Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION

1.	This office correspondence is response to the applicant's after response filed on 11/18/2020.


EXAMINER’S AMENDMENT
2.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Applicant’s representative, Marc A. Sockol (Reg. No. 40,823), and examiner arranged a telephone interview on December 8, 2020 and the interview agenda was to reach an agreement of allowance of claims with examiner amendment would make to these claims as follows: 
In the claims:
Claims have been rewritten as follows:

1.	(Currently Amended) A computer, comprising:
	a processor and memory; 
	an application associated with an application address; 
	a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an untrusted device on an external network, the outgoing data 
	a network address translation engine configured to translate between the application address and the public address; and
	a driver coupled to the network interface, the driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, the outgoing data packets being associated with the application, the outgoing data packets including data identifying the application, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address;
	the driver coupled to transmit the incoming data packets to a firewall configured to reject the incoming data packets if the incoming data packets include malicious content according to a mobile device security policy, the firewall being configured to use the data to handle application-level security, the mobile device security policy being configured for mobile-type devices, and allow the incoming data packets to be forwarded to the application if the incoming data packets do not include malicious content according to the mobile device security policy.
2.	(Original) The computer of claim 1, wherein the network address translation engine is part of the driver.
3.	(Original) The computer of claim 1, wherein the network address translation engine is part of the firewall.
4.	(Original) The computer of claim 3, wherein the firewall is located on a mobile security system configured to implement the mobile security policy.
5.	(Original) The computer of claim 1, wherein the network address translation engine is configured to use Dynamic Host Configuration Protocol to translate the application address to the public address and the public address to the application address.
the data the application-level security.
7.	(Currently Amended) A system, comprising:
	a network interface coupled to an external network, the network interface coupled to receive incoming data packets from and transmit outgoing data packets to an untrusted device on the external network, the outgoing data packets on the external network having a public address as a source address, the incoming data packets being directed on the external network to the public address;
	a firewall in communication with the network interface, the firewall configured to conduct both network-level security and application-level security on the incoming data packets, the firewall being configured to use data on the outgoing data packets to handle the application-level security; 
	a computer in communication with the firewall, the computer having one or more applications, each of the one or more applications associated with at least one application address, the outgoing data packets being associated with the one or more applications, the outgoing data packets including the data identifying the one or more applications, the firewall being capable of using the data to identify[[ing]] the one or more applications associated with the incoming data packets; and 
	a network address translation engine configured to translate between the at least one application address of each of the one or more applications and the public address, thereby dynamically isolating each of the one or more applications from the external network;  
	the firewall being configured to:  
reject particular incoming data packets of the incoming data packets if the particular incoming data packets include malicious content according to a mobile device security policy, the mobile device security policy being configured for mobile-type devices; and 

8. 	(Cancelled) 
	
	
9.	(Currently Amended) The system of claim [[8]] 7, wherein the firewall is configured 
10.	(Previously Presented) The system of claim 7, wherein the network interface is configured to route the incoming data packets to the firewall.
11.	(Previously Presented) The system of claim 7, wherein the firewall comprises the network address translation engine.  
12.	(Original) The system of claim 11, wherein the firewall is configured to dynamically isolate the application address from the external network through the use of Dynamic Host Configuration Protocol.
13.	(Currently Amended)  A method within a personal computer of processing incoming data associated with a public address, the method comprising:
	receiving incoming data from an untrusted device on an external network, the incoming data being directed on the external network to a public address;
	translating the public address of the incoming data into an internal address associated with an application, the application being on the personal computer;
, the firewall being configured to use outgoing data associated with the application to identify the application and to handle application-level security;
	receiving an analysis, based on a mobile device security policy implemented on the firewall, of the incoming data for malicious code, the mobile device security policy being configured for mobile-type devices; 
	rejecting the incoming data if the analysis indicates that the incoming data includes the malicious code according to the mobile device security policy; and 
	allowing the incoming data to pass to the application if the analysis indicates that the incoming data does not include the malicious code according to the mobile device security policy.
14.	(Currently Amended) The method of claim 13, wherein the analysis includes an analysis of the incoming data for malicious code at both [[the]] a network level and the application level.
15.	(Original) The method of claim 13, wherein the translating step uses Dynamic Host Configuration Protocol.
16.	(Currently Amended)  A non-transitory computer-readable medium storing computer instructions, the computer instructions comprising:
	an application executable by one or more processors and associated with an application address; 
	a network interface executable by the one or more processors and configured to receive incoming data packets from and transmit outgoing data packets to an untrusted device on an external network, the outgoing data packets on the external network having a public address as a source address, the incoming data packets being directed on the external network to the public address; 
	a network address translation engine executable by the one or more processors and configured to translate between the application address and the public address; and
	a driver executable by the one or more processors and configured to automatically forward the outgoing data packets to the network address translation engine to translate the , the outgoing data packets being associated with the application, the outgoing data packets including data identifying the application, and to automatically forward the incoming data packets to the network address translation engine to translate the public address to the application address;
	the driver further configured to transmit the incoming data packets to a firewall configured to reject the incoming data packets if the incoming data packets include malicious content according to a mobile device security policy, the firewall being configured to use the data to handle application-level security, the mobile device security policy being configured for mobile-type devices, and to allow the incoming data packets to be forwarded to the application if the incoming data packets do not include malicious content according to the mobile device security policy.
17.	(Original) The non-transitory computer-readable medium of claim 16, wherein the network address translation engine is part of the driver.
18.	(Original) The non-transitory computer-readable medium of claim 16, wherein the network address translation engine is part of the firewall.
19.	(Original) The non-transitory computer-readable medium of claim 18, wherein the firewall is located on a mobile security system configured to implement the mobile security policy.
20.	(Original) The non-transitory computer-readable medium of claim 16, wherein the network address translation engine is configured to use Dynamic Host Configuration Protocol to translate the application address to the public address and the public address to the application address.
21.	(Currently Amended) The non-transitory computer-readable medium of claim 16, wherein the driver is configured to send the data the application-level security.


Allowable Subject Matter


2.	Claims 1-7, and 9-21 are allowed. The following is an examiner's statement of reasons for allowance: In interpreting the claims, in light of the Specification and the applicant's amendments filed on 11/18/2020, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
3.	The totality of each element and/or step in claims 1-7, and 9-21 are not alluded to in the combined art of Winick and Fogel. Their teachings either individually or in combination failed to teach or suggest the method recited in claim 1. More specifically, the combination of Winick and Fogel does not teach or suggest "a driver coupled to the network interface, the driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, the outgoing data packets being associated with the application, the outgoing data packets including data identifying the application, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address; the driver coupled to transmit the incoming data packets to a firewall configured to reject the incoming data packets if the incoming data packets include malicious content according to a mobile device security policy, the firewall being configured to use the data to handle application-level security, the mobile device security policy being configured for mobile-type devices, and allow the incoming data packets to be forwarded to the application if the incoming data packets do not include malicious content according to the mobile device security policy" as recited in claim 1. Accordingly, all the independent claims are allowable over the combination of 
4.	However, the prior art of record fails to teach or suggest the above mentioned portions of the present claim invention. Examiner performed an updated search and unable to find any prior art to disclose all the steps mentioned in the independent claims.
5.	 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
Conclusion

6.	Claims 1-7, and 9-21 are patentable.
7.	Claim 8 is cancelled.
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590.  The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436