DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112 

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 16-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 16 recites limitation “The computer-readable storage medium of claim 15”. There is insufficient antecedent basis for this limitation in the claim. Note that claim 15 recites “A non-transitory computer-readable storage medium”, the term “The computer-readable storage medium” in the claim needs to be replaced by “The non-transitory computer-readable storage medium” to be consistent with the parent claim 15. 
Claims 17-20 are rejected because they have the same problem explained above. 
Correction is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11425026 (hereinafter P11425026) Although the claims at issue are not identical, they are not patentably distinct from each other because of the following.
For claim 1, P11425026 discloses a method for establishing a secure communication network over an insecure public communication network (claim 1 “multicast data over a public communication network” and “virtual network overlay transmission”) by a first network appliance (claim 1 “a first network appliance, … the first network appliance, designated as a rendezvous point for a multicast data transmission”), the method comprising: 
creating, by an orchestrator device (claim 6 “orchestrator device”), a secure interface channel (claim 1 “a virtual interface of the first network appliance”) between the first network appliance and a second network appliance (claim 1 “second network appliance receives the multicast data transmission”) in a plurality of network appliances, wherein the secure interface channel creates an overlay network to generate the secure communication network (claim 1 “a virtual network overlay”), and wherein the overlay network is used to transmit data in a secure manner over the insecure public communication network (claim 1 “transmitting the virtual network overlay transmission from the first network appliance over the public communication network to the second network appliance”); and 
using the secure interface channel, enabling, by the orchestrator device, a transmission of multicast data as a single stream of packets from the first network appliance to the second network appliance (claim 1 “transmitting the multicast data transmission by the second network appliance to a receiving computing device”), wherein the single stream of packets is split across a plurality of sites absent user intervention (claim 1 “transmitting the multicast data”).
Independent claims 8 and 15 are rejected because each of them has the same subject matter as claim 1.
As to claims 2, 9 and 16, D1 discloses claims 1, 8 and 15, further comprising: determining, by the orchestrator device, which network appliance in the plurality of network appliances participates in the secure/overlay communication network (claim 1 “transmitting the virtual network overlay transmission from the first network appliance over the public communication network to the second network appliance”).
As to claims 3, 10 and 17, D1 discloses claims 1, 8 and 15, further comprising: creating, by the orchestrator device, one or more forwarding states using a PIM-SM protocol (claim 4 “the second network appliance requests to receive the multicast data transmission from the first network appliance via a PIM-SM message”), wherein the forwarding states correspond to /different(claim 10) /additional(claim 17) overlay to send the data (claim 1 “transmitting the virtual network overlay transmission from the first network appliance over the public communication network to the second network appliance”).
As to claims 4, 11 and 18, D1 discloses claims 1, 8 and 15 D1 wherein a PIM-SM protocol computes forwarding states running in the first network appliance connected to the multicast source (claim 4 “the second network appliance requests to receive the multicast data transmission from the first network appliance via a PIM-SM message”). 
As to claims 5, 12 and 19, D1 discloses claim 1, further comprising: creating, by the orchestrator device, a tree of network paths, wherein the tree of network paths comprises routes split across the plurality of geographical sites from a multicast source to the first network appliance to receivers that are present in the secure communication network (claim 7 “create one or more virtual paths in the virtual overlay network automatically”, note that a tree of network paths is a math presentation of network paths, it does not carry any patentable weight).
As to claims 6, 13 and 20, D1 discloses claims 1, 13 and 20, wherein the insecure public communication network is a public wide area network (WAN) (claim 1 “a public communication network”; note that most commonly used public communication network is Internet, which is a WAN). 
As to claims 7 and 14, D1 discloses claims 6 and 13, wherein the first network appliance is ignorant of creation or setup of the overlay network by the orchestrator device (This claim limitation does not carry any patentable weight because whether including a specific device in an overlay network is a design choice according to MEPE 2143(F))). 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over D1 (US 20190207779 A1) in view of Dutta (US 10608922 B2)
For claim 1, D1 discloses a method for establishing a secure communication network over an insecure public communication network by a first network appliance (FIG. 2 shows a secure network OLN 210 over insecure public network ULN 220 and a first network device such as VTEP 225 or rendezvous point 250, or [0051]: "… a method 500 for communicating multicast traffic." And [0052]: "the method 500 registers a network device as a VTEP of a VXLAN. For example, the network device may be configured as a VTEP for the VXLAN. As discussed above, the VXLAN may include an overlay network and the overlay network is implemented on an underlay network." and [0044] “the network switch 230 may encapsulate or perform network address translation on the multicast traffic received from the multicast source 401 for the control plane” note that encapsulation or network address translation is a way to create a secure interface channel. VXLAN also suggests a secure communication network), the method comprising: 
creating an secure interface channel between the first network appliance and a second network appliance (VTEP 245 in FIG. 1) in a plurality of network appliances (FIG. 2 shows VTEP 225, 235, 245 and RP 250), wherein the secure interface channel creates an overlay network to generate the secure communication network, and wherein the overlay network is used to transmit data in a secure manner over the insecure public communication network ([0025] “FIG. 2 is a network diagram showing a network architecture 300, in accordance with some embodiments of the present disclosure. In one embodiment, the network architecture 300 may implement a VXLAN. The network architecture 300 a multicast source 201, a multicast receiver 202, an overlay network (OLN) 210, an underlay network (ULN) 220, a network device 230, a network device 240, a rendezvous point (RP) 250, a multicast source 303, a multicast receiver 304, and a network device 360. The multicast sources 201 and 303 may be computing device s(e.g., a desktop computer, a laptop computer, a tablet computer, a smartphone, a cellular phone, etc.) or network devices (e.g., a network switch, a network router, etc.) that transmits multicast traffic. As discussed above, multicast traffic may be traffic (e.g., data, packets, messages, frames, etc.) that is transmitted to a group of destination or receiving devices. For example, multicast traffic may be traffic that is addressed to a group address or a multicast address. The multicast address or group address may be a logical identifier for the group destination or receiving devices. The multicast source 201 may transmit multicast traffic to the devices that are identified by the group address or multicast address. The multicast receivers 202 and 304 may be computing devices or network devices that receives multicast traffic”; note that OLN and VXLAN have secure interfaces); and 
using the secure interface channel enabling a transmission of multicast data as a single stream of packets from the first network appliance to the second network appliance (FIG. 2 in view of [0028] “In one embodiment, the internet protocol (IP) address of the VTEP 225 and the VTEP 245 may be reachable in the underlay network 220. For example, the VTEP 225 may be able to reach the UP address of the VTEP 225 and vice versa. In another embodiment, the rendezvous point 250 may be configured for the group address or multicast by the multicast source 201. The rendezvous point 250 may also reachable in the underlay network 220 (e.g., the IP address of the rendezvous point 250 may be reachable in the underlay network 220)”), wherein the single stream of packets is split across a plurality of sites absent user intervention. (FIG. 2 shows that the packets in the stream between the first network appliance and the second network appliance in an overlay network is implemented by the multicast traffic split across a plurality of sites in the underlay network in view of [0021] “the IP address of the multicast source may be translated to a different IP address of the multicast traffic from the multicast source 201 may be encapsulated with an encapsulating protocol. Furthermore, by the definition, multicast communication sends a stream from a source node to a destination node via different paths without user intervention).
D1 is silent on but Dutta, in the same field of endeavor of multicast communication in virtual network, discloses the secured interface channel is created and enabled by an orchestrator (c48/l2-6 “The abstract representation supported by the virtualization layer 2805 can be managed using a virtualized infrastructure manager 2810, which is part of the NFV management and orchestration (M&O) module 2815.” or c48/l28-32 “each of the virtual networking functions (VNF1, VNF2, VNF3) is controlled by a corresponding VNF manager 2825 that exchanges information and coordinates actions with the manager 2810 or the orchestrator 2817” in view of FIG. 28). D1 teaches creating a virtual/secured interface channel, but does not specify how the virtual/secured interface channel is created. Dutta discloses more details on using a common technique of creating an overlay virtual network by using an orchestrator. OOSA would have been motivated to apply the known technique of Dutta above to the overlay network of D1 to yield predictable results of creating virtual/secured interface channel according to MPEP 2143(D). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the application to combine D1 and Dutta for creating a virtual/overlay network for the benefit of providing network services for users.
Independent claims 8 and 15 are rejected because each of them has the same subject matter as claim 1.
As to claims 2, 9 and 16, D1 discloses claims 1, 8 and 15, further comprising: determining, by the orchestrator device, which network appliance in the plurality of network appliances participates in the secure/overlay communication network (see FIG. 2 in view of the parent claims).
As to claims 3, 10 and 17, D1 in view of Dutta discloses claims 1, 8 and 15, D1 further discloses: creating, by the orchestrator device, one or more forwarding states using a PIM-SM protocol ([0020] “the network architecture 200 may use the PIM sparse mode (PIM-SM) routing protocol to route multicast traffic”)..
As to claims 4, 11 and 18, D1 discloses claims 1, 8 and 15 Dutta further discloses: wherein a PIM-SM protocol computes forwarding states running in the first network appliance connected to the multicast source ([0020] “the network architecture 200 may use the PIM sparse mode (PIM-SM) routing protocol to route multicast traffic. When the PIM-SM routing protocol is used, the multicast source 201 may begin transmitting multicast traffic to the group address or multicast address (which identifies or includes the multicast receiver 202). The multicast traffic is received by the network device 230 and the multicast component 231 may add an (S,G) route to a routing table of the network device 230. The (S,G) route may include the VXLAN VLAN as an input interface (IIF) and may include a PIM-SM register interface as the output interface (OIF).”).
As to claims 5, 12 and 19, D1 discloses claim 1, further comprising: creating, by the orchestrator device, a tree of network paths, wherein the tree of network paths comprises routes split across the plurality of geographical sites from a multicast source to the first network appliance to receivers that are present in the secure communication network (suggested by [0023] “When the network device 240 begins to receive multicast traffic from the network device 230 via the shortest path tree (SPT) rather than the rendezvous point tree, the network device 240 may update the output interface of its (S,G) route with the network interface where the multicast cast traffic was received via the SPT” in view of FIG. 1).
As to claims 6, 13 and 20, D1 discloses claims 1, 13 and 20, wherein the insecure public communication network is a public wide area network (WAN) ([0014] “route network packets through network devices (e.g., switches, routers, cables, chips or integrated circuits, etc.), can be virtualized as virtual local area networks (VLAN) and extensible virtual local area networks (VXLAN)”; note that VXLAN is a kind of WAN). 
As to claims 7 and 14, D1 discloses claims 6 and 13, wherein the first network appliance is ignorant of creation or setup of the overlay network by the orchestrator device (See FIG. 1 which shows first network appliance 250 is not included in Overlay network 210. Furthermore, first This claim limitation does not carry any patentable weight because whether to include a specific device in an overlay network is a design choice according to MEPE 2143(F)). -
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JIANYE WU whose telephone number is (571)270-1665. The examiner can normally be reached M-TH 8am-6pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yemane Mesfin can be reached on (571) 272-3927. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JIANYE WU/Primary Examiner, Art Unit 2462