Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claim Rejections - 35 USC §103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 2, 7-10, 15-19, 24, 25 are rejected under 35 U.S.C. 103 as being unpatentable over Mehta (Pat. No. US 9,787,567) in view of Lee (Pub. No US 2018/0123943) in further view of Wang (Pub. No. US 2015/0043348).
Claim 2, Mehta teaches “a method comprising: receiving, at a Security Monitoring virtual network function (VNF), a configuration of a monitoring policy ([Col. 5, Lines 36-44] With one suitable arrangement, flow table data from controller server 18 may be stored in a flow table such as flow table 28. The entries of flow table 28 may be used in configuring switch 14 (e.g., the functions of packet processing circuitry 32 and/or packet processing software 26).); receiving, at the Security Monitoring VNF, packets from a switch, wherein the receiving, at the Security Monitoring VNF (i.e. [Fig. 13]  switch12 receiving packets from SW10, Sw11; Examiner notes as evidence by Lee, a VNF may be a switch [0043] The VNF forwarders 131, 133, 135 may be routers, switches, or any other network elements configured to forward data ), packets from the switch utilizes data copy circuitry to copy packets received from a port of the switch for access by the Security Monitoring VNF ([Col. 10, Lines 48-55] (59) If desired, tap devices 112 may be integrated into switches of the forwarding network. In the example of FIG. 9, switch SW14 that is interposed between switches SW2 and SW6 may include a tap device 112 that copies network traffic flowing between switches SW2 and SW6 through switch SW14 and forwards the copied network traffic to client switch SW11 via a tap port.); applying, at the Security Monitoring VNF, the monitoring policy to at least one received packet of the packets received from the port of the switch ([Col. 5, Lines 55-65] The example of flow tables 28 storing data that determines how switch 14 is to process incoming packets are merely illustrative. If desired, any packet forwarding decision engine may be used in place of or in addition to flow tables 28 to assist packet forwarding system 14 to make decisions about how to forward network packets. As an example, packet forwarding decision engines may direct packet forwarding system 14 to forward network packets to predetermined ports based on attributes of the network packets (e.g., based on network protocol headers).); and causing transmission of the at least one received packet to at least one Network Analysis Tool ([Col. 9, Line 55 - Col. 10, Line 2] Analysis devices 106 such as analysis devices D1 and D2 and service devices 108 such as service devices S1 and S2 may be coupled to switches 14 of analysis network 104. Analysis devices 106 may include network analysis tools such as network performance monitors, network visibility analysis tools, network capacity analysis tools, network outage analysis tools, or other network analysis tools for analyzing network 102 based on tapped network traffic flows. The network analysis tools may, for example, be implemented on computing equipment that serve as end hosts of analysis network 104 (e.g., analysis device D1 may serve as an end host of analysis network 104 and one or more analysis tools may be implemented on analysis device D1). (56) Service devices 108 may serve to manipulate network traffic flows prior to analysis by devices 106.)”.
However, Mehta may not explicitly teach securing packets.
Wang teaches “forming a secure bundle comprising the at least one received packet and causing transmission of the securely bundled at least one received packet to at least one Network Analysis Tool ([0043] Generic routing encapsulation (GRE) is a method for routing over an IP network, any network layer protocol over any other network layer protocol, by encapsulating one or more packets with a GRE header. In addition, GRE tunnels can encapsulate multicast data streams for transmission over the Internet. GRE tunneling is accomplished by creating tunnel endpoints that operate on top of existing physical and/or other logical endpoints. Methods for configuring GRE tunnels may be found in, for example, RFC2784. The techniques disclosed herein may also be applied to multipoint generic routing encapsulation (MGRE) to achieve greater scalability. It is further noted that GRE does not provide data security; in order to establish data security, the techniques disclosed herein would need to be combined with a protocol providing data security, such as IPsec. Techniques describing IPsec protocols are described in, for example, RFC6071.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Wang with the teachings of Mehta, Lee in order to provide a system that teaches securing packets. The motivation for applying Wang teaching with Mehta, Lee teaching is to provide a system that allows for communication privacy. Mehta, Lee, Wang are analogous art directed towards network communication. Together Mehta, Lee, Wang teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Wang with the teachings of Mehta, Lee by known methods and gained expected results. 
Claim 7, the combination teaches the claim, wherein Mehta teaches “the method of claim 2, wherein the at least one Network Analysis Tool performs one or more of: security and networking analytics systems, meta data collectors, network profiling, per-tenant and/or per-flow monitoring systems, and/or tenant monitoring systems ([Col. 9, Lines 55-63] Analysis devices 106 such as analysis devices D1 and D2 and service devices 108 such as service devices S1 and S2 may be coupled to switches 14 of analysis network 104. Analysis devices 106 may include network analysis tools such as network performance monitors, network visibility analysis tools, network capacity analysis tools, network outage analysis tools, or other network analysis tools for analyzing network 102 based on tapped network traffic flows.)”.
Claim 8, the combination teaches the claim, wherein Mehta teaches “the method of claim 2, wherein the at least one Network Analysis Tool performs one or more of: Virtual Evolved Packet Core (vEPC), Virtual Customer Premises Equipment (vCPE) network visibility Network Function Virtualization (NFV) analytics, data storage, network anomaly detection ([Col. 9, Lines 55-63] Analysis devices 106 such as analysis devices D1 and D2 and service devices 108 such as service devices S1 and S2 may be coupled to switches 14 of analysis network 104. Analysis devices 106 may include network analysis tools such as network performance monitors, network visibility analysis tools, network capacity analysis tools, network outage analysis tools, or other network analysis tools for analyzing network 102 based on tapped network traffic flows.), and/or malware detection”.
Claim 9, “an apparatus comprising: at least one processor configured to: perform a Security Monitoring virtual network function (VNF); apply, at the Security Monitoring VNF, a configuration of a monitoring policy; process, at the Security Monitoring VNF, packets from a switch, wherein the packets from the switch are available to the Security Monitoring VNF via a data copy circuitry, wherein the data copy circuitry is to copy packets received from a port of the switch for access by the Security Monitoring VNF; apply, at the Security Monitoring VNF, the monitoring policy to at least one received packet of the packets received from the port of the switch; form a secure bundle comprising the at least one received packet; and cause transmission of the securely bundled at least one received packet to at least one Network Analysis Tool” is similar to claim 1 and therefore rejected with the same references and citations.
Claim 10, the combination teaches the claim, wherein Mehta teaches “the apparatus of claim 9, further comprising a network interface to transmit the securely bundled (i.e. Wang [0043]) at least one received packet to at least one Network Analysis Tool ([Col. 9, Line 55 - Col. 10, Line 2] Analysis devices 106 such as analysis devices D1 and D2 and service devices 108 such as service devices S1 and S2 may be coupled to switches 14 of analysis network 104. Analysis devices 106 may include network analysis tools such as network performance monitors, network visibility analysis tools, network capacity analysis tools, network outage analysis tools, or other network analysis tools for analyzing network 102 based on tapped network traffic flows. The network analysis tools may, for example, be implemented on computing equipment that serve as end hosts of analysis network 104 (e.g., analysis device D1 may serve as an end host of analysis network 104 and one or more analysis tools may be implemented on analysis device D1). (56) Service devices 108 may serve to manipulate network traffic flows prior to analysis by devices 106.)”.
Claim 15, “the apparatus of claim 9, wherein the at least one Network Analysis Tool is to perform one or more of: security and networking analytics systems, meta data collectors, network profiling, per-tenant and/or per-flow monitoring systems, and/or tenant monitoring systems” is similar to claim 7 and therefore rejected with the same references and citations. 
Claim 16, “the apparatus of claim 9, wherein the at least one Network Analysis Tool is to perform one or more of: Virtual Evolved Packet Core (vVEPC), Virtual Customer Premises Equipment (vCPE) network visibility Network Function Virtualization (NFV) analytics, data storage, network anomaly detection, and/or malware detection” is similar to claim 8 and therefore rejected with the same references and citations. 
Claim 17, the combination teaches the claim, wherein Mehta teaches “the apparatus of claim 9, further comprising the switch to receive packets at the port ([Col. 10, Lines 48-55] (59) If desired, tap devices 112 may be integrated into switches of the forwarding network. In the example of FIG. 9, switch SW14 that is interposed between switches SW2 and SW6 may include a tap device 112 that copies network traffic flowing between switches SW2 and SW6 through switch SW14 and forwards the copied network traffic to client switch SW11 via a tap port.)”.
Claim 18, “the apparatus of claim 9, further comprising the data copy circuitry” is similar to claim 1 and therefore rejected with the same references and citations. 
Claim 19, “at least one computer-readable medium, comprising instructions, stored thereon, that if executed by one or more processors, cause the one or more processors to: perform a Security Monitoring virtual network function (VNF); apply, at the Security Monitoring VNF, a configuration of a monitoring policy; process, at the Security Monitoring VNF, packets from a switch, wherein the packets from the switch are available to the Security Monitoring VNF via a data copy circuitry, wherein the data copy circuitry is to copy packets received from a port of the switch for access by the Security Monitoring VNF; apply, at the Security Monitoring VNF, the monitoring policy to at least one received packet of the packets received from the port of the switch; form a secure bundle comprising the at least one received packet; and cause transmission of the securely bundled at least one received packet to at least one Network Analysis Tool” is similar to claim 1 and therefore rejected with the same references and citations. 
Claim 24, “the at least one computer-readable medium of claim 19, wherein the at least one Network Analysis Tool is to perform one or more of: security and networking analytics systems, meta data collectors, network profiling, per-tenant and/or per-flow monitoring systems, and/or tenant monitoring systems” is similar to claim 7 and therefore rejected with the same references and citations. 
Claim 25, “the at least one computer-readable medium of claim 19, wherein the at least one Network Analysis Tool is to perform one or more of: Virtual Evolved Packet Core (vEPC), Virtual Customer Premises Equipment (vCPE) network visibility Network Function Virtualization (NFV) analytics, data storage, network anomaly detection, and/or malware detection” is similar to claim 8 and therefore rejected with the same references and citations.  
Claims 3, 11, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Mehta in view of Lee in view of Wang in further view of Shamis (Pub. No US 2013/0315054)
Claim 3, the combination may not explicitly teach the claim.
Shamis teaches “the method of claim 2, wherein the data copy circuitry comprises a hardware queue manager (HQM) ([0031] A queue manager 112 controls queuing operations of the network switch 100 including, in embodiments, enqueuing packets received from the forwarding engine 110. In embodiments, the queue manager 112 sets the number of queues per port, sets the priority of individual queues, and/or associates a queue with a port group (e.g., for multicast packets). The queue manager 112 is a configurable hardware element, in embodiments, operable to associate any number of queues (up to the number of queues available) with any one or more specific ports.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Shamis with the teachings of Mehta, Lee, Wang in order to provide a system that teaches internal structures of a switch. The motivation for applying Shamis teaching with Mehta, Lee, Wang teaching is to provide a system that allows for communication of packets. Mehta, Lee, Wang, Shamis are analogous art directed towards network communication. Together Mehta, Lee, Wang, Shamis teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Shamis with the teachings of Mehta, Lee, Wang by known methods and gained expected results.  
Claim 11, “the apparatus of claim 9, wherein the data copy circuitry comprises a hardware queue manager (HQM)” is similar to claim 3 and therefore rejected with the same references and citations. 
Claim 20, “the at least one computer-readable medium of claim 19, wherein the data copy circuitry comprises a hardware queue manager (HQM) ” is similar to claim 3 and therefore rejected with the same references and citations. 
Claims 4, 12, 21  are rejected under 35 U.S.C. 103 as being unpatentable over Mehta in view of Lee in view of Wang in further view of Benisty (Pub. No US 2018/0260347)
Claim 4, the combination may not explicitly teach the claim.
Benisty teaches “the method of claim 2, wherein the data copy circuitry to copy packets received from a port of the switch for access by the Security Monitoring VNF comprises copying a pointer to a queue that stores at least one of the packets received from the port of the switch and wherein the pointer is used by the Security Monitoring VNF to access at least one of the packets received from the port of the switch ([0064] DMA 253 is configured to control Direct Memory Access (DMA) transfer of data between the memory system 100 and memory 160 in host system 140. For example, DMA 253 may access data from host data buffers 168 and transfer it to write buffers in RAM (e.g., FIG. 1B, 122b). DMA 253 may use data buffer pointers 166 that are provided from host interface 220 to access the correct location in host data buffers 168. DMA 253 may transfer data from read buffers in RAM 122b and transfer to host data buffers 168. DMA 253 may use data buffer pointers 166 that are provided from host interface 220 to access the correct location in host data buffers 168 to transfer data read from non-volatile memory 108. Note that for both reads and writes, back end module 210 may perform additional processing of the data such as Error correction, scrambling, etc. Thus, for example, the data that is transferred to the host data buffers 168 is typically not the raw data read from non-volatile memory 108.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Benisty with the teachings of Mehta, Lee, Wang in order to provide a system that teaches internal structures of a switch. The motivation for applying Benisty teaching with Mehta, Lee, Wang teaching is to provide a system that allows for communication of packets. Mehta, Lee, Wang, Benisty are analogous art directed towards network communication. Together Mehta, Lee, Wang, Benisty teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Benisty with the teachings of Mehta, Lee, Wang by known methods and gained expected results.  
Claim 12, “the apparatus of claim 9, wherein to copy packets received from a port of the switch for access by the Security Monitoring VNF, the data copy circuitry is to copy a pointer to a queue that stores at least one of the packets received from the port of the switch and wherein the pointer is used by the Security Monitoring VNF to access at least one of the packets received from the port of the switch” is similar to claim 4 and therefore rejected with the same references and citations. 
Claim 21, “the at least one computer-readable medium of claim 19, wherein to copy packets received from a port of the switch for access by the Security Monitoring VNF, the data copy circuitry is to copy a pointer to a queue that stores at least one of the packets received from the port of the switch and wherein the pointer is used by the Security Monitoring VNF to access at least one of the packets received from the port of the switch” is similar to claim 4 and therefore rejected with the same references and citations. 
Claims 5, 13, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Mehta in view of Lee in view of Wang in further view of Levi (Pub. No 2018/0091387)
Claim 5, the combination may not explicitly teach the claim.
Levi teaches “the method of claim 2, wherein the data copy circuitry to copy packets received from a port of the switch for access by the Security Monitoring VNF comprises mapping input queue entries associated with at least one of the packets received from the port of the switch to a plurality of output queues and wherein at least one of the plurality of output queues is accessible by the Security Monitoring VNF ([Fig. 2] plurality of output queues incorporated into switch comprising mirror module)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Levi with the teachings of Mehta, Lee, Wang in order to provide a system that teaches internal structures of a switch. The motivation for applying Levi teaching with Mehta, Lee, Wang teaching is to provide a system that allows for communication of packets. Mehta, Lee, Wang, Levi are analogous art directed towards network communication. Together Mehta, Lee, Wang, Levi teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Levi with the teachings of Mehta, Lee, Wang by known methods and gained expected results.  
Claim 13, “the apparatus of claim 9, wherein to copy packets received from a port of the switch for access by the Security Monitoring VNF, the data copy circuitry is to map input queue entries associated with at least one of the packets received from the port of the switch to a plurality of output queues and wherein at least one of the plurality of output queues is accessible by the Security Monitoring VNF” is similar to claim 5 and therefore rejected with the same references and citations. 
Claim 22, “the at least one computer-readable medium of claim 19, wherein to copy packets received from a port of the switch for access by the Security Monitoring VNF, the data copy circuitry is to map input queue entries associated with at least one of the packets received from the port of the switch to a plurality of output queues and wherein at least one of the plurality of output queues is accessible by the Security Monitoring VNF” is similar to claim 5 and therefore rejected with the same references and citations. 
Claims 6, 14, 23 are rejected under 35 U.S.C. 103 as being unpatentable over Mehta in view of Lee in view of Wang in further view of Srinivasan (Pub. No 2016/0036731)
Claim 6, the combination may not explicitly teach the claim.
Srinivasan teaches “the method of claim 2, wherein the Security Monitoring VNF terminates the at least one received packet ([0021] As should be appreciated, descriptors 202-208 in the linked list 200 are created as data packets arrive at the switch and are queued and are deleted as data packets are read out from memory and transmitted.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Srinivasan with the teachings of Mehta, Lee, Wang in order to provide a system that teaches information handling. The motivation for applying Srinivasan teaching with Mehta, Lee, Wang teaching is to provide a system that allows for maintaining memory. Mehta, Lee, Wang, Srinivasan are analogous art directed towards network communication. Together Mehta, Lee, Wang, Srinivasan teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Srinivasan with the teachings of Mehta, Lee, Wang by known methods and gained expected results.  
Claim 14, “the apparatus of claim 9, wherein the Security Monitoring VNF is to terminate the at least one received packet” is similar to claim 6 and therefore rejected with the same references and citations. 
Claim 23, “the at least one computer-readable medium of claim 19, wherein the Security Monitoring VNF is to terminate the at least one received packet” is similar to claim 6 and therefore rejected with the same references and citations. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WYNUEL S AQUINO whose telephone number is (571)272-7478. The examiner can normally be reached 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WYNUEL S AQUINO/Primary Examiner, Art Unit 2199