DETAILED ACTION
	Claims 1-20 are pending. This is in response to the application filed on March 6, 2019 which is a CIP of PCT/IL2017/051004 that claims priority to a Provisional filed on September 6, 2016.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objection
 	Claim 16 is using the term “modem” in singular and plural interchanged. Correction is required.
	For claim purpose, all abbreviations such a PSTN, SRTP, ZRTP, SIP, TLS, IP, etc. have to be defined in the claim. 

Claim Rejections - 35 USC § 112
Claim 10 recites the limitations the automation process, the mobile device.  There are insufficient antecedent basis for these limitations in the claim.
Claim 11 recites the limitation the predetermined risk-based policies.  There is insufficient antecedent basis for this limitation in the claim.
Claim 11 recites the limitation the attack
Claim 12 recites the limitations the forensic data are selected from a group consisting of the attacked source data, attack vector data, attack name data, location data and time data.  There are insufficient antecedent basis for these data limitations in the claim.
Claim 13 recites the limitations the access keys and/or deleting the system cache.  There are insufficient antecedent basis for these limitations in the claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-7, 16-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over PG Pub 20150230084 (hereinafter Parsons) in view of Patent  5835603 (herein after Coutts)
 	Regarding claim 1, Parsons discloses an anti-interception system enabling voice and text communication of protected packet-switched phones with protected circuit-switched phones and clear circuit-switched phones; and of protected circuit-switched phones with protected packet-switched phones and clear packet-switched phones; said system comprising: 
 	a. a computer-readable medium (CRM) of each said protected packet-switched phone, installed thereon a non-interception application configured for a processor of said protected packet-switched phone to encrypt a PSTN-bound voice or text packet-switched signal and transmit said encrypted PSTN-bound packet-switched signal over a packet-switched encrypted access line; and receive, over said packet-switched encrypted access line, and decrypt an encrypted internet-bound voice or text packet-switched signal (Fig. 22 and par. [0072]-[0077] discloses a system to allow voice or message communication over a PSTN is encrypted); 
 	b. an encryption switch in communicative connection over the Internet with said protected packet-switched phones, said encryption switch configured to receive and decrypt said encrypted PSTN-bound packet-switched signal, producing a PSTN-bound IP tunneling signal; transmit said PSTN-bound IP tunneling signal over an IP tunnel; and receive, over said IP tunnel, and encrypt an internet-bound IP tunneling signal that is destined for said protected packet-switched phone, producing said encrypted internet-bound packet-switched signal; transmit said encrypted internet-bound packet-switched signal to said protected packet-switched phone (par. [0070] discloses using various protocol such as SIP, TDM, RPT, ZRTP, SRTP, etc. and par. [0073] discloses mapping 
 	c. a clear switch in communicative connection over the Internet with a clear packet-switched phone, said clear switch configured to receive a clear PSTN-bound packet-switched signal from a clear packet-switched phone, producing a said PSTN-bound IP tunneling signal transmitted over said IP tunnel; and receive, over said IP tunnel, a said internet-bound IP tunneling signal that is destined for a clear packet-switched phone, producing an internet-bound clear packet-switched signal transmitted over the Internet to said clear packet-switched phone (par. [0040] discloses the system can also provide unencrypted voice or data as an option); 
  	d. a termination gateway, in communicative connection with said encryption switch, said clear switch, and the PSTN; said termination gateway configured to receive said PSTN-bound IP tunneling signals from said encryption switch and said clear switch; convert said PSTN-bound IP tunneling signals to PSTN-bound clear circuit-switched signals; transmit said PSTN-bound clear circuit-switched signals that are destined for a receiving said clear circuit-switched phone to said receiving clear circuit-switched phone, over the PSTN; receive an encrypted internet-bound circuit-switched signal from a transmitting protected circuit-switched phone over said PSTN; receive a clear internet-bound circuit-switched signal from a transmitting clear circuit-switched phone over said PSTN (par. 0075] discloses the server 150 acts as a gateway to perform secure and unsecure communication as well as providing for the protocol conversion, media termination functionality, secure media termination functionality a termination gateway, an encryption switch and a clear switch); 
 	e. a secure gateway modem in communicative connection with said termination gateway configured to receive and encrypt clear circuit-switched signals from said termination gateway; and receive and decrypt encrypted circuit switched signals from said termination gateway; wherein said termination gateway is further configured to transmit said clear PSTN-bound circuit-switched signals that are destined for a receiving said protected circuit-switched phone to said secure gateway modem and receive encrypted PSTN-bound circuit-switched signals; transmit said encrypted PSTN-bound circuit-switched signals destined for said receiving protected circuit-switched phone to said receiving protected circuit-switched phone, over the PSTN; transmit said internet-bound encrypted circuit-switched signal to said secure gateway modem and receive a said clear internet-bound circuit-switched signal; convert said clear internet-bound circuit-switched signals to said internet-bound IP tunneling signals and transmit said internet-bound IP tunneling signals over said IP tunnel (an alternate embodiment shown Figs. 3-4 and par. [0088]-[0094] disclose Media Termination Points (MTPs) acting as switches for encrypting or decrypting voice/data); 
	Although it is inherent that for any Voip call a modem is required to access to internet, however Parsons does not expressly disclose a secure modem for each said protected circuit-switched phone, said secure modem configured to receive, over an encrypted circuit-switched access line, and decrypt said encrypted PSTN-bound circuit switched signals; receive, from a PSTN phone, and encrypt a clear signal PSTN signal, thereby producing said encrypted internet-bound circuit switched signal, and transmit said encrypted internet-bound circuit switched signal over said encrypted circuit-switched access line. Coutts discloses an encrypting modem used for encrypting and decrypting data to a PSTN line is well-known (Fig. 5a and related text). Therefore, it would have been obvious before the claimed invention to modify Parsons with Coutts to further teach the claimed feature of having a modem to decrypt encrypted data as an obvious variation to arrive at the claim with reasonable expectation for success. 	Regarding claim 2, Parsons discloses wherein said termination gateway is further configured to implement said IP tunneling signals SIP tunneling (par. [0070]).  	Regarding claim 3, Parsons discloses wherein said application is downloaded and installed on said protected packet-switched phone through an online consumer application store. Since Parsons teaches a wireless communication system in which a mobile communication device communicates with a telecommunications network, wherein secure communication can be provided. Hence, online transaction between a mobile device to a network, because the use of mobile device is so ubiquitous in today’s world, can be implemented as shown in Fig.3 where the Secure server 15 and the Recording platform can be at the same location with a PBX which usually installed on premise of any business office. Furthermore, Parsons teaches “…a user activates a secure client on a first mobile device 110, the secure client initiates a session with a server 1050 …” (par. [0091]) which suggests the secure client application has to be installed on the mobile device in order for the secure communication to work.

wherein said encryption switch employs a secure SRTP or ZRTP over TLS protocol for communication over said packet-switched encrypted access line (par. [0070]).  	Regarding claim 6, Parsons discloses configured for one or more of PSTN-point to internet-multipoint and internet-point to PSTN-multipoint communication (see citation from claim 1 rejection, particularly par. [0073]).  	Regarding claim 7, Parsons discloses wherein one or more of said internet-multipoint and said PSTN-multipoint communication comprises at least one secure phone and at least one clear phone (see claim1 rejection). 
Regarding claim 16, Parsons and Coutts discloses a method for voice and text communication of one or more protected packet-switched phones with protected circuit-switched phones and with clear circuit-switched phones; and of one or more protected circuit-switched phones with protected packet-switched phones and with clear packet-switched phones; said method comprising steps of 
 	a. obtaining the system of claim 1; 
 	b. installing a non-interception application on one or more internet-connected phones, thereby enabling said internet-connected phones as protected packet-switched phones; 
 	wherein communication from packet-switched to circuit-switched phones comprises steps of 
 	c. encrypting a PSTN-bound voice or text packet-switched signal by a transmitting said protected packet-switched phone; 
 	d. transmitting said encrypted PSTN-bound packet-switched signal, by said transmitting protected packet-switched phone, over a packet-switched encrypted access line in connection with the Internet; 
 	e. receiving and decrypting said encrypted PSTN-bound encrypted packet-switched signal, by an encryption switch in connection with the Internet, thereby producing a clear PSTN-bound packet-switched signal;
 	 f. receiving a clear PSTN-bound packet-switched signal, by a clear switch, transmitted from a transmitting clear packet-switched phone over the Internet; 
 	g. transmitting said PSTN-bound clear packet-switched signals, by said encryption switch and said clear switch, as PSTN-bound IP tunneling signals over an IP tunnel; 
 	h. receiving, by a termination gateway connected to said IP tunnel, said PSTN-bound IP tunneling signals and converting said PSTN-bound IP tunneling signals to one or more clear PSTN-bound circuit-switched signals; 
 	i. receiving and encrypting said clear PSTN-bound circuit-switched signals that are destined to a receiving secure circuit-switched phone, by a secure gateway module in communicative connection with said termination gateway; 
 	j. transmitting said encrypted PSTN-bound circuit-switched signals, by said termination gateway, to receiving secure modems connected to the PSTN over circuit-switched encrypted access lines; 
 	k. decrypting, by said secure modems, said encrypted PSTN-bound circuit-switched signals; 
 	l. transmitting, by said secure modem, said decrypted PSTN-bound circuit-switched signal to one or more receiving PSTN phones; and 
 	m. transmitting said clear PSTN-bound circuit-switched signals that are destined for a receiving clear circuit switched phone to said receiving clear circuit-switched phones, by said termination gateway over the PSTN; and 
wherein communication from circuit-switched to packet-switched phones comprises steps of 
 	n. encrypting a clear internet-bound circuit-switched signal from a transmitting circuit-switched phone, by a said secure modem; 
 	o. transmitting said encrypted internet-bound circuit-switched signal, by said secure modem, over a said circuit-switched encrypted access line; 
 	p. receiving said encrypted internet-bound circuit-switched signal, by said termination gateway; 
 	q. decrypting said encrypted internet-bound circuit-switched signal, by said secure gateway module, thereby producing a clear internet-bound circuit-switched signal; 
 	r. receiving, by said termination gateway, a clear internet-bound circuit-switched signal from a transmitting clear circuit-switched phone; 
 	s. converting said clear internet-bound circuit-switched signals to internet-bound IP tunneling signals; 
 	t. transmitting said internet-bound IP tunneling signals, by said termination gateway, over said IP tunnel; 
 	u. receiving, by said encryption switch, said internet-bound IP tunneling signals that are destined to a receiving said secure packet-switched phone; 
 	v. encrypting, by said encryption switch, said internet-bound IP tunneling signals destined to said receiving secure packet-switched phone, thereby producing encrypted internet-bound packet-switched signals; 
 	w. transmitting said encrypted internet-bound packet-switched signals to said receiving secure packet-switched phones; 
 	x. receiving, by a said receiving secure packet-switched phones over a said encrypted access line, said internet-bound packet-switched signals; 
 	y. decrypting said encrypted internet-bound packet-switched signals, by said receiving packet-switched phones; and 
 	z. transmitting said internet-bound IP tunneling signals that are destined for a clear receiving packet-switched phone, by said clear server, to said receiving clear packet-switched phones.  	See claim 1 rejection.
 	Regarding claim 17, Parsons and Coutts discloses wherein said steps of producing IP tunneling signals is implemented with SIP tunneling. See claim 2 rejection. 	 Regarding claim 19, Parsons and Coutts discloses wherein said encryption switch employs a secure SRTP or ZRTP over TLS protocol for communication over said packet-switched encrypted access line. See claim 5rejection. 	Regarding claim 20, Parsons and Coutts discloses one or more of PSTN-point to internet-multipoint and internet-point to PSTN-multipoint communication. See claim 6 rejection.

Claims 4 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Parsons in view of Coutts and further in view of PG Pub 20150200973 (hereinafter Nolan) 	Regarding claim 4, Parsons does not disclose wherein said encryption switch and said application are further configured for said encryption switch to send push notifications to said protected packet-switched phones. However, push notification service used in Apple iPhone is known and can be applied to a  user device such as a computer, a telephone, a VoIP phone, a smartphone, etc. (par. [0046]). Therefore, it would have been obvious before the claimed invention to modify Parsons and Coutts with Nolan to further teach the claimed feature as an obvious variation to arrive at the claim with reasonable expectation for success.

Regarding claim 18, Parsons, Coutts and Nolan disclose a step of sending push notifications to said protected packet-switched phones.  See claim 4 rejection. 	Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Parsons in view of Coutts and further in view of Patent 7184538 (hereinafter Doskow) 	Regarding claim 8, Parsons does not disclose wherein a hacking-prevention application is further installed on said protected packet-switched phone, said hacking-prevention application containing instructions for operation of a hacking-prevention system, the system comprising 
 	a. a correlation module configured to receive timestamped system calls and network calls; 
 	b. a time stamp module, configured to receive said system calls and network calls and associate timestamps with each of said system calls and network calls; 
wherein said correlation module is configured to package said timestamped system calls, and said timestamped network calls into an input vector; 
 	c. an applications privileges database, said database comprising one or more lists of privileges for one or more applications installed on said device; 
wherein said correlation module is configured to receive said one or more lists of  privileges;
 		 d. a neural network, configured to receive said input vector; and 
 		e. an approved output and a suspected output of said neural network; 
 	f. a mitigation rules engine; 
 	g. wherein:
i. said correlation module is further configured to compute parameters of said system calls and said network calls, said parameters selected from a group consisting of: a difference in time values of said timestamp of a said system call and a said network call, a correspondence of a said system call or of a said network call with a privilege in one or more of said privileges lists pertaining to an application making said system call or said network call, a validity of a certificate attached to said network call, or any combination thereof and further package said parameters into said input vector; 
ii. said neural network is configured to receive said input vector and determine whether a said system call or a said network call is approved or suspected as a hacking attempt of said device; 
iii. a said approved system call or network call is fed to said approved output; 
iv. a suspected system or network call is fed to said suspected output; and 
v. said mitigation rules engine is configured to receive said suspected output and determine an action as a function of said suspected output. 
Doskow discloses a Gatekeeper performs several levels of checks to ensure that a message, from an incoming call from a remote VoIP network to a local telephone number using a centralized Security Gatekeeper model, is authorized to complete a call on the network to the designated destination point, where the Security Gatekeeper checks the digital certificate and the timestamp of the message to ensure that the message is authentic and timely. The Security Gatekeeper screens down to the application layer and inspects for inappropriate application messages to reject or to allow the message to pass through (Fig. 6 and related text and col. 7, lines 23-45). Therefore, it would have been obvious before the claimed invention to modify Parsons and Coutts with Doskow to .
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 9 and 12-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Doskow 	Regarding claim 9, Doskow discloses a hacking-protected secured device connected to a network, said device comprising therein a non-transitory computer-readable medium containing instructions for operation on said device of a hacking prevention system, the system comprising: 
 	a. a correlation module configured to receive timestamped system calls and network calls; 
 	b. a time stamp module, configured to receive said system calls and network calls and associate timestamps with each of said system calls and network calls; 
 	wherein said correlation module is configured to package said timestamped system calls, and said timestamped network calls into an input vector;
 	 c. an applications privileges database, said database comprising one or more lists of privileges for one or more applications installed on said device; 
 wherein said correlation module is configured to receive said one or more lists of privileges; 
 	d. a neural network, configured to receive said input vector; 
 	e. an approved output and a suspected output of said neural network; 
 	f. a mitigation rules engine; 
 	g. wherein:
i. said correlation module is further configured to compute parameters of  said system calls and said network calls, said parameters selected from a group consisting of: a difference in time values of said timestamp of a said system call and a said network call, a correspondence of a said system call or of a said network call with a privilege in one or more of said privileges lists pertaining to an application making said system call or said network call, a validity of a certificate attached to said network call, or any combination thereof and further package said parameters into said input vector; 
ii. said neural network is configured to receive said input vector and determine whether a said system call or a said network call is approved or suspected as a hacking attempt of said device; 
iii. a said approved system call or network call is fed to said approved output; 
iv. a suspected system or network call is fed to said suspected output; and 
v. said mitigation rules engine is configured to receive said suspected output and determine an action as a function of said suspected output.  	See claim 8 rejection in view of Doskow.
	Regarding claim 12, Doskow discloses wherein one or more of the forensic data are selected from a group consisting of the attacked source data, attack vector data, attack name data, location data, time data and any combinations thereof (Doskow discloses checking for time stamp data).  	Regarding claim 13, Doskow discloses wherein said actions of the mitigation rules engine are selected from a group comprising: a. disconnecting said secured device from said network; b. invalidating the transmission session; c. destroying the access keys and/or deleting the system cache; d. notifying the user by raising an unauthorized access alert; e. automatically activating a three factor authentication stage; f. downgrading accessibility and functionality of files to "read-only"; and g. accessing said network through a VPN (Doskow discloses denying connection).  	Regarding claim 14, Doskow discloses wherein an unauthorized access to the network comprises SSL striping, traffic tampering, reconnaissance scan (TCP, UDP, ARP), Rouge Access Point, Rouge FemtoCell, SSL Certificate Tampering (SSL Pinning) or any combination thereof (Doskow discloses checking for digital certificate and Denial of Service (col. 23, lines 18-28).  	Regarding claim 15, Doskow discloses wherein an unauthorized access to an application comprises one or more malicious applications, unknown zero day, time bombs, anti-debugging, live data protection tampering or any combination thereof (Doskow discloses checking for digital certificate and time stamps are live data). 
 	Allowable Subject Matter
Claims 10 and 11 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994.  The examiner can normally be reached on Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 5712723804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.