DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 14, 19, 21, 22, 25, and 26 are amended.
Claim 24 is canceled.
Claims 14-23 and 25-26 are pending.
Response to Arguments
Applicant’s argument filed 12/28/2020 have been fully considered. 
In response to 35 USC 112b rejection, has been withdrawn in light of claim amendment.
In response to claim objection, has been withdrawn in light of claim amendments.
In response to 35 101 rejection, most of the claims have been withdrawn in light of claim amendment. Please see 35 USC 101 below for further correction.
In response to 35 112d rejection, most of the claims have been withdrawn in light of claim amendment. Please see 35 USC 112(d) below for further correction.
Applicant’s arguments with respect to claim(s) 14-23 and 25-26 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 25 rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does not fall within at least one of the four categories of patent 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 21 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 21 is referring to a method to perform the method of claim 14.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 14-17, 20, 21, and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Albrecht et al. (US 20150215232 hereinafter as Albrecht) in view of Dargis (US 20110154468).
Re. claim 14, Albrecht teaches a method for forwarding data packets from an external network by means of a transmission device to a device to be secured, the transmission device including a first interface for connecting to the external network and a second interface for connecting to the device to be secured, the method comprising: receiving  data packets from the external network via the first interface (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]); filtering the received data packs by a packet filter of the transmission device (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence on one or more pre-specified rules of the packet filter (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]), 
Although Albrecht teaches forwarding data, Albrecht does not explicitly disclose but Dargis discloses wherein the received data packers are forwarded or are not forwarded to the second interface (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] the packets are allowed (forward) or block (not forward)), and wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer, a protocol data frame of an Internet Layer and a useful data unit of the Internet layer (Dargis teaches identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.) [0030]); checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]); and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Re. claim 15, Albrecht-Dargis teach the method according to claim 14. Dargis furthermore discloses in which data packets are received, independently of the therein contained information with respect to the Network Access Layer of the model TCP/IP (Dargis teaches identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.) [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
(Dargis teaches allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (by allowing the packets is being broadly interpreted as the packets are unchanged). a device protecting a network may maintain a "whitelist" of internet addresses that are allowed to access the server [0003]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Re. claim 17, Albrecht-Dargis teach the method according to claim 14. Dargis furthermore discloses in which the data packets are TCP or UDP packets and the pre-specified recognition information item in the Transport Layer comprises a port address (Dargis teaches information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.). In still further embodiments, more selective access authorization information may be provided, such as information identifying particular ports or ranges of ports (interpreted as port address) [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Re. claim 20, Albrecht-Dargis teach the method according to claim 14, Dargis further discloses in which the useful data stored or forwarded to the process are employed for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Re. claim 21, Albrecht teaches a method for changing a transmission device for forwarding data packets from an external network to a device to be secured, wherein a first interface of the transmission device is connected to the external network (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), in which at least one management data packet is generated (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]. The converter unit 112 is correspondingly configured to replace the communication network address of the replaced communication device in address-based message filter rules by the communication network address of the replacement communication device when a change message is received [0026]).
Although Albrecht teaches forwarding data, Albrecht does not explicitly disclose but Dargis discloses which contains in a useful data unit of the Internet Layer of the TCP/IP model pre-specified recognition information and change data for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]), the data packet is transferred to the first interface and is processed there with a method according to claim 14 Dargis teaches allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (by allowing the packets is being broadly interpreted as the packets are unchanged). A device protecting a network may maintain a "whitelist" of internet addresses that are allowed to access the server [0003]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Re. claim 25. Albrecht teaches One or more computer-readable media having stored thereon executable instructions that when executed by a processor of a transmission device configure the transmission device to performing the following steps to forward data packets from an external network to a device to be secured, the transmission device including a first interface for connecting to the external network and a second interface for connecting to the device to be secured (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network, and a store-programmable control unit 130, connected to the communication device 120, for a machine or a robot 140 [0020]), the steps including receive data packets from the external network via the first interface (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]); filter the received data packs by a packet filter of the transmission device (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence on one or more pre-specified rules of the packet filter (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]).
Although Albrecht teaches forwarding data, Albrecht does not explicitly disclose but Dargis discloses wherein the received data packers are forwarded or are not forwarded to the second interface (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] the packets are allowed (forward) or block (not forward)), and wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Laver, a protocol data frame of the Internet laver and a useful data unit of the Internet layer (Dargis teaches identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.) [0030]); check every data packet incoming via the first interface and determine whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]); and store or forward useful data of the data packet to a process for changing the transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gerlach into the invention (Dargis [0002] [0025]).
Claim 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Albrecht et al. (US 20150215232 hereinafter as Albrecht) in view of Dargis (US 20110154468) and in further view of Arregoces et al. (US 20060095960 hereinafter as Arregoces).
Re. claim 18, Albrecht-Dargis teach the method according to claim 14. Albrecht-Dargis do not expressly disclose but Arregoces discloses in which the transmission device has no IP address (Arregoces teaches another key advantage of the transparent virtual firewall is that has no IP addresses [0025]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Arregoces into the invention of Albrecht-Dargis for the purpose of so it is unreachable and invisible to the outside world (Arregoces [0025]).
Claim 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Albrecht et al. (US 20150215232 hereinafter as Albrecht) in view of Dargis (US 20110154468) and in further view of Izatt et al. (US 20050289647 hereinafter as Izatt).
Re. claim 19, Albrecht-Dargis teach the method according to claim 14. Albrecht-Dargis do not expressly disclose but Izatt discloses in which the useful data of the packet are cryptographically secured (is encrypted and/or signed) (Izatt teaches the firewall may provide an additional network security measure by randomizing and/or encrypting other fields in its packets [0044]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Izatt into the invention of Albrecht-Dargis for the purpose of provide an additional network security measure (Izatt [0044])
Claims 22-23 and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Albrecht et al. (US 20150215232 hereinafter as Albrecht) in view of Gerlach et al. (US 20120260305 hereinafter Gerlach) and in further view of Dargis (US 20110154468).
Re. claim 22, Albrecht teaches a transmission device for forwarding data packets from an external network to at least one device to be secured, the transmission device comprising: a first interface for connecting to the external network, a second interface for connecting to the device to be secured (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), receive data packets from the external network via the first interface (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]); filter the received data packs by a packet filter of the transmission device (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence onApplication No.: 16/064,597 Art Unit: 2436Attorney No.: 22154.16/19one or more pre-specified rules of the packet filter (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property(Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]).
first interface and second interface (Gerlach teaches a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports [abstract]. The processor device may comprise one or more processors, for example, which execute program instructions. The processor device is configured to read the at least first and second rules, to process the at least first and second rules and to receive and forward data via the network ports. The network ports can thus be used by the access protection accessory to receive data from the automation network and/or from the automation installation and also to forward data from the access protection accessory to the automation network [0017]), a storage in which instructions of a computer program are stored upon whose execution by the processor the transmission device performs the following steps are carried out when the first interface is connected to the external network (Gerlach teaches a digital storage medium configured to store at least first and second rules, and a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports [abstract]), wherein the received data packers are forwarded or are not forwarded to the second interface (Gerlach teaches depending on the decision from the rule processing, the data packets 112 to be filtered is sent or else not sent on the output side via network port 113 (interpreted as second interface). The rules thus define whether a signal is forwarded or blocked [0049]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gerlach into the invention of Albrecht for the purpose of to protect delimitable areas of the device and have a secure transmission of data (Gerlach [0004] [0007]).
Although Albrecht-Gerlach teaches forwarding data, Albrecht-Gerlach do not explicitly disclose but Dargis wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Laver, a protocol data frame of an Internet laver and a useful data unit of the Internet layer (Dargis teaches identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.) [0030]); check every data packet incoming via the first interface and determine whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]); and store or forward useful data of the data packet to a process for changing the transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht-Gerlach for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Re. claim 23, Albrecht-Gerlach-Dargis teach the transmission device according to claim 22, Gerlach further discloses in which the instructions of the computer program are given such that upon their execution the instructions of the computer program are changed (Gerlach teaches the processor device is furthermore configured to receive at least one signal. The at least one signal may comprise advice of a change in the state of the automation process. For example, a change of state may have arisen when the automation process is no longer being executed as planned [0019]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gerlach into the invention of Albrecht for the purpose of to protect delimitable areas of the device and have a secure transmission of data (Gerlach [0004] [0007]).
Re. claim 26, Albrecht teaches a system comprising: a device to be secured, a transmission device, and a management entity, in which the device to be secured is connected to the second interface of the transmission device and the management entity to the first interface of the transmission device via an external network (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), and in which the management entity is configured for generating management data packets (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110. The converter unit 112 converting the symbolically defined message filter rules into address-based message filter rules and making them available (i.e, in a converted form) to the packet filter unit 111 [0022]), wherein the transmission device is configured to forward data packets from an external network to at least one device to be secured, and the transmission device includes a first interface for connecting to the external network, a second interface for connecting to the device to be secured, (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network, and a store-programmable control unit 130, connected to the communication device 120, for a machine or a robot 140 [0020]), a storage in which instructions are stored upon whose execution by the processor the following steps are carried out when the first interface is connected to the external network receive data packets from the external network via the first interface (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]), filter the received data packs by a packet filter of the transmission device (Albrecht teaches a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence on one or more pre-specified rules of the packet filter (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]).
Although Albrecht teaches forwarding data, Albrecht does not explicitly disclose but Gerlach discloses which contain in a useful data unit of the Internet Layer of the TCP/IP model pre-specified recognition information and change data for changing the transmission device (Gerlach teaches TCP protocols were the access operations are permitted or disabled [0056 and 0058]. If the state of the automation process changes, a signal is output to the access protection accessory. The signal comprises advice of the state change [0066]. If the state of the automation process changes, the processor device in the access protection accessory receive at least one signal which comprises advice of the state change in the automation process (Interpreted as changing the transmission device). In this case, the processor device reads second rules from the storage medium and apply these rules. The second rules define which received data are forwarded and which received data are not forwarded. The second rules thus also define access rights [0036]. Following reception of the signal. The second rules define which data are forwarded and which data are not intended to be forwarded [0067] (Please see 35 USC 112 above)), and to send these via the external network to the device to be secured (Gerlach teaches Data which are sent from the first automation network part 100 to the network accessories in the second automation network part 103 are sent through the access protection accessory 104, which forwards the data or blocks forwarding thereof by applying rules. Data which are sent from the second automation network part 103 to the first automation network part 100 are sent through the access protection accessory 104 [0047]), a processor which is connected to the first interface and the second interface (Gerlach teaches a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports [abstract]. The processor device may comprise one or more processors, for example, which execute program instructions. The processor device is configured to read the at least first and second rules, to process the at least first and second rules and to receive and forward data via the network ports. The network ports can thus be used by the access protection accessory to receive data from the automation network and/or from the automation installation and also to forward data from the access protection accessory to the automation network [0017]), wherein the received data packers are forwarded or are not forwarded to the second interface (Gerlach teaches depending on the decision from the rule processing, the data packets 112 to be filtered is sent or else not sent on the output side via network port 113 (interpreted as second interface). The rules thus define whether a signal is forwarded or blocked [0049]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gerlach into the invention of Albrecht for the purpose of to protect delimitable areas of the device and have a secure transmission of data (Gerlach [0004] [0007]).
Although Albrecht-Gerlach teaches forwarding data, Albrecht-Gerlach do not explicitly disclose but Dargis wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Laver, a protocol data frame of an Internet laver and a useful data unit of the Internet layer (Dargis teaches identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.) [0030]); check every data packet incoming via the first interface and determine whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]); and store or forward useful data of the data packet to a process for changing the transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Dargis into the invention of Albrecht-Gerlach for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912.  The examiner can normally be reached on Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 






/K.A./Examiner, Art Unit 2436                                                                                                                                                                                                        /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436