DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Terminal Disclaimer
1.	The terminal disclaimer filed on 08/11/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent No. 10,986,019 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Allowable Subject Matter
2.	Claims 19-32 (renumbered as claims 1-14) are allowed.
3.	According to claim 19 (and similarly claim 26), the closest prior art Nagaraj (US PG Pub. No. 2012/0179796) discloses a system overlay network comprising plurality of point of presence (i.e. POP A, POP B and POP C) distributed throughout the network (please see figure 3 and paragraph [0096]). Furthermore, network A connecting said POP A, POP B and POP C may be a wide area network, please see paragraph [0101] and thus addressing the limitation(s) “A system, comprising: multiple Point-of-Presence (POP) interfaces, which are distributed in a Wide-Area Network (WAN)”. Each of the POPs comprise of processor(s) 1924 connected to input/output interface 1922 via a bus (please see Figure 19 and paragraph [0195]) and thus addressing the limitation(s) “and one or more processor, which are coupled to the POP interfaces”. The prior art also discloses a client C (construed as said initiator) is assigned a source IP address and source point (please see paragraph [0147]) and thus addressing the limitation(s) “assign, to an initiator in the system, a client Internet Protocol (IP) address”. Each of the core routers C1, C2 connected to the respective POP A and POP B and responsible for relaying response from the requested server to the client are associated with a router tag and thus addressing the limitation(s) “assign to a responder in the communication system a service IP address”. As shown in figure 14, packet 1420 travels from the client C to the server S via the POP A, POP B, core and edge routers based on the source and destination addresses as well as respective router tags (please see paragraphs [0153], [0154]) and thus addressing the limitation(s) “receive a packet, which is exchanges between the initiator and the responder and which comprises the client IP address and the service IP address”.
Nagaraj, however, does not address the feature of client Internet Protocol (IP) address having a first plurality of bits, including embedding in one or more of the bits of the client IP address;
an affiliation of the initiator with a group of initiators;
a service IP address having a second plurality of bits, including embedding in one or more of the bits of the service IP address an affiliation of the service with a group of responders.
Another prior art Ahn (US PG Pub. No. 2004/0205247), on the other hand, teaches embedding the source address in another address as well as a TFT filter information and a type of service information (please see paragraphs [0145], [0146], [0169) and thus addressing the limitation(s) “client Internet Protocol (IP) address having a first plurality of bits, including embedding in one or more of the bits of the client IP address; an affiliation of the initiator with a group of initiators”. The packet also includes an IP destination address occupying the lower order bits and a TFT filter information as well as TOS information and thus teaching “a service IP address having a second plurality of bits, including embedding in one or more of the bits of the service IP address an affiliation of the service with a group of responders”.
The combination of Nagaraj and Ahn does not clearly teach the claim feature of “wherein the affiliation of the initiator with the group of initiators comprises an Initiator Met--a-Group ID (MGI) value indicative of the affiliation of the initiator,
	and a Tenant ID (TID) comprising a 20-bit value, different than the MGI value or a Responder Meta-Group ID (MGR) value, indicating an affiliation of each client with one or more organizations served by the system	”
and “	enforce a security policy on the packet depending on the affiliation of the initiator and the affiliation of the service, as embedded in the client and service IP addresses, wherein enforcing the security policy comprises applying one or more stateless logical operations to the MGI of the initiator and to the MGR of the service, as embedded in the packet	”
Therefore, the above limitation(s) in combination of the remaining limitation(s) of claim 19 (same is true for claim 26) is/are not taught nor suggested by the prior art(s) of record. The respective dependent claims are allowed for the same reason(s) as mentioned above for claim 19.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PRINCE AKWASI MENSAH whose telephone number is (571)270-7183. The examiner can normally be reached Mon-Fri 8:00am-4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, MICHAEL THIER can be reached on 571-272-2832. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

PRINCE AKWASI. MENSAH
Examiner
Art Unit 2474



/PRINCE A MENSAH/            Examiner, Art Unit 2474     

/MICHAEL THIER/            Supervisory Patent Examiner, Art Unit 2474