applying attack mitigation policies.

Regarding Claim 8, Panchal in view of Shetty and Jain discloses the system recited in claim 1, wherein the security platform is configured to perform detection and prevention of Session Endpoint Identifier (SEID) Spoofing attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation).

Regarding Claim 9, Panchal in view of Shetty and Jain discloses the system recited in claim 1, wherein the processor is further configured to: block the new session from accessing a resource based on the security policy (Jain, ¶[0059], the DDOS attack mitigation appliance may send the granular traffic information, packet drop statistics to the central controller so that the controller may adjust the mitigation policies).
 
Regarding Claim 10, Panchal in view of Shetty and Jain discloses the system recited in claim 1, wherein the processor is further configured to: allow the new session to access a resource based on the security policy (Jain, ¶[0024], within the data plane, the DDoS attack mitigation appliance decides whether to drop or to allow incoming packets based on behavioral policies set by the DDoS attack mitigation central controller).
Regarding Claim 17, Panchal in view of Shetty and Jain discloses the method of claim 11, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation).

Regarding Claim 18, Panchal in view of Shetty and Jain discloses the method of claim 11, wherein the security platform is configured to perform detection and prevention of Session Endpoint Identifier (SEID) Spoofing attacks for securing control and user plane separation in the mobile network (Jain, ¶[0019], separates the control and data plane for DDOS attack mitigation. ¶[0022], packet forwarding and attack mitigation per policies and collection of packet rate statistics and enforcement of behavioral thresholds. ¶[0031],  Fig-2 shows control and data plane separation. DDOS attack mitigation central controller is responsible for the control plane where the individual appliances manage the data plane and process the packets for DDOS attack mitigation). 
Regarding Claim 19, Panchal in view of Shetty and Jain discloses the method of claim 11, further comprising: allowing or blocking the new session from accessing a resource based on the security policy (Jain, ¶[0059], the DDOS attack mitigation appliance may send the granular traffic information, packet drop statistics to the central controller so that the controller may adjust the mitigation policies).

Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this office action. Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F (7:30 - 5:00).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFRY PWU can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433