DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 6/26/2019.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement PTO-1449
The Information Disclosure Statements submitted by applicant on 6/26/2019 and 12/8/2020 have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Claim Rejections - 35 USC § 101
Claims 10-18 rejected under 35 U.S.C. 101 because the claims cover material not found in any of the four statutory categories and is therefore outside the scope of 35 U.S.C. 101.  The claims recite a computing system.  While the claims can be interpreted as hardware, which would be within the scope of the statute, the claims are also able to be interpreted as being wholly software, which would be outside the scope of the statute.  Therefore, the claims are rejected as being software per se.  Applicant may be able to overcome this rejection by amending the claims to recite terms, which preclude interpretation of the invention in a manner that is wholly software.
Examiner notes that claim 19 covers material inside the scope of 35 U.S.C. 101 since Applicant’s specification defines the recited processor in paragraph [0130] as tangible non-transitory computer readable storage medium.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6, 8, 10-12, 15, 17, 19 rejected under 35 U.S.C. 103 as being unpatentable over Haak (U.S. Pat. App. Pub. 2017/0126625 A1).
Regarding claim 1, Haak discloses: a method at a system including a firewall and at least one application (network system includes both a firewall and an application. Haak para. 0051.), the method comprising: triggering, a firewall update (authorization to set the firewall exception originates from the application server and is transmitted to the remote connectivity manager in the forms of an XEM-0500 message. Haak para. 0053.); obtaining a new firewall configuration; and updating the firewall, wherein the updating the firewall allows a connection from the at least one application to the new address for the service provider (the onboard connectivity manager sets an exception on the firewall that grants traffic to and from the designated client application/PED to access the satellite module for establishing a data communications like to the application server. Haak para. 0053.  The exception is specified in terms of the permitted destination address and port of the application server in the case of outgoing data and the permitted source address and port of the application server in the case of incoming data. Haak para. 0053.).  
Haak does not specifically disclose: obtaining, at the at least one application, a new address for a service provider for the at least one application. However, Haak does disclose the PED installing a connectivity API that is called by the client application to establish an alternative network connection to the internet and the application server. Haak para. 0045. It would have been prima facie obvious to one of ordinary skill in the art that the API would require an address to facilitate the new communication – the address would amount to a new address.
Regarding claim 2, Haak discloses the limitations of claim 1, wherein the triggering is based on a connection attempt from the at least one application to the new address for the service provider (the presence state of the client device is activated following a data link request.  Haak para. 0019. The change in presence state causes the onboard connectivity manager to generate the connection authorization. Haak para. 0019.).  
Regarding claim 3, Haak discloses the limitations of claim 1, wherein the triggering is based on a firewall update message from the application to the firewall (authorization to set the firewall exception originates from the application server and is transmitted to the remote connectivity manager in the forms of an XEM-0500 message. Haak para. 0053.).
Regarding claim 6, Haak discloses the limitations of claim 1, wherein the new address is at least one of a uniform resource locator, a uniform resource identifier, an Internet Protocol address, and a fully qualified domain name (the firewall exception is specified in terms of the permitted destination address and port of the application server. Haak para. 0053.).
Regarding claim 8, Haak discloses the limitations of claim 1, wherein the system is a vehicle and the server is an Original Equipment Manufacturer server (system for dynamically implementing network firewall exceptions in providing data communications services on board aircraft and other vehicles. Haak para. 0004.).
Regarding claim 10, Haak discloses: a computing system including a firewall and at least one application (network system includes both a firewall and an application. Haak para. 0051.), the computing system comprising: a processor; and a communications subsystem, wherein the computing system is configured to: trigger a firewall update (authorization to set the firewall exception originates from the application server and is transmitted to the remote connectivity manager in the forms of an XEM-0500 message. Haak para. 0053.); obtain a new firewall configuration; and update the firewall, wherein the updating the firewall allows a connection from the at least one application to the new address for the service provider (the onboard connectivity manager sets an exception on the firewall that grants traffic to and from the designated client application/PED to access the satellite module for establishing a data communications like to the application server. Haak para. 0053.  The exception is specified in terms of the permitted destination address and port of the application server in the case of outgoing data and the permitted source address and port of the application server in the case of incoming data. Haak para. 0053.).  
Haak does not specifically disclose: obtain, at the at least one application, a new address for a service provider for the at least one application. However, Haak does disclose the PED installing a connectivity API that is called by the client application to establish an alternative network connection to the internet and the application server. Haak para. 0045. It would have been primar facie obvious to one of ordinary skill in the art that the API would require an address to facilitate the new communication – the address would amount to a new address.
Regarding claim 11, Haak discloses the limitations of claim 10, wherein the computing system is configured to trigger based on a connection attempt from the at least one application to the new address for the service provider (the presence state of the client device is activated following a data link request.  Haak para. 0019. The change in presence state causes the onboard connectivity manager to generate the connection authorization. Haak para. 0019.).  
Regarding claim 12, Haak discloses the limitations of claim 10, wherein the computing system is configured to trigger based on a firewall update message from the application to the firewall (authorization to set the firewall exception originates from the application server and is transmitted to the remote connectivity manager in the forms of an XEM-0500 message. Haak para. 0053.).
Regarding claim 15, Haak discloses the limitations of claim 10, wherein the new address is at least one of a uniform resource locator, a uniform resource identifier, an Internet Protocol address, and a fully qualified domain name (the firewall exception is specified in terms of the permitted destination address and port of the application server. Haak para. 0053.).
Regarding claim 17, Haak discloses the limitations of claim 10, wherein the computing system is a vehicle computing system and the server is an Original Equipment Manufacturer server (system for dynamically implementing network firewall exceptions in providing data communications services on board aircraft and other vehicles. Haak para. 0004.).
Regarding claim 19, Haak discloses: a computer readable medium for storing instruction code, which, when executed by a processor of a computing system having a firewall and at least one application (network system includes both a firewall and an application. Haak para. 0051.), causes the computing system to: trigger a firewall update (authorization to set the firewall exception originates from the application server and is transmitted to the remote connectivity manager in the forms of an XEM-0500 message. Haak para. 0053.); obtain a new firewall configuration; and update the firewall, wherein the updating the firewall allows a connection from the at least one application to the new address for the service provider (the onboard connectivity manager sets an exception on the firewall that grants traffic to and from the designated client application/PED to access the satellite module for establishing a data communications like to the application server. Haak para. 0053.  The exception is specified in terms of the permitted destination address and port of the application server in the case of outgoing data and the permitted source address and port of the application server in the case of incoming data. Haak para. 0053.).  
Haak does not specifically disclose: obtain, at the at least one application, a new address for a service provider for the at least one application. However, Haak does disclose the PED installing a connectivity API that is called by the client application to establish an alternative network connection to the internet and the application server. Haak para. 0045. It would have been primar facie obvious to one of ordinary skill in the art that the API would require an address to facilitate the new communication – the address would amount to a new address.

Claims 4-5, 13-14 rejected under 35 U.S.C. 103 as being unpatentable over Haak in view of O’Brien (U.S. Pat. App. Pub. 2008/0235511 A1).
Regarding claim 4, Haak discloses the limitations of claim 1. Haak does not disclose: wherein the obtaining the new address is over a secure connection between a configuration server and the application.
However, O’Brien does disclose: wherein the obtaining the new address is over a secure connection between a configuration server and the application (establishing a secure communication channel between devices in an IP network. O’Brien para. 0007.).  
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with the sharing address data over a secure network connection based upon the teachings of O’Brien.  The motivation being secure communications by sharing keys and hiding communication with a secure channel. O’Brien para. 0007.
Regarding claim 5, Haak discloses the limitations of claim 1. Haak does not disclose: wherein the obtaining the new firewall configuration is over a secure connection between the firewall and the server.
However, O’Brien does disclose: wherein the obtaining the new firewall configuration is over a secure connection between the firewall and the server (establishing a secure communication channel between devices in an IP network. O’Brien para. 0007.).  
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with the sharing address data over a secure network connection based upon the teachings of O’Brien.  The motivation being secure communications by sharing keys and hiding communication with a secure channel. O’Brien para. 0007. 
Regarding claim 13, Haak discloses the limitations of claim 10. Haak does not disclose:  wherein the computing system is configured to obtain the new address is over a secure connection between a configuration server and the application.
However, O’Brien does disclose: wherein the computing system is configured to obtain the new address is over a secure connection between a configuration server and the application (establishing a secure communication channel between devices in an IP network. O’Brien para. 0007.).  
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with the sharing address data over a secure network connection based upon the teachings of O’Brien.  The motivation being secure communications by sharing keys and hiding communication with a secure channel. O’Brien para. 0007.  
Regarding claim 14, Haak discloses the limitations of claim 10. Haak does not disclose: wherein the computing system is configured to obtain the new firewall configuration is over a secure connection between the firewall and the server.
However, O’Brien does disclose: wherein the computing system is configured to obtain the new firewall configuration is over a secure connection between the firewall and the server (establishing a secure communication channel between devices in an IP network. O’Brien para. 0007.).  
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with the sharing address data over a secure network connection based upon the teachings of O’Brien.  The motivation being secure communications by sharing keys and hiding communication with a secure channel. O’Brien para. 0007. 
 
Claims 7, 9, 16, 18 rejected under 35 U.S.C. 103 as being unpatentable over Haak in view of Pham (U.S. Pat. App. Pub. 2019/0081854 A1).
Regarding claim 7, Haak discloses the limitations of claim 1. Haak does not disclose: wherein the firewall contains a whitelist.
However, Pham does disclose: wherein the firewall contains a whitelist (a list or a group of IP addresses include inbound rules or outbound rules that indicate whitelisted IP addresses of external devices. Pham para. 0027.).
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with employing a whitelist on the firewall based upon the teachings of Pham. The motivation being determining whether IP addresses should be allowed among network packets for securing the system. Pham para. 0026.
Regarding claim 9, Haak discloses the limitations of claim 1. Haak does not disclose: wherein the updating the firewall comprises removing an old address and adding the new address for the service provider.
However, Pham does disclose: wherein the updating the firewall comprises removing an old address and adding the new address for the service provider (whitelisting and blacklisting IP addresses in a network firewall. Pham para. 0027.).  
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with adding and removing IP addresses on the firewall based upon the teachings of Pham. The motivation being determining whether IP addresses should be added or removed among network packets for securing the system. Pham para. 0027.
Regarding claim 16, Haak discloses the limitations of claim 10. Haak does not disclose: wherein the firewall contains a whitelist.
However, Pham does disclose: wherein the firewall contains a whitelist (a list or a group of IP addresses include inbound rules or outbound rules that indicate whitelisted IP addresses of external devices. Pham para. 0027.).
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with employing a whitelist on the firewall based upon the teachings of Pham. The motivation being determining whether an IP addresses of network packets for securing the system. Pham para. 0026.  
Regarding claim 18, Haak discloses the limitations of claim 10. Haak does not disclose: wherein the computing system is configured to update the firewall by removing an old address and adding the new address for the service provider.
However, Pham does disclose: wherein the computing system is configured to update the firewall by removing an old address and adding the new address for the service provider (whitelisting and blacklisting IP addresses in a network firewall. Pham para. 0027.).  
Therefore, it would be prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the implementation of network firewall exceptions of Haak with adding and removing IP addresses on the firewall based upon the teachings of Pham. The motivation being determining whether IP addresses should be added or removed among network packets for securing the system. Pham para. 0027.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Pillay-Esnault (U.S. Pat. App. Pub. 2018/0343236 A1), management of an identity-based firewall network security; Pereira (U.S. Pat. 10,887,333 B1), employing universal threat information to compare and modify IP addresses of network firewall policies; Chirra (U.S. Pat. App. Pub. 2013/0091538 A1), managing authority to modify network firewall rules; and Abzarian (U.S. Pat. App. Pub. 2008/0148380 A1), dynamic updating firewall parameters by receiving policy rules.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493