Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The application number 17/024,534 filed on 9/17/2020 has been considered.  Claims 1-21 are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/13/2021 is being considered by the examiner.
Claim Objections
The numbering of claims is not in accordance with 37 CFR 1.75 which requires if there are several claims, they shall be numbered consecutively in Arabic numerals.  In this case, there are two claims being numbered 15.  
Mis-numbered claims 15-20 been renumbered 16-21.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 7 recites the limitation "the at least one computing device" in lines 1-2.  There is insufficient antecedent basis for this limitation in the claim.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-2, 4-5, 8-11, 15-16 and 18-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2, 4, 6-7, 9-12, 14, 16, 18 and 20-21 of U.S. Patent No. 10,791,132. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations recited in the Claims 1-2, 4-5, 8-11, 15-16 and 18-20 of the instant application are anticipated by the limitations recited in the claims 1-2, 4, 6-7, 9-12, 14, 16, 18 and 20-21 of U.S. Patent No. 10,791,132.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13, 6, 8-11, 15-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2012/0314714 hereinafter Hu) in view of Nanda et al. (US 2016/0191545 hereinafter Nanda).
Regarding claim 1, Hu discloses a computer-implemented method, comprising: 
encapsulating a first packet in a second packet, the first packet including a first packet payload and indicating a first packet source and a first packet destination, the second packet including the first packet as a second packet payload, the second packet indicating a second packet destination [[corresponding to an analysis host destination]] and a second packet source indicating a false source associated with a network link indicates a communication channel device between the first packet source and the first packet destination (FIG, 1-6: outer packet, inner packet, EID1, EID2, RLOC2, RLOC1, etc., ¶ [0063]-[0064], [0071-[0077]; i.e. encapsulating the original packet payload including information of source and destination EID1, EID2 with label or information of the router/splitter source and destination RLOC1, RLOC2), wherein the analysis host destination is based at least in part on the first packet source and the first packet destination such that the second packet is routed to a particular analysis host of a set of analysis hosts wherein communications between a first packet source-destination pair are sent to the same analysis host; and 
providing the second packet to an [[analysis]] destination host as a result of the second packet destination being indicated in a header of the encapsulated second packet (FIG. 1-6, ¶ [0077]-[0078]; i.e. forwarding the encapsulated packet to the destination based on the outer label).
Hu does not explicitly disclose the second packet destination corresponding to an analysis host destination, wherein the analysis host destination is based at least in part on the first packet source and the first packet destination such that the second packet is routed to a particular analysis host of a set of analysis hosts wherein communications between a first packet source-destination pair are sent to the same analysis host and forwarding the packet to the analysis host.
However, Nanda discloses the second packet destination corresponding to an analysis host destination, wherein the analysis host destination is based at least in part on the first packet source and the first packet destination such that the second packet is routed to a particular analysis host of a set of analysis hosts wherein communications between a first packet source-destination pair are sent to the same analysis host and forwarding the packet to the analysis host (FIG. 2 & 6, ¶ [0028], [0052]-[0054], [0069], [0072]; i.e. encapsulating and forwarding the packet copies according to  network rules/policies to a virtual tap port for analyze the packet copies for malicious information).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Nanda’s teaching into Hu in order to monitor network traffic to detect security threats (Nanda, ¶ [0001]-[0003]).
Regarding claim 2, Hu in view of Nanda discloses the computer-implemented method of claim 1, further comprising identifying abnormal network traffic based at least in part on the second packet destination as indicated in a header of the second packet and the second packet payload (Nanda, ¶ [0053]-[0054]).
Regarding claim 3, Hu in view of Nanda discloses the computer-implemented method of claim 2, further comprising: determining, based at least in part on the identified abnormal traffic, a first portion of the first packet, and a second portion of the second packet that a message included in the first packet payload corresponds to a conversation between the first packet source and the second packet source (Nanda, ¶ [0053]-[0054]); converting the conversation including the message to a log (Nanda, ¶ [0073]); and providing the log to a security intelligence platform (Nanda, ¶ [0073]).
Regarding claim 6, Hu in view of Nanda discloses the computer-implemented method of claim 1, further comprising: receiving the first packet, the first packet encoded with a first communication protocol (Nanda, ¶ [0036]-[0037], [0042]); detecting the first communication protocol is incompatible with the second packet destination (Nanda, ¶ [0036]-[0037], [0042]); and encoding the encapsulated packet with a second communication protocol different from the first communication protocol (Nanda, ¶ [0036]-[0037], [0042]).
Regarding claim 8, Hu discloses a system, comprising: 
one or more processors (FIG, 3, ¶ [0105]); and 
memory that stores computer-executable instructions that, as a result of execution (FIG, 3, ¶ [0105]), cause the one or more processors to: 
obtain a first packet (FIG, 1-6, ¶ [0063]-[0064], [0071-[0077]; i.e. obtaining the original packet or inner packet); 
determine an analysis host destination based at least in part on the first packet source and the first packet destination; 
encapsulate a first packet within a second packet; wherein: the first packet includes a first packet payload and a first header indicating a first packet source and a first packet destination (FIG, 1-6: outer packet, inner packet, EID1, EID2, RLOC2, RLOC1, etc., ¶ [0063]-[0064], [0071-[0077]; i.e. encapsulating the original packet payload including information of source and destination EID1, EID2 with label or information of the router/splitter source and destination RLOC1, RLOC2); 
the encapsulated second packet includes a second packet payload comprising at least a portion of the first packet payload and the second packet includes a second header indicating a second packet destination [[corresponding to an analysis host destination]] and a second packet source, the second packet source corresponding to a false source associated with a network link indicates a communication channel device between the first packet source and the first packet destination (FIG, 1-6, ¶ [0063]-[0064], [0071-[0077]; i.e. the outer label includes information of the router/splitter source and destination RLOC1, RLOC2); and 
provide the encapsulated packet to the [[analysis]] destination host based at least in part on the second packet destination (FIG. 1-6, ¶ [0077]-[0078]; i.e. forwarding the encapsulated packet to the destination based on the outer label).
Hu does not explicitly disclose determining an analysis host destination based at least in part on the first packet source and the first packet destination; the second packet destination corresponding to an analysis host destination, and forwarding the packet to the analysis host.
However, Nanda discloses determining an analysis host destination based at least in part on the first packet source and the first packet destination; the second packet destination corresponding to an analysis host destination, and forwarding the packet to the analysis host (FIG. 2 & 6, ¶ [0028], [0052]-[0054], [0069], [0072]; i.e. encapsulating and forwarding the packet copies according to  network rules/policies to a virtual tap port for analyze the packet copies for malicious information).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Nanda’s teaching into Hu in order to monitor network traffic to detect security threats (Nanda, ¶ [0001]-[0003]).
Regarding claim 9, Hu in view of Nanda discloses the system of claim 8, wherein the instructions further include instructions that, as a result of execution by the one or more processors, further cause the system to identify a characteristic of suspicious network traffic based at least in part on the second packet destination.
Regarding claim 10, Hu in view of Nanda discloses the system of claim 9, wherein the instructions further include instructions that, as a result of execution by the one or more processors, further cause the system to prevent the suspicious network traffic, identified by the characteristic, within an edge network comprising at least two network splits (Hu, FIG. 3; Nanda, FIG. 2 & 4, ¶ [0033], [0073]-[0074]).
Regarding claim 11, Hu in view of Nanda discloses the system of claim 8, wherein the instructions further include instructions that, as a result of execution by the one or more processors, further cause the system to send communications between a pair of devices to the analysis host based at least in part on a header in the encapsulated packet indicating the pair of devices (Nanda, ¶ [0054]).
Regarding claim 13, Hu in view of Nanda discloses the system of claim 8, wherein the instructions further include instructions that, as a result of execution by the one or more processors, further cause the system to: receive the first packet, the first packet encoded with a first communication protocol (Nanda, ¶ [0036]-[0037], [0042]); and encode the encapsulated packet with a second communication protocol different from the first communication protocol (Nanda, ¶ [0036]-[0037], [0042]).
Regarding claim 15, Hu in view of Nanda discloses the system of claim 14, wherein the one or more analysis services further provide the log to a security intelligence platform (Nanda, ¶ [0073]).
Regarding claim 16, Hu discloses a non-transitory computer-readable storage medium having stored thereon instructions that, upon execution by a computing device, cause the computing device at least to: 
at least one computing device implementing one or more services (FIG. 1-6), wherein the one or more services: 
receive a first packet, the first packet including a first packet payload and indicating a first packet source and a first packet destination (FIG, 1-6, ¶ [0063]-[0064], [0071-[0077]; i.e. obtaining the original packet or inner packet including EID1, ID2 and payload); 
generate a second packet by encapsulating a portion of the first packet, wherein the second packet indicates a second packet destination [[corresponding to an analysis host destination]] and a second packet source indicating a false source associated with a network link indicative of a communication channel node between the first packet source and the first packet destination (FIG, 1-6: outer packet, inner packet, EID1, EID2, RLOC2, RLOC1, etc., ¶ [0063]-[0064], [0071-[0077]; i.e. encapsulating the original packet payload including information of source and destination EID1, EID2 with label or information of the router/splitter source and destination RLOC1, RLOC2), wherein the analysis host destination is based at least in part on the first packet source and the first packet destination; and 
provide the encapsulated packet to an [[analysis]] destination host based at least in part on the second packet destination (FIG. 1-6, ¶ [0077]-[0078]; i.e. forwarding the encapsulated packet to the destination based on the outer label).
Hu does not explicitly disclose the second packet destination corresponding to an analysis host destination, wherein the analysis host destination is based at least in part on the first packet source and the first packet destination and forwarding the packet to the analysis host.
However, Nanda discloses the second packet destination corresponding to an analysis host destination, wherein the analysis host destination is based at least in part on the first packet source and the first packet destination and forwarding the packet to the analysis host (FIG. 2 & 6, ¶ [0028], [0052]-[0054], [0069], [0072]; i.e. encapsulating and forwarding the packet copies according to  network rules/policies to a virtual tap port for analyze the packet copies for malicious information).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Nanda’s teaching into Hu in order to monitor network traffic to detect security threats (Nanda, ¶ [0001]-[0003]).
Regarding claim 17, Hu in view of Nanda discloses the computer-readable storage medium of claim 15, wherein the analysis host destination is determined such that the second packet is routed to a particular analysis host of a set of analysis hosts wherein previous communications between the first packet destination and the first packet source were assigned to the particular analysis host (Nanda, ¶ [0028], [0052]-[0054], [0069], [0072]).
Regarding claim 19, Hu in view of Nanda discloses the computer-readable storage medium of claim 15, comprising further instructions that, upon execution by the at least one computing device, cause the computing device at least to identify a characteristic of potential malicious network traffic based at least in part on the network link (Nanda, ¶ [0054]).
Claims 4-5 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2012/0314714 hereinafter Hu) in view of Nanda et al. (US 2016/0191545 hereinafter Nanda) further in view of Gordy et al. (US 6,898,632 hereinafter Gordy).
Regarding claim 4, Hu in view of Nanda discloses the computer-implemented method of claim 2, further comprising prohibiting the identified suspicious network traffic, within a core network from being provided to a border network via an internet (Nanda, FIG. 2 & 4, ¶ [0073]) connection by one or more respective layers of firewalls.
Hu in view of Nanda does not explicitly disclose one or more respective layers of firewalls.
However, Gordy discloses one or more respective layers of firewalls (FIG. 2A, Abstract). 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Gordy into Hu in view of Nanda in order to allow the intrusion detection systems to communicate with the firewall directly through the security taps to notify the firewall of the malicious packets (Gordy, col. 3, lines 35-58). 
Regarding claim 5, Hu in view of Nanda discloses the computer-implemented method of claim 1, further comprising receiving the first packet from a split, wherein the split duplicated network traffic of communications between an end user and an internet endpoint that are connected by a network that comprises [[a firewall]] and a router (Hu, FIG. 3, ¶ [0032]; Nanda, FIG. 2-4).
Hu in view of Nanda does not explicitly firewall.
However, Gordy discloses firewall (FIG. 2A, Abstract). 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Gordy into Hu in view of Nanda in order to allow the intrusion detection systems to communicate with the firewall directly through the security taps to notify the firewall of the malicious packets (Gordy, col. 3, lines 35-58). 
Regarding claim 21, Hu in view of Nanda discloses the computer-readable storage medium of claim 15, comprising further instructions that, upon execution by the at least one computing device, cause the at least one computing device at least to receive the first packet from a split, wherein the split duplicated network traffic of communications between an end user and an internet endpoint that are connected by a network (Hu, FIG. 3, ¶ [0032]; Nanda, FIG. 2-4) that comprises a firewall.
Hu in view of Nanda does not explicitly firewall.
However, Gordy discloses firewall (FIG. 2A, Abstract). 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Gordy into Hu in view of Nanda in order to allow the intrusion detection systems to communicate with the firewall directly through the security taps to notify the firewall of the malicious packets (Gordy, col. 3, lines 35-58). 
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2012/0314714 hereinafter Hu) in view of Nanda et al. (US 2016/0191545 hereinafter Nanda) further in view of Li (US 2007/0214251).
Regarding claim 7, Hu in view of Nanda discloses the computer-implemented method of claim 1.
Hu in view of Nanda does not explicitly disclose wherein the at least one computing device acts as a reverse proxy and distributes network or application traffic across a number of servers or other target devices.
However, Li discloses wherein the at least one computing device acts as a reverse proxy and distributes network or application traffic across a number of servers or other target devices (FIG. 1-3, ¶ [0007]-[0009], [0054]). 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Li into Hu in view of Nanda in order to provide a virtual network system mapping a public domain name or sub-domain name to a remote private server and protect the remote private server (Li, ¶ [0002]-[0005], [0010]). 
Claims 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2012/0314714 hereinafter Hu) in view of Nanda et al. (US 2016/0191545 hereinafter Nanda) further in view of Fluhrer et al. (US 8,036,221 hereinafter Fluhrer).
Regarding claim 12, Hu in view of Nanda discloses the system of claim 8.
Hu in view of Nanda does not explicitly disclose wherein the encapsulated second packet includes a payload of an additional packet and the payload of the first packet.
However, Fluhrer discloses wherein the encapsulated second packet includes a payload of an additional packet and the payload of the first packet (FIG. 5, col. 8, lines 47-col. 9, lines 38).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Fluhrer into Hu in view of Nanda in order to allow secured packets to traverse the public network while allowing the secured packets to follow an optimal routed path in the private network without requiring the overlay routing protocol (Fluhrer, col. 9, lines 39-47). 
Regarding claim 18, Hu in view of Nanda discloses the computer-readable storage medium of claim 15.
Hu in view of Nanda does not explicitly disclose wherein the second packet combines the portion of the first packet with a portion of an additional packet.
However, Fluhrer discloses wherein the second packet combines the portion of the first packet with a portion of an additional packet (FIG. 5, col. 8, lines 47-col. 9, lines 38).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Fluhrer into Hu in view of Nanda in order to allow secured packets to traverse the public network while allowing the secured packets to follow an optimal routed path in the private network without requiring the overlay routing protocol (Fluhrer, col. 9, lines 39-47). 
Claims 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2012/0314714 hereinafter Hu) in view of Nanda et al. (US 2016/0191545 hereinafter Nanda) further in view of Yang (US 9,398,043).
Regarding claim 14, Hu in view of Nanda discloses the system of claim 8, wherein the analysis host implements one or more analysis services (Nanda, ¶ [0075]).
Hu in view of Nanda does not explicitly disclose wherein the one or more analysis services: determine, based at least a portion of the encapsulated packet and at least a portion of the first packet, that a message included in the first packet payload corresponds to a session between the first packet source and the second packet source; and convert the session including the message to a log.
However, Yang discloses wherein the one or more analysis services: determine, based at least a portion of the encapsulated packet and at least a portion of the first packet, that a message included in the first packet payload corresponds to a session between the first packet source and the second packet source; and convert the session including the message to a log (col. 5, line 60-col. 6, line 11, col. 11, lines 1-7). 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Yang into Hu in view of Nanda in order to inspect network packets and properly separate the malicious session packets from the authorized session packets (Yang, col. 1, line 21- col. 2, line 9). 
Regarding claim 20, Hu in view of Nanda discloses the computer-readable storage medium of claim 18.
Hu in view of Nanda does not explicitly disclose comprising further instructions that, upon execution by the at least one computing device, cause the at least one computing device at least to insulate the identified potential malicious network traffic within at least one of a border network, an edge network, or a core network by one or more respective layers of firewalls.
However, Yang discloses upon execution by the at least one computing device, cause the at least one computing device at least to insulate the identified potential malicious network traffic within at least one of a border network, an edge network, or a core network by one or more respective layers of firewalls (FIG. 1, col. 5, line 60-col. 6, line 11, col. 11, lines 1-7). 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate the teaching of Yang into Hu in view of Nanda in order to inspect network packets and properly separate the malicious session packets from the authorized session packets (Yang, col. 1, line 21- col. 2, line 9). 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311. The examiner can normally be reached Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-270-8311.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.D.N/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435