DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/18/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-8 and 10-20 of U.S. Patent No. 11,095,517. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application is anticipated by patent claims.
Claims 1, 10, 13, 17 and 19-20 of the instant application are mapped to claims 1, 12 and 19. Claims 2-8 and 14-16 of the instant application are mapped to claims 2-8, 13-17 and 20 of the patent. Claim 9 of the instant application is mapped to claim 10 of the patent. Claims 11-12 & 18 of the instant application is mapped to claims 11 & 18 of the patent.
Instant Application No. 17/402,964
US Patent No. 11,095,517
1. A method performed by a customer equipment device, comprising:
1. A method performed by a customer equipment device, the method comprising:
establishing a secure tunnel connection with a security gateway device via at least one out-of-band network;
establishing a secure tunnel connection with a security gateway device via at least one out-of-band network, wherein the security gateway device is operatively coupled to a provider network;
automatically and without user input establishing a connection with a configuration platform via the secure tunnel connection; receiving orchestration instructions for configuring one or more virtual network functions (VNFs) from the configuration platform;
automatically and without user input establishing a connection with a configuration platform on the provider network via the secure tunnel connection; receiving orchestration instructions for configuring one or more virtual network functions (VNFs) from the configuration platform, wherein the orchestrations instructions are based on one or more customer configuration requests; 
and automatically orchestrating the one or more VNFs based on the received orchestration instructions, wherein the one or more VNFs are configured to operate on a customer network that is different than the at least one out-of-band network.
automatically orchestrating the one or more VNFs based on the received orchestration instructions, wherein the one or more VNFs are configured to operate on a customer network that is different than the at least one out-of-band network; 
10. The method of claim 1, further comprising: advertising management domain routing information to the security gateway device via the secure tunnel connection; and receiving VNF management instructions from the security gateway device and via the secure tunnel connection based on the advertised management domain routing information, wherein the VNF management instructions include one of: updates, reconfigurations, or patches.
advertising management domain routing information to the security gateway device via the secure tunnel connection; and receiving VNF management instructions from the security gateway device and via the secure tunnel connection based on the advertised management routing information, wherein the VNF management instructions include one of: updates, reconfigurations, or patches.



Allowable Subject Matter
Claims 1-20 would be allowable if the rejection(s) under Double Patenting set forth in this Office action is overcome.
Examiner’s Statement of Indicating Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter: The prior art Parry et al. (US Patent No. 10,069,802) discloses securely configuring a customer premise equipment in a network.  The network including a configuration server, a DHCP server, and the customer premise equipment.  The method enables authentication of customer premise equipment, before providing configuration to the customer premise equipment.  The method includes use of characteristic attributes of the customer premise equipment to generate cryptographic keys for secure connection.  Moreover, the method includes establishing a secure connection between the configuration server and the customer premise equipment for transfer of a configuration file and a set of encryption keys.  The configuration file and the set of encryption keys are used to securely configure the customer premise equipment (Parry, Abstract), Saenger et al. (Us Patent No. 11,283,678) discloses adaptive virtual services. In an example, a user specifies a device configuration for a platform device. As a result, a service provider installs selected virtual-network functions and defines network connections as specified by the device configuration. Management software may also be installed, thereby enabling the service provider to communicate with and remotely manage the platform device. The installed virtual-network functions are activated on the platform device once it is delivered to the user. In some instances, the user changes the device configuration. For example, the user may install new virtual-network functions, reconfigure or remove existing virtual-network functions, or change defined network connections. As a result, the service provider reconfigures the platform device accordingly. Thus, the user need not purchase new specialized hardware in order to change the available functions of the computer network. (Saenger, Abstract), YOSHIKAWA (US Pub No. 2020/0383041) discloses a network functions virtualization management and orchestration apparatus includes a plurality of VIMs, a visiting information manager, and a VNF arrangement controller. Each of the plurality of VIMs controls start and stop of a VNF in a virtual machine on each of servers connected to a plurality of respective base stations. The visiting information manager manages visiting information of each terminal wirelessly connecting to any of the base stations. The VNF arrangement controller controls arrangement of the VNF to provide services to the terminals, based on VIM management information and terminal visiting information, the VIM management information defining, for each VNF, a VIM capable of starting the VNF on each of the servers connected to the base stations. (YOSHIKAWA, Abstract), Gray et al. (US Pub No. 2014/0122674) discloses automatically uploading device information from a first network device in a first operating state to a second network device in response to an event, such as an initial power up.  The second network device is part of the cloud, and thus, providing cloud-based services.  Subsequent to the uploading of the device information, the first network device receives information controlling the operation of the first network device based on the device information (Gray, Abstract), Eldar (US Pub No. 2007/0297396) discloses a provisioning method and mechanism for computer systems having embedded network devices.  After an initial boot-up of a computer platform, an out-of-band (OOB) controller automatically connects to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name in which the computer platform is running.  The OOB controller then establishes a TCP connection to the provisioning server.  A server certificate chain received from the provisioning server is validated.  An attempt to login to the provisioning server is made.  If corporate security policy dictates granting access to the computer platform, then provisioning configuration data is received over a secure and encrypted channel (Eldar, Abstract), HTAY (US Pub No. 2018/0165110) discloses a workload management method for on-demand applications in distributed Network Functions Virtualization Infrastructure (dNFVI) includes receiving usage data from a unikernel implementing one or more functions of a plurality of functions related to a Virtual Network Function (VNF) (HTAY, Abstract), Liu (US Pub No. 2013/0046865) discloses zero configuration for a virtual distributed device in a distributed network is disclosed.  A plurality of peer devices are added as virtual devices to a network device.  Configuration information is imported to the network device. The network device distributes the configuration information to the plurality of peer devices in accordance with the established topology via the peer device connected to the uplink switch (Liu, Abstract and page 1, paragraph 0019), Mammoliti et al. (US Patent No. 8,532,095) discloses configuring customer premises equipment for communication with a provider network include establishing a physical layer network connection between a particular customer node and a first provider node. The particular customer node is automatically configured based on that configuration data.  The automatic provisioning of the customer node allows equipment to be more economically shipped and installed at customer premises and allows upgraded or replacement equipment to be more economically swapped in place of equipment previously installed.  Traffic management data can also be automatically received and used at the particular customer node (Mammoliti, Abstract), Burnett et al. (US Pub No. 2003/0018889) discloses remote, automated, and secure network device provisioning over a pre-existing communications network.  According to one embodiment, automated establishment of addressability of a network device is supported for a target network environment.  A boot time process of a network device in a factory default configuration detects the presence of a storage device containing therein addressability data that allows the network device to communicate and be addressable within the target network environment.  After detecting the presence of the storage device, the network device receives the addressability data from the storage device by using a communication protocol associated with the storage device.  Finally, addressability of the network device is established to enable it to communicate with and be addressed by other nodes in the target network environment by configuring one or more address parameters of the network device based upon the addressability data (Burnett, Abstract) and Mc Bride et al. (US Pub No. 2016/0239330) discloses a virtualized network including one or more virtual machines is operable to instantiate dynamic reconfiguration of one or more virtual machines.  The virtualized network includes an analytics engine, autonomics module and orchestrator module.  The autonomics module receives intelligence data from the analytics engine and in one instance, may direct an action of dynamic reconfiguration of one or more virtual machines, based on the intelligence data.  The autonomics module instructs the orchestrator module, via a control plane, to instantiate the dynamic reconfiguration of one or more virtual machines.  The dynamic reconfiguration may involve, without limitation, replacing a configuration of a virtual machine, migration of a configuration from a first to a second virtual machine, or deploying a second (new) virtual machine to replace or supplement functionality of a first virtual machine (Mc Bride, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “establishing a secure tunnel connection with a security gateway device via at least one out-of-band network, wherein the security gateway device is operatively coupled to a provider network; automatically and without user input establishing a connection with a configuration platform on the provider network via the secure tunnel connection automatically orchestrating the one or more VNFs based on the received orchestration instructions, wherein the one or more VNFs are configured to operate on a customer network that is different than the out-of-band network” (as recited in claims 1, 13 and 19), and in combination with the remaining claim limitations.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHAQUEAL D WADE-WRIGHT/Primary Examiner, Art Unit 2437