DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 8/17/2022.
Claims 1, 29 and 35 have been amended.
Claims 1-35 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Regarding to the 112(f) interpretation, Applicant has not provided any argument regarding to the 112(f) interpretation recited in the office action mailed on 6/8/2021.  
The limitations of claims 1 and 35 “Each VCRE instance configured to … execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet” and “Each VCRE instance configured to … execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet” are being treated in accordance with 112(f) because the associated function is modified by a word (section) that serves as a generic placeholder (i.e., the claim uses a term that is a substitute for “means”).
In conclusion, since the claims recite a generic place holder coupled with functional language but fails to recite sufficiently definite structure, material or acts to perform that function, the claim limitations are being interpreted as invoking 112(f).  Therefore, the interpretation has been maintained.
The rejection under 35 U.S.C. 112(b) of claims 1-34 has been withdrawn.  The rejection under 35 U.S.C. 112(b) of claim 35 has been maintained because It is unclear if the policy rules applied to the data packet between the packet-based network and the cellular-based network or the policy rules applied to the data packet between the VCRE instance and an external network.
Applicant's arguments filed on 8/17/2022 have been fully considered but they are not persuasive.  
Applicant argues on page 11 of the Remarks that Zhang teaches both the cellular-based network segment and the packet-based network segment.  Zhang fails to teach the policy rules apply just to the traffic on the cellular-based network segment.  Examiner respectfully disagrees with the Applicant’s argument.  Examiner respectfully disagrees.  Zhang does teach the policy rules apply just to the traffic on the cellular-based network segment (Zhang: paragraphs 0039, 0043 and 0117, “the CDN CN may provide information about the selected CDN DN and other information to the ANDSF node, in order to generate Inter-APN routing policy for the UE to access the requested CDN service” … “An ANDSF node, which is sometimes called as “ANDSF”, is an entity within an evolved packet core (EPC) of the system architecture evolution (SAE) for 3GPP compliant mobile networks. The purpose of the ANDSF is to assist UE to discover non-3GPP access networks—such as Wi-Fi or WIMAX—that can be used for data communications in addition to 3GPP access networks (such as HSPA or LTE) and to provide the UE with rules policing the connection to these networks.”).  Therefore, Applicant’s arguments are not persuasive.  The 103 rejection has been maintained.
 Applicant further argues on pages 11 and 12 of the Remarks that Zhang reference fails to teach the limitation “wherein at least one VCR instance defines customized access point names” recited in claim 7.  Examiner respectfully disagrees.  Examiner notes that claim 7 does not recite how the APN is customized.  Under BRI,  Zhang teaches that OMA DM may be used to configure operation specific information like APN to UE to facilitate the network access (Zhang: paragraphs 0006, 0011, 0044 and 0118).  Therefore, the combined prior arts do teach the disputed limitations.
Applicant’s arguments with respect to claim(s) 1-35 have been considered but are moot.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-35 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Regarding claims 1, 29 and 35, the claims recite “the VCRE instance ”.  The claims lack sufficient written description to show the applicant possessed the full scope of the invention recited in the claim, the specification must describe the claimed invention in sufficient detail that one skilled in the art can reasonably conclude that the inventor had possession of the claimed invention at the time of filing.  See Reiffin v. Microsoft Corp., 214 F.3d 1342, 1345 (Fed. Cir. 2000) and MPEP 2161.01 (I).
Applicant’s specification does not describe an algorithm/steps/flows that perform the function “the VCRE instance operated not a cellular-based network operator, a cellular-based network customer being a bearer of services of the cellular-based network and a cellular-based network operator being a provider of services of the cellular-based network” in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter.
The Applicant is respectfully reminded that the MPEP section 2163.02, “An applicant shows possession of the claimed invention by describing the claimed invention with all of its limitations using such descriptive means as words, structures, figures, diagrams, and formulas that fully set forth the claimed invention. Lockwood v. Am. Airlines, Inc., 107 F.3d 1565, 1572, 41 USPQ2d 1961, 1966 (Fed. Cir. 1997); and MPEP section 2163.03, "Even if a claim is supported by the specification, the language of the specification, to the extent possible, must describe the claimed invention so that one skilled in the art can recognize what is claimed. The appearance of mere indistinct words in a specification or a claim, even an original claim, does not necessarily satisfy that requirement." See Enzo Biochem, Inc. v. Gen-Probe, Inc., 323 F.3d 956, 968, 63 USPQ2d 1609, 1616 (Fed. Cir. 2002).  Possession may be shown in a variety of ways including description of an actual reduction to practice, or by showing that the invention was "ready for patenting" such as by the disclosure of drawings or structural chemical formulas that show that the invention was complete, or by describing distinguishing identifying characteristics sufficient to show that the applicant was in possession of the claimed invention.”  Here, the Examiner does not find the description, drawing or formula as complete nor distinguishing to show that the applicant was in possession of the claimed invention.
Claims 2-28 and 30-34 are dependent claims depended on claims 1 and 29 respectively.  The claims 2-28 and 30-34 are rejected for the same reasons as that of parent claims 1 and 29, respectively.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-35 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding independent claims 1-34, the claims are rejected for lack of sufficient written description.  According to MPEP 2161.01 (I), a rejection under 35 U.S.C. 112(b) or the second paragraph of pre-AIA  35 U.S.C. 112 must be made in addition to the written description rejection.  According to MPEP 2173, 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph requires that a patent application specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.  A secondary purpose is to provide a clear measure of what the inventor or a joint inventor regards as the invention so that it can be determined whether the claimed invention meets all the criteria for patentability and whether the specification meets the criteria of 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph with respect to the claimed invention.  Therefore, the claims 1-34 must be rejected under 112(b) because it does not comply with written description requirement under 35 U.S.C 112(a).
Regarding claim 35, claim 35 recites the limitation “wherein the one or more policy rules are policy rules designed to be applied to traffic between the VCRE instance and the cellular-based network”.  It is unclear if the policy rules applied to the data packet between the packet-based network and the cellular-based network or the policy rules applied to the data packet between the VCRE instance and an external network.  According to the Applicant’s specification, paragraph 104 discloses that VCRE defines routing rules for communications between mobile devices and the external network, see figure 17 below for illustration.  Further clarification is required.

    PNG
    media_image1.png
    681
    994
    media_image1.png
    Greyscale
  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Varadhan et al. (US 8316435) (hereinafter Varadhan) in view of Zhang et al. (US 20160150464) (hereinafter Zhang).
Regarding claim 1, Varadhan teaches a PDN Integrated Customized Network Edge Enabler and Controller (PICNEEC), executable by one or more hardware processors, for operation by a mobile network provider, comprising: a memory (Varadhan: column 13 lines 14-25, “program code having executable instructions fetched from a computer-readable storage medium (not shown). Examples of such media include random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), electrically erasable programmable read-only memory (EEPROM), flash memory, and the like”); and at least one Virtual Customized Rules Enforcer (VCRE) instance, each VCRE instance corresponding to a group of mobile devices and defining a set of policies personalized for the group of mobile devices, each VCRE instance configured to, upon receiving a data packet communicated between a packet-based network and a mobile device in the corresponding group via a radio network, the radio network being a cellular-based network, execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet (Varadhan: see figure 9 
    PNG
    media_image2.png
    666
    894
    media_image2.png
    Greyscale
; and column 16 lines 10-20, “firewall 208 has been logically partitioned into multiple virtual security systems 240A-240X to provide multi-tenant security services. That is, virtual security systems 240 represent logically partitioned firewall instances providing separate security services, including MPLS-aware zone-based firewall services,that are applied by firewall 208. Router 200 presents virtual security systems 240 as logically independent firewalls that can be independently configured even though the virtual security systems may share computing resources of service cards 224.”), each VCRE instance controlled independently of one another via direct accessing of the VCRE instance by a different customer of the mobile network provider (Varadhan: see figure 11 
    PNG
    media_image3.png
    440
    894
    media_image3.png
    Greyscale
; and column 16 lines 34-45, “Each of virtual security systems 240 is presented to the corresponding VSYS administrator 209 as a unique security domain, and the VSYS administrator 209 for each virtual system 240 can individualize their security domain by defining specific zones and policies to be applied to traffic associated with that virtual system 240. Each virtual security system 240 can be configured to have its own totally separated set of security zones, policy rule set and management domain”).
Varadhan does not explicitly disclose the following limitation which is disclosed by Zhang, wherein the one or more policy rules are policy rules designed to be applied to traffic between the VCRE instance and an external network (Zhang: see figure 1; and paragraphs 0009-0012, 0015, 0017, 0063-0070, “any one of the CDN DNs may provide the CDN service requested by a UE, the inter-APN routing policy may be generated as comprising multiple APNs associated with PDNs in which the selected CDN DNs are located. Such an inter-APN routing policy may indicate that the UE may use any one of the APNs to access the associated PDN so as to be served by the CDN DN located in the PDN. In addition, such an inter-APN routing policy may comprise a list of the multiple APNs, which may be assigned with a priority level based on the service capability, throughput, workload, failure rate and the like of each associated PDN or CDN DN. When receiving the inter-APN routing policy, the UE will understand that there are multiple APNs which have the ability to provide the requested CDN service, and the UE may select one from these APNs according to their priority levels”), the VCRE instance operated by a cellular-based network customer of a mobile network provider operating the PICNEEC and not a cellular-based network operator, a cellular-based network customer being a bearer of services of the cellular-based network and a cellular-based network operator being a provider of services of the cellular-based network (Zhang: paragraphs 0039, 0043 and 0117, “the CDN CN may provide information about the selected CDN DN and other information to the ANDSF node, in order to generate Inter-APN routing policy for the UE to access the requested CDN service” … “An ANDSF node, which is sometimes called as “ANDSF”, is an entity within an evolved packet core (EPC) of the system architecture evolution (SAE) for 3GPP compliant mobile networks. The purpose of the ANDSF is to assist UE to discover non-3GPP access networks—such as Wi-Fi or WIMAX—that can be used for data communications in addition to 3GPP access networks (such as HSPA or LTE) and to provide the UE with rules policing the connection to these networks.”).  Varadhan and Zhang are analogous art because they are from the same field of endeavor, network routing and security within a mobile radio network.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Varadhan and Zhang before him or her, to modify the system of Varadhan to include one or more policy rules are policy rules designed to be applied to traffic between the VCRE instance and the cellular-based network of Zhang.  The suggestion/motivation for doing so would have been to dynamically provide, to a UE, information associated with a CDN service requested by the UE, to improve the probability of successful access (Zhang : paragraph 0007).
Regarding claim 29, claim 29 discloses a method claim that is substantially equivalent to the PICNEEC of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 29 and rejected for the same reasons.

Claims 2-9 and 21-34 are rejected under 35 U.S.C. 103 as being unpatentable over Varadhan in view of Zhang, and further in view of DAHOB et al. (US 20120166618) (hereinafter DAHOB).
Regarding claims 2 and 30, Varadhan in view of Zhang does not explicitly teach the following limitation which is disclosed by DAHOD, wherein the data packet is routed between a Serving General Packet Radio Service (GPRS) Support Node/Serving (SGSN) and a Gateway GPRS Support Node (GGSN) internal to the PICNEEC (DAHOD: paragraphs 0047, 0058 and 0114, “(SGSN) can be implemented on a gateway 142 with a mobility management entity (MME). The GERAN 138 can communicate through the SGSN functionality on gateway 142 to serving gateway ( SGW) 144 or gateway GPRS support node ( GGSN)/PGW 146”).  Varadhan in view of Zhang and DAHOB are analogous art because they are from the same field of endeavor, secure communications.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Varadhan in view of Zhang and DAHOB before him or her, to modify the system of Varadhan in view of Zhang to include the routing mechanism between GPRS and GGSN of DAHOB.  The suggestion/motivation for doing so would have been for efficiently utilizing network resources by providing adaptive intelligence to data packet routing systems (DAHOB : see Abstract).
Regarding claims 3 and 31, Varadhan as modified teaches wherein the data packet is routed between a Serving Gateway (SGW) and a Packet Data Network Gateway (PGW) internal to the PICNEEC (DAHOD: see figure 1; and paragraphs 0039 and 0042, “The SGW sits in the user plane where it forwards and routes packets to and from the eNodeB and PGW”). The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claims 4 and 32, Varadhan as modified teaches wherein the data packet is routed between a Serving General Packet Radio Service (GPRS) Support Node/Serving (SGSN) and a Gateway GPRS Support Node (GGSN) external to the PICNEEC, the external GGSN handling data for an Internet Protocol (IP) connectivity access network through the PICNEEC (DAHOD: paragraphs 0043, “The PGW provides connectivity to the UE to external packet data networks by being the point of exit and entry of traffic for the UE. A UE may have simultaneous connectivity with more than one PGW for accessing multiple packet data networks”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claims 5 and 33, Varadhan as modified teaches wherein the data packet is routed between a Serving Gateway (SGW) and a PGW external to the PICNEEC, the external PGW handling data for an IP connectivity access network through the PICNEEC (DAHOD: paragraphs 0043, 0058 and 0073, “The PGW provides connectivity to the UE to external packet data networks by being the point of exit and entry of traffic for the UE”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claims 6 and 34, Varadhan as modified teaches wherein the data packet is routed through a mobile network serving packet gateway that handles the data packet through the PICNEEC (DAHOD: paragraphs 0043, 0058 and 0073, “The PGW provides connectivity to the UE to external packet data networks by being the point of exit and entry of traffic for the UE”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 7, Varadhan as modified teaches wherein at least one VCRE instance defines customized access point names (APNs) (Zhang: paragraphs 0006, 0044 and 0118 , “OMA DM may be used to configure operation specific information like access point name (APN) to UE to facilitate the network access”… “As an alternative, if there was an Inter-APN routing policy in the ANDSF node, it may be updated with the newly-generated Inter-APN routing policy. The ANDSF node may provide the Inter-APN routing policy to the UE by sending a message e.g., as defined by an existing specification”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 8, Varadhan as modified teaches wherein at least one VCRE instance is an independent virtual network function (DAHOD: paragraphs 0037 and 0114, “The system can be virtualized to support multiple logical instances of services, such as technology functions (e.g., a SeGW PGW, SGW, MME, HSGW, PDSN, ASNGW, PDIF, HA, or GGSN)”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 9, Varadhan as modified teaches wherein at least one VCRE instance is an independent physical network function (DAHOD: paragraphs 0054 and 0113, “The data traffic through the AIR-controller 150 indicates the default or normal user data traffic independent of the AIR framework.”… “The network processing unit determines packet processing requirements; receives and transmits user data frames to/from various physical interfaces; makes IP forwarding decisions”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 21, Varadhan as modified teaches wherein a customer defines a corresponding VCRE instance by defining a virtual private network (VPN) between the corresponding VCRE instance and an external network (DAHOD: paragraphs 0120 and 0124, “Virtual private network (VPN) subsystem manages the administrative and operational aspects of VPN-related entities in the network device, which include creating separate VPN contexts, starting IP services within a VPN context, managing IP pools and subscriber IP addresses, and distributing the IP flow information within a VPN context”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 22, Varadhan as modified teaches wherein a customer defines the corresponding VCRE instance by defining network routing between the corresponding VCRE instance and IP connectivity networks (DAHOD: paragraphs 0068 and 0087, “the AIR-router 154 can detect this inconsistency and inform the AIR-controller 150, which can subsequently provision the AIR-client 152 to modify the policy (AIR protocol) on the AIR-client”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 23, Varadhan as modified teaches wherein a customer defines the corresponding VCRE instance by defining firewall rules for packet data traffic passing through the corresponding VCRE instance (DAHOD: paragraph 0047, “routing and enhanced services, such as enhanced charging, stateful firewalls, traffic performance optimization”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 24, Varadhan as modified teaches wherein a customer defines the corresponding VCRE instance by defining network address translation (NAT) rules for packet data traffic passing through the corresponding VCRE instance (DAHOD: paragraph 0051, “the AIR-router can be discovered using a DNS or AAA based discovery procedures, and the security association can be carried out using IKEv2. An AIR-router can also implement charging models, LI, and analytics, and may not require a network address translation (NAT)”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 25, Varadhan as modified teaches wherein a customer defines the corresponding VCRE instance by defining domain name system (DNS) settings for packet data traffic passing through the corresponding VCRE instance (DAHOD: paragraph 0051, “the AIR-router can be discovered using a DNS or AAA based discovery procedures, and the security association can be carried out using IKEv2.”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 26, Varadhan as modified teaches wherein a customer defines the corresponding VCRE instance by defining security rules for packet data traffic passing through the corresponding VCRE instance (DAHOD: paragraphs 0049-0050, “policy information for mobile devices, (2) set up and enforce the policies in mobile devices, and (3) manage the loaded policies on mobile devices… For instance, business logic can specify that a first type of data is delivered to a user equipment using a first policy (i.e., delivering voice data using 3G) and a second type of data is delivered using a second policy (i.e., delivering video data using 4G.)).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 27, Varadhan as modified teaches wherein a customer defines the corresponding VCRE instance by assigning IP addresses to mobile devices (DAHOD: paragraphs 0050, 0052 and 0059, “an AIR-client can implement different policies for different data types. For example, an AIR-client can decide to use one IP address established in accordance with 3G to transfer voice data and another IP address established in accordance with 4G to transfer video data, thereby controlling the QoS for different data types”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.
Regarding claim 28, Varadhan as modified teaches wherein a customer defines the corresponding VCRE instance by defining Hypertext Transfer Protocol Header Enrichment (HHE) rules for traffic passing through the corresponding VCRE instance (DAHOD: paragraphs 0064-0065 and 0077-0078, “the AIR-client 152 can perform an Application X control transaction (e.g. HTTP GET operation) to an application server via the AIR-controller 150. The communication takes place over the PDN connection, PDP context or a MIP connection”).  The same motivation to modify Varadhan in view of Zhang in view of DAHOB, as applied in claims 2 and 30 above, applies here.

Claims 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over Varadhan in view of Zhang in view of Qureshi et al. (US 20140007222) (hereinafter Qureshi).
Regarding claim 10, Varadhan in view of Zhang does not teach the following limitation which is taught by Qureshi, wherein at least one VCRE instance is a subset of rules in a larger network function, wherein the customer can only access the specific subset of rules (Qureshi: paragraphs 0057 and 0075, “employees to use a custom-developed enterprise application for accessing cloud-based storage, the enterprise can modify (or have modified) a popular, commercially-available mobile application with which users are already familiar. Further, different versions of a given application (with different authentication methods, encryption levels, etc.) can be created for different types of employees”).  Varadhan in view of Zhang and Qureshi are analogous art because they are from the same field of endeavor, access restriction.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Varadhan in view of Zhang and Qureshi before him or her, to modify the system of Varadhan in view of Zhang to include the subset of rules of Qureshi.  The suggestion/motivation for doing so would have been to protect enterprise resources, including confidential and/or sensitive information (Qureshi: paragraph 0006).
Regarding claim 11, Varadhan as modified teaches the following limitation which is disclosed by Qureshi, wherein at least one VCRE instance is created by a customer using a VCRE rules function (RCF) console (Qureshi: paragraph 0175, “A tunneling mediator or related system can include an interface, such as a web console, for viewing, creating, and editing tunnel definitions. The interface can also allow an administrator or other person to view data associated with mobile devices”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 12, Varadhan as modified teaches wherein the RCF console is a Secure Shell (SSH) access (Qureshi: paragraph 0055, “This may be accomplished in part through mobile device software that creates a secure environment or shell in which the enterprise mobile applications can run and store data. This secure environment or shell may, for example, prevent the personal applications installed on a mobile device from accessing the documents and other data stored on the mobile device by the enterprise applications”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 13, Varadhan as modified teaches wherein at least one VCRE instance is created by a customer using a VCRE rules function (RCF) application (Qureshi: paragraph 0175, “A tunneling mediator or related system can include an interface, such as a web console, for viewing, creating, and editing tunnel definitions.”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 14, Varadhan as modified teaches wherein the RCF application is an application program interface (API) (Qureshi: paragraph 0084, “The enterprise agent 320 collects information about the mobile device's configuration using standard operating system APIs and mechanisms, and/or using its own APIs and mechanisms”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 15, Varadhan as modified teaches wherein the RCF application is a website (Qureshi: paragraph 0194, “Using an application tunnel to perform content filtering can be implemented with features related to modifying a pre-existing mobile application, and/or through the use of a secure web browser as described below”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 16, Varadhan as modified teaches wherein the RCF application is a dedicated computer program (Qureshi: paragraph 0195, “The enterprise agent 320 communicates via a wireless network (WIFI, cellular, etc.) with the mobile device management system 126, which may, for example, be implemented on a dedicated server within the enterprise system 110. The mobile device management system 126 illustrated in FIG. 25 includes a web admin console 126a that enables administrators, via a web-based interface, to configure and deploy application tunnels between mobile devices 120 and application servers”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 17, Varadhan as modified teaches wherein the RCF console manages at least one VCRE instance directly (Qureshi: paragraph 0175, “The interface can also allow an administrator or other person to view data associated with mobile devices adapted to connect via application tunnels”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 18, Varadhan as modified teaches wherein the RCF application manages at least VCRE instance directly (Qureshi: paragraph 0175, “The interface can also allow an administrator or other person to view data associated with mobile devices adapted to connect via application tunnels”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 19, Varadhan as modified teaches wherein the RCF console connects to a central RCF that manages at least one of the VCRE instances (Qureshi: paragraph 0175, “The interface can also allow an administrator or other person to view data associated with mobile devices adapted to connect via application tunnels”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.
Regarding claim 20, Varadhan as modified teaches wherein the RCF application connects to a central RCF that manages at least one of the VCRE instances (Qureshi: paragraph 0175, “The interface can also allow an administrator or other person to view data associated with mobile devices adapted to connect via application tunnels”).  The same motivation to modify Varadhan in view of Zhang in view of Qureshi, as applied in claim 10 above, applies here.

Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Varadhan in view of Zhang in view of Casanova (US 20150356498) (hereinafter Casanova).
Regarding claim 35, Varadhan teaches a PDN Integrated Customized Network Edge Enabler and Controller (PICNEEC) , executable by one or more hardware processors, for operation by a mobile network provider, comprising: at least one Virtual Customized Rules Enforcer (VCRE) instance, each VCRE instance corresponding to a group of mobile devices and defining a set of policies personalized for the group of mobile devices, each VCRE instance configured to, upon receiving a data packet communicated between a packet-based network and a mobile device in the corresponding group via a radio network, the radio network being a cellular-based network, execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet (Varadhan: see figure 9 
    PNG
    media_image2.png
    666
    894
    media_image2.png
    Greyscale
; and column 16 lines 10-20, “firewall 208 has been logically partitioned into multiple virtual security systems 240A-240X to provide multi-tenant security services. That is, virtual security systems 240 represent logically partitioned firewall instances providing separate security services, including MPLS-aware zone-based firewall services, that are applied by firewall 208. Router 200 presents virtual security systems 240 as logically independent firewalls that can be independently configured even though the virtual security systems may share computing resources of service cards 224.”), each VCRE instance controlled independently of one another via direct accessing of the VCRE instance by a different customer of the mobile network provide (Varadhan: see figure 11 
    PNG
    media_image3.png
    440
    894
    media_image3.png
    Greyscale
; and column 16 lines 34-45, “Each of virtual security systems 240 is presented to the corresponding VSYS administrator 209 as a unique security domain, and the VSYS administrator 209 for each virtual system 240 can individualize their security domain by defining specific zones and policies to be applied to traffic associated with that virtual system 240. Each virtual security system 240 can be configured to have its own totally separated set of security zones, policy rule set and management domain”).
Varadhan does not explicitly disclose the following limitation which is disclosed by Zhang, wherein the one or more policy rules are policy rules designed to be applied to traffic between the VCR instance and the cellular-based network (Zhang: see figure 1; and paragraphs 0063-0070, “any one of the CDN DNs may provide the CDN service requested by a UE, the inter-APN routing policy may be generated as comprising multiple APNs associated with PDNs in which the selected CDN DNs are located. Such an inter-APN routing policy may indicate that the UE may use any one of the APNs to access the associated PDN so as to be served by the CDN DN located in the PDN. In addition, such an inter-APN routing policy may comprise a list of the multiple APNs, which may be assigned with a priority level based on the service capability, throughput, workload, failure rate and the like of each associated PDN or CDN DN. When receiving the inter-APN routing policy, the UE will understand that there are multiple APNs which have the ability to provide the requested CDN service, and the UE may select one from these APNs according to their priority levels”).  Varadhan and Zhang are analogous art because they are from the same field of endeavor, network routing and security within a mobile radio network.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Varadhan and Zhang before him or her, to modify the system of Varadhan to include one or more policy rules are policy rules designed to be applied to traffic between the VCR instance and the cellular-based network of Zhang.  The suggestion/motivation for doing so would have been to dynamically provide, to a UE, information associated with a CDN service requested by the UE, to improve the probability of successful access (Zhang : paragraph 0007).
Varadhan in view of Zhang does not explicitly teach the following limitation which is taught by Casanova, wherein the PICNEEC is simultaneously connected to a 3G/4G network and a Low Power Wide Area Network (LPWAN) (Casanova: paragraphs 0091 and 0094-0095, “a low power wide area network 248 can be used, such as is provided by SIGFOX, together with SIGFOX enabled devices”), the VCRE instance operated by a cellular-based network customer of a mobile network provider operating the PICNEEC and not a cellular-based network operator, a cellular-based network customer being a bearer of services of the cellular-based network and a cellular-based network operator being a provider of services of the cellular-based network (Zhang: paragraphs 0039, 0043 and 0117, “the CDN CN may provide information about the selected CDN DN and other information to the ANDSF node, in order to generate Inter-APN routing policy for the UE to access the requested CDN service” … “An ANDSF node, which is sometimes called as “ANDSF”, is an entity within an evolved packet core (EPC) of the system architecture evolution (SAE) for 3GPP compliant mobile networks. The purpose of the ANDSF is to assist UE to discover non-3GPP access networks—such as Wi-Fi or WIMAX—that can be used for data communications in addition to 3GPP access networks (such as HSPA or LTE) and to provide the UE with rules policing the connection to these networks.”).  Varadhan in view of Zhang and Casanova are analogous art because they are from the same field of endeavor, network routing and security.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Varadhan in view of Zhang and Casanova before him or her, to modify the system of Varadhan in view of Zhang to include the LPWAN of Casanova.  The suggestion/motivation for doing so would have been to support available cellular network requirements (Casanova: paragraph 0092).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431