DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This action is responsive to the application filed on 09/25/2020.
2.	Claims 1-20 are pending.
3. 	Claims 1-20 are rejected.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/25/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 and 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claims 1 and 16 recite the limitation "said dynamic logical segmentation" in line 4 of both claims.  There is insufficient antecedent basis for this limitation in the claim.

Regarding Claims 2-15 and Claim 17, which claim dependency from claims 1 and 16, respectively, they are rejected for the same reasons as set forth in the rejection of claims 1 and 16 above.

Examiner’s Note:
The Examiner suggests to Applicant to further define the “personal virtual networks”, and a user request “to change a particular user entity from being on the shared virtual network…to being on the first dynamic user private network”, as the Specification of the instant application does not explicitly disclose these features, in order to distinguish the claim language from the prior art of record.

The Examiner also encourages Applicant’s Representative to conduct a telephonic interview with the Examiner in order to help expedite the application.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-12 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Eui Nam Huh et al (US 20150012977 A1), hereinafter “Huh” in view of Hasan S. Alkhatib et al (US 20040249973 A1), hereinafter “Alkhatib”.

Regarding Claim 1, Huh discloses a method, comprising:
maintaining, by a network control system, dynamic logical of a shared virtual network overlaying a physical network comprising a plurality of network nodes, with said dynamic logical segmentation including a plurality of dynamic user private networks, with a plurality of user entities communicatively coupled to respective personal virtual networks of the plurality of dynamic user private networks, with the plurality of dynamic user private networks including a first dynamic user private network, with a plurality of user accounts associated with the shared virtual network, and with the plurality of user accounts including a first user account (Huh, Paragraphs 0058, 0080, authentication of users (i.e., user account). Paragraphs 0128-0129, cloud computing system includes a terminal. Paragraph 0135, providing various cloud services to the terminal over a personal virtual network. Paragraph 0206, the market-based cloud service portable (MCSP) includes a virtual private network (VPN) – Examiner’s Note: Page 7 of the Specification of the instant application refers a virtual private network to a logically segmented overlay network).

However, Huh fails to explicitly disclose wherein, responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies said dynamic logical segmentation to change a particular user entity from being on the shared virtual network but not on the first dynamic user private network to being on the first dynamic user private network without being disconnected from the shared virtual network;
wherein the received electronic particular user request indicates a request for the particular user entity to be placed on the first dynamic user private network.

 
Alkhatib, from the same or similar field of endeavor, discloses wherein, responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies said dynamic logical segmentation to change a particular user entity from being on the shared virtual network but not on the first dynamic user private network to being on the first dynamic user private network without being disconnected from the shared virtual network (Alkhatib, Paragraph 0077, providing a secure Virtual Community Network (VCN) in order for computing devices coupled to public or private networks to join into private enterprises and communicate with each other. Paragraph 0232, member moves to a different or new private network using the VCN);
wherein the received electronic particular user request indicates a request for the particular user entity to be placed on the first dynamic user private network (Alkhatib, Paragraph 0232, member moving to a different or new private network and/or changes its IP address).

Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Huh in view of Alkhatib in order to further modify the method of providing cloud computing services from the teachings of Huh with the method of utilizing a private virtual dynamic network that enable computing devices to join into private enterprises and communicate with each other from the teachings of Alkhatib.
One of ordinary skill in the art would have been motivated because by being able to move between private networks the users will be able to communicate with other users seamlessly (Alkhatib – Paragraphs 0011, 0077).


Regarding Claim 2, the combination of Huh and Alkhatib disclose the method of claim 1 above, where Alkhatib further discloses wherein the first user account is owner of the first dynamic user private network (Alkhatib, Paragraph 0078, device B in a first private domain);
wherein the plurality of user accounts includes a second particular user account owning a second dynamic user private network of the plurality of dynamic user private networks (Alkhatib, Paragraph 0078, device A in a second private domain);
and wherein the particular user entity was on the second dynamic user private network when said modifying the logical segmentation was initiated (Alkhatib, Paragraphs 0078-0079, machines join other machines in their own private domains).


Regarding Claim 3, the combination of Huh and Alkhatib disclose the method of claim 2 above, where Alkhatib further discloses wherein the particular user entity is owned by the second user account (Alkhatib, Paragraph 0078, computer/device in each private domain belong to that user);
and wherein said modifying the logical segmentation does not move one or more other second entities owned by the second user account and currently being on the second dynamic user private network to being on the first dynamic user private network (Alkhatib, Paragraphs 0077-0079, computing devices can join into private enterprise intranets when they wish to do so (i.e., only moving to a different private network when they would like to)).

Regarding Claim 4, the combination of Huh and Alkhatib disclose the method of claim 2 above, where Alkhatib further discloses wherein the received electronic particular user request is sent from a first initiating user entity on the shared virtual network and owned by the first user account (Alkhatib, Paragraph 0079, members register themselves with a VCN Manager in order to join the community. Paragraph 0080, machines A, B, and X can make connections with each other through communications within the virtual domain).

Regarding Claim 5, the combination of Huh and Alkhatib disclose the method of claim 4 above, where Alkhatib further discloses wherein the first initiating user entity receives a second received request identifying a request for the particular user entity to be placed on the first dynamic user private network (Alkhatib, Paragraphs 0078-0079, machines join other machines in their own private domains);
and wherein the received electronic particular user request is sent by the first initiating user entity in response to the second received response (Alkhatib, Paragraph 0077, providing a secure Virtual Community Network (VCN) in order for computing devices coupled to public or private networks to join into private enterprises and communicate with each other).

Regarding Claim 6, the combination of Huh and Alkhatib disclose the method of claim 4 above, where Alkhatib further discloses wherein the first initiating user entity receives a second received request identifying a request for the particular user entity to be placed on the first dynamic user private network (Alkhatib, Paragraph 0080, machines make direct connections to each other through communications within the virtual domain);
and wherein the received electronic particular user request is sent by the first initiating user entity in response to the second received response and user input on the first initiating user entity authorizing the request for the particular user entity to be placed on the first dynamic user private network (Alkhatib, Paragraph 0079, members register themselves with a VCN Manager in order to join the community. Paragraph 0080, machines A, B, and X can make connections with each other through communications within the virtual domain).

Regarding Claim 7, the combination of Huh and Alkhatib disclose the method of claim 2 above, where Alkhatib further discloses wherein the received electronic particular user request is sent from a second initiating user entity on the shared virtual network and owned by the second user account (Alkhatib, Paragraphs 0078-0079, machines join other machines in their own private domains. Paragraph 0080, machines A, B, and X can make connections with each other through communications within the virtual domain).

Regarding Claim 8, the combination of Huh and Alkhatib disclose the method of claim 1 above, where Alkhatib further discloses wherein the particular user entity is a mobile device (Alkhatib, Paragraph 0083, user machines/devices can be personal computers, server, or other computing devices (mobile or non-mobile)).

Regarding Claim 9, the combination of Huh and Alkhatib disclose the method of claim 1 above, where Alkhatib further discloses wherein each of the plurality of dynamic user private networks is owned by a different user account of the plurality of user accounts (Alkhatib, Paragraph 0078, each computing device has their own private domains).

Regarding Claim 10, the combination of Huh and Alkhatib disclose the method of claim 1 above, where Alkhatib further discloses wherein each of the plurality of dynamic user private networks is associated with a unique User Private Network Identifier (UPN-ID) (Alkhatib, Paragraphs 0098-0103, members of the VCN communicate with other members by means of virtual IP packets, which use unique identifiers of a given connection);
and wherein the shared virtual network associates each packet received from an entity on one of the plurality of dynamic user private networks with a corresponding said unique UPN-ID (Alkhatib, Paragraphs 0098-0103, virtual address real uses a set of addresses that can be used to identify and send communications to other members of the VCN).

Regarding Claim 11, the combination of Huh and Alkhatib disclose the method of claim 10 above, where Alkhatib further discloses comprising:
sending, by the particular user entity communicatively coupled to the first dynamic user private network via a first network access device of the plurality of network nodes, a first plurality of packets to a second user entity communicatively coupled to the first dynamic user private network via a second network access device of the plurality of network nodes (Alkhatib, Paragraphs 0085-0087, devices are in different private networks. Fig 5B, Paragraphs 0092-0094, different traffics within the VCN);
and for each first particular original packet of the first plurality of packets received and after having identifying that the second user entity is associated with the first dynamic user private network, the first network access device encapsulating said first original particular packet in a particular encapsulating packet including said unique UPN-ID corresponding to the first dynamic user private network and then sending said particular encapsulating packet towards the second network access device (Alkhatib, Paragraphs 0093-0096, encapsulated traffic is used by elements of the VCN one membership has been established and the elements are joined in the VCN).

Regarding Claim 12, the combination of Huh and Alkhatib disclose the method of claim 10 above, where Alkhatib further discloses said associating each said packet includes encapsulating said packet in an encapsulating packet including the corresponding said unique UPN-ID (Alkhatib, Paragraphs 0093-0096, 0104, encapsulation routing protocol used for communication).

Regarding Claim 15, the combination of Huh and Alkhatib disclose the method of claim 10 above, where Alkhatib further discloses comprising:
sending, by the particular user entity communicatively coupled to the first dynamic user private network via a first network access device of the plurality of network nodes, a first plurality of packets to a second user entity communicatively coupled to the first dynamic user private network via a second network access device of the plurality of network nodes (Alkhatib, Paragraphs 0085-0087, devices are in different private networks. Fig 5B, Paragraphs 0092-0094, different traffics within the VCN);
and for each first particular original packet of the first plurality of packets received and after having identifying that the second user entity is associated with the first dynamic user private network, the first network access device sending said first original particular packet, natively or in a particular encapsulating packet, towards the second network access device (Alkhatib, Paragraphs 0093-0096, encapsulation of traffic is performed once membership has been established and the elements are joined in the VCN).


Regarding Claim 16, Huh discloses a method, comprising:
maintaining, by a network control system, dynamic logical of a shared virtual network overlaying a physical network comprising a plurality of network nodes, with said dynamic logical segmentation including a plurality of dynamic user private networks, with a plurality of user entities communicatively coupled to respective personal virtual networks of the plurality of dynamic user private networks via access devices of the plurality of network nodes, and with communication between the plurality of entities via the shared virtual network, without traversing a gateway device, constrained according to said logical segmentation (Huh, Paragraphs 0058, 0080, authentication of users (i.e., user account). Paragraphs 0128-0129, cloud computing system includes a terminal. Paragraph 0135, providing various cloud services to the terminal over a personal virtual network. Paragraph 0206, the market-based cloud service portable (MCSP) includes a virtual private network (VPN) – Examiner’s Note: Page 7 of the Specification of the instant application refers a virtual private network to a logically segmented overlay network).

However, Huh fails to explicitly disclose and wherein, responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies said dynamic logical segmentation to associate a corresponding one of the plurality of entities to a corresponding one of the plurality of dynamic user private networks without disconnecting said corresponding one of the plurality of entities from the shared virtual network, and with both of said corresponding one of the plurality of entities and said corresponding one of the plurality of dynamic user private networks being identified in received electronic particular user request.

Alkhatib, from the same or similar field of endeavor, discloses and wherein, responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies said dynamic logical segmentation to associate a corresponding one of the plurality of entities to a corresponding one of the plurality of dynamic user private networks without disconnecting said corresponding one of the plurality of entities from the shared virtual network, and with both of said corresponding one of the plurality of entities and said corresponding one of the plurality of dynamic user private networks being identified in received electronic particular user request (Alkhatib, Paragraphs 0077-0079, providing a secure Virtual Community Network (VCN) in order for computing devices coupled to public or private networks to join into private enterprises and communicate with each other. Paragraph 0232, member moves to a different or new private network using the VCN).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Huh in view of Alkhatib in order to further modify the method of providing cloud computing services from the teachings of Huh with the method of utilizing a private virtual dynamic network that enable computing devices to join into private enterprises and communicate with each other from the teachings of Alkhatib.
One of ordinary skill in the art would have been motivated because by being able to move between private networks the users will be able to communicate with other users seamlessly (Alkhatib – Paragraphs 0011, 0077).


Regarding Claim 17, the combination of Huh and Alkhatib disclose the method of claim 16 above, where Alkhatib further discloses wherein each of the plurality of dynamic user private networks are associated with a different one of a plurality of user accounts of the shared virtual network (Alkhatib, Paragraph 0078, each device is within their own private domain);
and wherein said received electronic particular user request is authorized via a corresponding one of the plurality of entities associated with said user account associated with said corresponding one of the plurality of dynamic user private networks (Alkhatib, Paragraphs 0077-0079, machines request to join different private networks).


Regarding Claim 18, Huh discloses a network, comprising:
a plurality of physical network nodes providing a shared virtual network, with the plurality of provider network nodes using filtering of packet traffic according to logical segmentation of the shared virtual network to provide a plurality of dynamic user private networks within the shared virtual network that prevents packets being communicated, not via a gateway device, between user entities associated with different dynamic user private networks of the plurality of dynamic user private networks, with each of the plurality of dynamic user private networks associated with a different user account of a plurality of user accounts of the shared virtual network, with each of the plurality of dynamic user private networks associated with one or more logical or physical access points, and with the plurality of dynamic user private networks communicatively coupling entities via said logical or physical access points on respective user private networks of the plurality of dynamic user private networks (Huh, Paragraphs 0058, 0080, authentication of users (i.e., user account). Paragraphs 0128-0129, cloud computing system includes a terminal. Paragraph 0135, providing various cloud services to the terminal over a personal virtual network. Paragraph 0206, the market-based cloud service portable (MCSP) includes a virtual private network (VPN) – Examiner’s Note: Page 7 of the Specification of the instant application refers a virtual private network to a logically segmented overlay network).

However, Huh fails to explicitly disclose and a network control system, responsive in real-time to automated processing of received electronic dynamic user private network modification requests received from corresponding particular user accounts of the plurality of user accounts, performing automated modification of said logical segmentation of the shared virtual network defining which logical or physical access points of the shared virtual network belong to which of the plurality of dynamic user private networks.

Alkhatib, from the same or similar field of endeavor, discloses and a network control system, responsive in real-time to automated processing of received electronic dynamic user private network modification requests received from corresponding particular user accounts of the plurality of user accounts, performing automated modification of said logical segmentation of the shared virtual network defining which logical or physical access points of the shared virtual network belong to which of the plurality of dynamic user private networks  (Alkhatib, Paragraphs 0077-0079, providing a secure Virtual Community Network (VCN) in order for computing devices coupled to public or private networks to join into private enterprises and communicate with each other. Paragraph 0232, member moves to a different or new private network using the VCN).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Huh in view of Alkhatib in order to further modify the method of providing cloud computing services from the teachings of Huh with the method of utilizing a private virtual dynamic network that enable computing devices to join into private enterprises and communicate with each other from the teachings of Alkhatib.
One of ordinary skill in the art would have been motivated because by being able to move between private networks the users will be able to communicate with other users seamlessly (Alkhatib – Paragraphs 0011, 0077).


Regarding Claim 19, the combination of Huh and Alkhatib disclose the method of claim 18 above, where Alkhatib further discloses wherein said automated modification of said logical segmentation of the shared virtual network includes changing a particular logical or physical access points from being associated with a specific to a different dynamic user private network of the plurality of dynamic user private networks for one or more of said received electronic dynamic user private network modification requests (Alkhatib, Paragraph 0088, VCN Manager enables machines to be reached from public and private networks. Paragraph 0089, Private Route Director (PRD) enables access to machines inside the private network from machines outside the private network. Paragraphs 0090-0092, PRD routes communications to member agents in client machines).

Regarding Claim 20, the combination of Huh and Alkhatib disclose the method of claim 18 above, where Alkhatib further discloses wherein said filtering of packet traffic includes dynamic user private network egress packet filtering of each particular packet of a plurality packets based on a matching of a packet marking User Private Network Identifier (UPN-ID) associated with said logical or physical access points on which said particular packet was received from a sending user entity, and an egress UPN-ID associated with said logical or physical access points from which said particular packet is to be communicated to a receiving user entity (Alkhatib, Paragraphs 0096-0098, encapsulating packets in order to address routing endpoints. Paragraph 0104, routing traffic to private addresses);
wherein the packet marking UPN-ID is added to said particular packet or included in an encapsulating packet encapsulating said particular packet (Alkhatib, Paragraph 0091, encapsulating packets used between elements in establishing communication between joined devices and for management traffic. Paragraph 0096, encapsulation routing protocol allows packets to traverse addressing boundaries and identifies routing endpoints by unique DNS domain names. Paragraph 0104, routing encapsulated traffic to private address domains).





Claims 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Huh in view of Alkhatib and in further view of Andrey Mizik et al (US 20180351904 A1), hereinafter “Mizik”.

Regarding Claim 13, the combination of Huh and Alkhatib disclose the method of claim 12 above, where Alkhatib further discloses comprising:
sending, by the particular user entity communicatively coupled to the first dynamic user private network via a first network access device of the plurality of network nodes, a first plurality of packets to a second user entity communicatively coupled to the first dynamic user private network via a second network access device of the plurality of network nodes (Alkhatib, Paragraphs 0085-0087, devices are in different private networks. Fig 5B, Paragraphs 0092-0094, different traffics within the VCN);
for each first particular original packet of the first plurality of packets received, the first network access device encapsulating said first original particular packet in a particular encapsulating packet including said unique UPN-ID corresponding to the first dynamic user private network and then sending said particular encapsulating packet towards the second network access device (Alkhatib, Paragraphs 0093-0096, encapsulated traffic is used by elements of the VCN one membership has been established and the elements are joined in the VCN).

However, the combination of Huh and Alkhatib fail to explicitly disclose and specific egress processing based on said unique UPN-ID corresponding to the first dynamic user private network by the second network access device for each received specific packet of the first plurality of packets; wherein said specific egress processing includes dropping said received specific packet in response to said received specific packet not including said unique UPN-ID corresponding to the first dynamic user private network, and decapsulating an original packet from said received specific packet and forwarding the original packet to the second user entity responsive to said received specific packet including said unique UPN-ID corresponding to the first dynamic user private network.

Mizik, from the same or similar field of endeavor, discloses and specific egress processing based on said unique UPN-ID corresponding to the first dynamic user private network by the second network access device for each received specific packet of the first plurality of packets (Mizik, Paragraph 0014, admin of virtual private cloud (VPC) specifies rules for domain name ((e.g., a domain should be resolved to a specific internet protocol [IP] address, or may specify that a domain name should be “blackholed” (e.g., resolution requests for that domain should not be processed, which may at least partially prevent users from accessing the domain name)). Paragraph 0054, blackholing a request and prevent a request from accessing resources at the requested domain. Paragraph 0066, obtaining rules to determine an action specified by the rules (e.g., blackholing the request));
wherein said specific egress processing includes dropping said received specific packet in response to said received specific packet not including said unique UPN-ID corresponding to the first dynamic user private network, and decapsulating an original packet from said received specific packet and forwarding the original packet to the second user entity responsive to said received specific packet including said unique UPN-ID corresponding to the first dynamic user private network (Mizik, Paragraph 0059, on receiving the resolution request, the adaptive DNS resolver 820 can identify the specific VPC 810 from which the request was received by detecting the VPC identifier included within or associated with the request (which may include, for example, extracting the VPC identifier from data packets before decapsulating the request from the data packets). Paragraph 0066, obtaining rules to determine an action specified by the rules (e.g., forwarding the request to a private DNS server)).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Huh in view of Alkhatib and in further view of Mizik in order to further modify the method of providing cloud computing services from the teachings of Huh and the method of utilizing a private virtual dynamic network that enable computing devices to join into private enterprises and communicate with each other from the teachings of Alkhatib with the method of adaptive handling of domain resolution requests originating from a virtual private cloud networking environment from the teachings of Mizik.
One of ordinary skill in the art would have been motivated because by implementing different routing rules, there would be a way to maintain control of the requests based on their behavior (Mizik – Paragraph 0064).

Regarding Claim 14, the combination of Huh, Alkhatib, and Mizik, disclose the method of claim 13 above, where Alkhatib further discloses comprising prior to said encapsulating said first original particular packet, the first network access device identifying that the second user entity is associated with said unique UPN-ID corresponding to the first dynamic user private network (Alkhatib, Paragraph 0093, encapsulation of traffic is performed once membership has been established and the elements are joined in the VCN).



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. All the references listed on 892 are related to the subject matter of communications between private networks.
Some of the prior art include:
US 20210119961 A1, US 10313224 B2, and US 20070058638 A1.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAVIER O GUZMAN whose telephone number is (571)270-0588. The examiner can normally be reached Monday - Friday 8 am to 4 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian J Gillis can be reached on 571-272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAVIER O GUZMAN/Primary Examiner, Art Unit 2446