Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objection
Claims 1 and 10 are objected to because of the following informalities: the phrase “a set of policies” should be “a set of network policies”. 

Double patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 
Claim 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,469,386. Although the claims at issue are not identical, they are not patentably distinct from each other as indicated in the table below. For clarify, other limitations in Patent No. 10,469,386 are not shown.
Instant Application, claim 1
Patent No. 10,469,386, claim 6 (1 and 6)
receiving, by a network firewall, a first incoming data packet that is transmitted from an outside network to a destination within an internal network secured by the
network firewall, the network firewall configured to restrict access to the internal network based on a set of policies;
receiving, by a network firewall , a first incoming data packet that is transmitted from an outside network to a destination within an internal network secured by the network firewall, the network firewall configured to
restrict access to the internal network based on a set of network policies
determining a messaging protocol of the first incoming data packet; and
determining a messaging protocol of the first incoming data packet; and
determining, based on the messaging protocol of the first incoming data packet, to 





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
 A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 10-15 and 20 are   rejected under 35 U.S.C. 103 as being unpatentable over Gao (CN106603427, cited in IDS) in view of Keohance (US20160285828).
Regarding claim 1, Gao discloses a method comprising:
receiving, by a network firewall, a first incoming data packet that is transmitted from an outside network to a destination within an internal network secured by the network firewall, the network firewall configured to restrict access to the internal network based on a set of policies ([0017-18], figs. 1-2, firewall device; computing the received packets rate, received packets; according to a preset rule whether to bypass the firewall, traffic coming to the firewall is considered to be outside of the network); 

Keohance discloses determining a messaging protocol of the first incoming data packet; and determining, based on the messaging protocol of the first incoming data packet, to forward the first incoming data packet to the destination within the internal network without inspecting the first incoming data packet based on the set of network policies (Keohance, fig. 3, [0002] [0039-41], once received the packet, identify the packet’s connection information including protocol; if the protocol information matches, forward the packet to its destination (if the protocol does not match, examining the packet’s payload to see if its harmful. If it is safe, forward to its destination), firewalls are used extensively in networked environments to control incoming and outgoing network traffic to protect in internal network from potentially insecure outside networks.).
It would have been obvious to a person of ordinary skill in the art at the time of effective filing to combine the teachings of utilizing firewall as given by Gao with the teachings of whether to inspect the packet based on the received packet given by Keohance. The motivation for doing so would have been to improve performance by conducting firewall bypass functions within the virtual environment (Keohance: [0022]). 
	Claim 11 is rejected same as claim 1 noting that Gao discloses processors and computer readable medium ([0081-82]).

Regarding claims 2 and 12, Gao and Keohance disclose the method of claim 1, further comprising: receiving, at the network firewall, a second incoming data packet that is transmitted from the outside network to a second destination within the internal network; determining a messaging protocol of the second incoming data packet, the messaging protocol of the second incoming data packet being different than the messaging protocol of the first incoming data packet; and determining, based on the messaging protocol of the second incoming data packet, to inspect the second inbound data packet based on the set of network policies (Keohance, fig. 3, [0039-41], repeated procedure; once received a packet, identify the packet’s connection information including protocol; if the protocol information matches, forward the packet to its destination. If the protocol does not match, examining the packet’s payload to see if it is harmful. If it is safe, forward to its destination. If the second protocol information does not match, it implies it is different from the first protocol).

Regarding claims 3 and 13 Gao and Keohance disclose the method of claim 2, wherein the messaging protocol of the first incoming data packet is an information technology protocol and the messaging protocol of the second incoming data packet is an operational technology protocol  (Keohance, [0024-29],  protocols include HIPS, TCP/IP, WAN, LAN, physical NIC, VIOS, some are information technology protocol and some are operational technology protocol).

Regarding claims 4 and 14, Gao and Keohance disclose the method of claim 2, further comprising: determining, based on the inspection, that the second incoming data packet satisfies the set of network policies; and forwarding the second incoming data packet to the second (Keohance, fig. 3, [0039-41], repeated procedure; once received a packet, identify the packet’s connection information including protocol; if the connection information including the protocol information matches, forward the packet to its destination. If the connection information (including the protocol) does not match, examining the packet’s payload to see if it is harmful. If it is safe, forward to its destination).

Regarding claims 5 and 15, Gao and Keohance disclose the method of claim 2, further comprising: determining, based on the inspection, that the second incoming data packet does not satisfy the set of network policies; and blocking the second incoming data packet from entering the internal network (Keohance, fig. 3, [0039-41], repeated procedure; once received a packet, identify the packet’s connection information including protocol; if the protocol information matches, forward the packet to its destination. If the protocol does not match, examining the packet’s payload to see if it is harmful. If it is not safe, drop the packet).

Regarding claim 10 and 20, Gao and Keohance disclose the method of claim 1, 
wherein the network firewall is a virtual network firewall (Keohance, [0022], virtual firewall, running the bypass mechanism within a virtual environment).


Claims 6-9, 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Keohance further in view of Yamaguchi (US20130194927). 
Regarding claims 6 and 16, Gao and Keohance disclose the method of claim 1, further comprising: 
Gao and Keohance do not explicitly disclose determining an acceptable network latency level associated with the first incoming data packet; and determining, based on the acceptable network latency level associated with the first incoming data packet, to forward the first incoming data packet to the destination within the internal network without inspecting the first incoming data packet based on the set of network policies 
Yamaguchi discloses determining an acceptable network latency level associated with the first incoming data packet; and determining, based on the acceptable network latency level associated with the first incoming data packet, to forward the first incoming data packet to the destination within the internal network without inspecting the first incoming data packet based on the set of network policies (Yamaguchi, figs. 27, 28A, 33, 56; [0311-13], the bypass control section 200 first receives a packet in step S10. In step S11, the bypass control section 200 finds a remaining time duration which is allowed (allowed time duration) based on the time information of the packet. Next, in step S12, the bypass control section 200 determines whether or not the allowed remaining time duration is shorter than a predefined time duration. When the allowed remaining time duration is shorter than the predefined time duration, the bypass control section 200 determines that the packet needs to be bypassed, and executes a bypass process on the packet. Here, a bypass implies that the packet is not inspected combining with the teaching of Keohance).
It would have been obvious to a person of ordinary skill in the art at the time of effective filing to combine the teachings as given by Gao and Keohance with the teachings given by Yamaguchi. The motivation for doing so would have been to improve performance by 

Regarding claims 7 and 17, Gao and Keohance and Yamaguchi disclose the method of claim 6, further comprising: receiving, at the network firewall, a second incoming data packet that is transmitted from the outside network to a second destination within the internal network; determining an acceptable latency level associated with the second incoming data packet, the acceptable latency level associated with the second incoming data packet being higher than the acceptable latency level associated with the first incoming data packet; and determining, based on the acceptable latency level associated with the second incoming data packet, to inspect the second inbound data packet based on the set of network policies (Yamaguchi, figs. 27, 28A, 33, 56; [0311], the bypass control section 200 first receives a packet in step S10. In step S11, the bypass control section 200 finds a remaining time duration which is allowed (allowed time duration) based on the time information of the packet. Next, in step S12, the bypass control section 200 determines whether or not the allowed remaining time duration is shorter than a predefined time duration. When the allowed remaining time duration is shorter than the predefined time duration, the bypass control section 200 determines that the packet needs to be bypassed, and executes a bypass process on the packet. Here, a non-bypass implies that the packet is inspected for the purpose of switching through switch 605 or 924; combining with the teaching of Keohance).

Regarding claims 8 and 18, Gao and Keohance and Yamaguchi disclose the method of claim 7, further comprising: determining, based on the inspection, that the second incoming data (Keohance, fig. 3, [0039-41], repeated procedure; once received a packet, identify the packet’s connection information including protocol; if the protocol information matches, forward the packet to its destination. If the protocol does not match, examining the packet’s payload to see if it is harmful. If it is safe, forward to its destination).

Regarding claims 9 and 19, Gao and Keohance and Yamaguchi disclose the method of claim 7, further comprising: determining, based on the inspection, that the second incoming data packet does not satisfy the set of network policies; and blocking the second incoming data packet from entering the internal network (Keohance, fig. 3, [0039-41], repeated procedure; once received a packet, identify the packet’s connection information including protocol; if the protocol information matches, forward the packet to its destination. If the protocol does not match, examining the packet’s payload to see if it is harmful. If it is harmful, drop the packet).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHENSHENG ZHANG whose telephone number is (571)270-1985.  The examiner can normally be reached on Monday-Thursday 8:00am-6:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Thier can be reached on 571-272-2832.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ZHENSHENG ZHANG/Primary Examiner, Art Unit 2474