Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claim 6-8 and 15-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Reasons for allowance will be provided with notice of allowance.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-5, 9-14, and 18-20 is/are rejected under 35 U.S.C. 102(a)(2) as being antedated by United States Patent No.: US 7,325,248 B2 (Syvänne).

As Per Claim 1: Syvänne teaches: A system for preventing unauthorized communication with an end device on a communication network, the system comprising:
- at least one external device; and
- a communication device communicatively coupled to the at least one external device, the communication device including:
- a network interface configured to be communicatively coupled to the at least one external device, and being configured to:
	(Syvänne, Figure 1, “

    PNG
    media_image1.png
    423
    646
    media_image1.png
    Greyscale
”).

- receive, during a first period of time, access attempts from the at least one external device, wherein one or more of the access attempts are structured according to a respective communication protocol and being received from a respective communication zone;
- determine a first group of used communication protocols, the first group of used communication protocols including communication protocols according to which the access attempts are structured and being determined based on the respective communication zones of the access attempts;
	(Syvänne, Column 6, Lines 4-18, “In accordance with the principles of the present invention, the personal firewall has different sets of rules for the home network (such as the private company network 

- receive, from a first external device, an access attempt structured according to a communication protocol not in the first group of used communication protocols; and
- deny, responsive to determining that the communication protocol is not in the first group of used communication protocols, the access attempt. 
	(Syvänne, Column 6, Lines 19-26, “For a default network, which may be the public Internet 12, the rule base 302 is similar to the rule base 301, except that the SMTP protocol is no longer allowed. For the home network 10, a rule base 300 is defined. The allowed protocols include, in addition to the http, https and the SMTP, also other transmission protocols, such as NetBEUI and IPX. The rule base 300 also allows a disc-share for predefined servers using NetBIOS. Other protocols and connections are denied.”).

As Per Claim 2: The rejection of claim 1 is incorporated and further Syvänne teaches:
- the communication device is further configured to determine a second group of unused communication protocols, the second group including unused communication protocols which are unused during the first period of time. 
	(Syvänne, Column 6, Lines 4-18, “In accordance with the principles of the present invention, the personal firewall has different sets of rules for the home network (such as the private company network 
	(Syvänne, Column 3, Lines 39-64, “According to an aspect of the invention, security rules are defined, updated and distributed centrally by a centralized rule-based server. Especially the updating of the rules is challenging, because the rule updates must be applied as soon as possible, and therefore the process of updating rules in the personal firewalls must be automated. Updating of rules by push method from the centralized rule base server is not a sufficient option in this case. Use of DHCP (Dynamic Host Configuration Protocol), frequent travelling and the fact that at times the laptop may not be connected to any network makes it next to impossible for the centralized management to initiate contacts with the personal firewalls in the computer devices, because there is no way for the centralized management to know the IP address the computer device is using at a given moment. Therefore, according to an aspect of the invention, the personal firewall is configured to periodically query the availability of updated security rules from the centralized management. The queries should only be made, while the computer device is located in the home network, or optionally, when the computer device has a remote access (e.g. VPN connection) to the home network while being located in a foreign network. In other words, also the updating process is dependent on the current location of the computer device in a similar manner as the selection of the active rules, and similar methods can be utilized for determining the current location.”).

As Per Claim 3: The rejection of claim 2 is incorporated and further Syvänne teaches:
- the communication device is further configured to: disable the unused communication protocols; and send, responsive to disabling the unused communication protocols, a notification to a user indicating the disabling of the unused communication protocols. 
	(Syvänne, Column 6, Lines 4-18, “In accordance with the principles of the present invention, the personal firewall has different sets of rules for the home network (such as the private company network 10) and foreign network, such as the public Internet 12, or the foreign private network 13, or a network of another department of the company. It is not relevant to the present invention what kind of security rules are applied, but some examples are given in FIG. 3. For example, a rule base 301 for the foreign company network may list as allowed connections of protocols: hypertext transfer protocol (http), secured http (Https), domain name service (DNS), single message transfer protocol (SMTP) and a VPN connection with IPsec. In the preferred embodiment of the invention these rules are exclusive, in other words, other protocols and connections are denied and blocked by the personal firewall.”).
	(Syvänne, Column 3, Lines 39-64, “According to an aspect of the invention, security rules are defined, updated and distributed centrally by a centralized rule-based server. Especially the updating of the rules is challenging, because the rule updates must be applied as soon as possible, and therefore the process of updating rules in the personal firewalls must be automated. Updating of rules by push method from the centralized rule base server is not a sufficient option in this case. Use of DHCP (Dynamic Host Configuration Protocol), frequent travelling and the fact that at times the laptop may not be connected to any network makes it next to impossible for the centralized management to initiate contacts with the personal firewalls in the computer devices, because there is no way for the centralized management to know the IP address the computer device is using at a given moment. Therefore, according to an aspect of the invention, the personal firewall is configured to periodically query the availability of updated security rules from the centralized management. The queries should only be made, while the computer device is located in the home network, or optionally, when the computer device has a remote access (e.g. 

As Per Claim 4: The rejection of claim 2 is incorporated and further Syvänne teaches:
- determining the second group of unused communication protocols unused during the first period of time is performed periodically. 
	(Syvänne, Column 3, Lines 39-64, “According to an aspect of the invention, security rules are defined, updated and distributed centrally by a centralized rule-based server. Especially the updating of the rules is challenging, because the rule updates must be applied as soon as possible, and therefore the process of updating rules in the personal firewalls must be automated. Updating of rules by push method from the centralized rule base server is not a sufficient option in this case. Use of DHCP (Dynamic Host Configuration Protocol), frequent travelling and the fact that at times the laptop may not be connected to any network makes it next to impossible for the centralized management to initiate contacts with the personal firewalls in the computer devices, because there is no way for the centralized management to know the IP address the computer device is using at a given moment. Therefore, according to an aspect of the invention, the personal firewall is configured to periodically query the availability of updated security rules from the centralized management. The queries should only be made, while the computer device is located in the home network, or optionally, when the computer device has a remote access (e.g. VPN connection) to the home network while being located in a foreign network. In other words, also the updating process is dependent on the current location of the computer device in a similar manner as the selection of the active rules, and similar methods can be utilized for determining the current location.”).

As Per Claim 5: The rejection of claim 2 is incorporated and further Syvänne teaches:
- the communication device is further configured to determine a basis on which to identify unused communication protocols, the basis including at least one of a per-device basis or a per-zone basis. 
	(Syvänne, Column 6, Lines 4-26, “In accordance with the principles of the present invention, the personal firewall has different sets of rules for the home network (such as the private company network 10) and foreign network, such as the public Internet 12, or the foreign private network 13, or a network of another department of the company. It is not relevant to the present invention what kind of security rules are applied, but some examples are given in FIG. 3. For example, a rule base 301 for the foreign company network may list as allowed connections of protocols: hypertext transfer protocol (http), secured http (Https), domain name service (DNS), single message transfer protocol (SMTP) and a VPN connection with IPsec. In the preferred embodiment of the invention these rules are exclusive, in other words, other protocols and connections are denied and blocked by the personal firewall. For a default network, which may be the public Internet 12, the rule base 302 is similar to the rule base 301, except that the SMTP protocol is no longer allowed. For the home network 10, a rule base 300 is defined. The allowed protocols include, in addition to the http, https and the SMTP, also other transmission protocols, such as NetBEUI and IPX. The rule base 300 also allows a disc-share for predefined servers using NetBIOS. Other protocols and connections are denied.”).

As Per Claim 9: The rejection of claim 1 is incorporated and further Syvänne teaches:
- the communication device is further configured to: receive a second access attempt structured according to a communication protocol of the first group of used communication protocols; and allow, responsive to determining that the communication protocol is one of the first group of used communication protocols, the second access attempt. 
	(Syvänne, Column 6, Lines 4-26, “In accordance with the principles of the present invention, the personal firewall has different sets of rules for the home network (such as the private company network 

As Per Claims 10-14 and 18: Claims 10-14 and 18 are substantially a restatement of the system of claims 1-5 and 9 as a non-transitory computer-readable medium and are rejected under substantially the same reasoning.

As Per Claim 19: Claim 19 is substantially a restatement of the system of claim 1 as a method and is rejected under substantially the same reasoning.

As Per Claim 20: The rejection of claim 19 is incorporated and further Syvänne teaches:
- determining a second group of unused communication protocols, the second group including unused communication protocols which are unused during the first period of time; and disabling the unused communication protocols.
änne, Column 6, Lines 4-18, “In accordance with the principles of the present invention, the personal firewall has different sets of rules for the home network (such as the private company network 10) and foreign network, such as the public Internet 12, or the foreign private network 13, or a network of another department of the company. It is not relevant to the present invention what kind of security rules are applied, but some examples are given in FIG. 3. For example, a rule base 301 for the foreign company network may list as allowed connections of protocols: hypertext transfer protocol (http), secured http (Https), domain name service (DNS), single message transfer protocol (SMTP) and a VPN connection with IPsec. In the preferred embodiment of the invention these rules are exclusive, in other words, other protocols and connections are denied and blocked by the personal firewall.”).
	(Syvänne, Column 3, Lines 39-64, “According to an aspect of the invention, security rules are defined, updated and distributed centrally by a centralized rule-based server. Especially the updating of the rules is challenging, because the rule updates must be applied as soon as possible, and therefore the process of updating rules in the personal firewalls must be automated. Updating of rules by push method from the centralized rule base server is not a sufficient option in this case. Use of DHCP (Dynamic Host Configuration Protocol), frequent travelling and the fact that at times the laptop may not be connected to any network makes it next to impossible for the centralized management to initiate contacts with the personal firewalls in the computer devices, because there is no way for the centralized management to know the IP address the computer device is using at a given moment. Therefore, according to an aspect of the invention, the personal firewall is configured to periodically query the availability of updated security rules from the centralized management. The queries should only be made, while the computer device is located in the home network, or optionally, when the computer device has a remote access (e.g. VPN connection) to the home network while being located in a foreign network. In other words, also the updating process is dependent on the current location of the computer device in a similar manner as the selection of the active rules, and similar methods can be utilized for determining the current location.”).

Additional Cited Prior Art
	United States Patent Application Publication No.: US 2020/0259823 A1 (Biehl et al.) is a location aware security system.
	United States Patent Application Publication No.: US 2020/0051349 A1 (Campbel et al.) shows a system monitoring zones in a facility with options to change security requirements.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN A KAPLAN whose telephone number is (571)270-3170.  The examiner can normally be reached on 9:00 a.m. - 5:00 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN A KAPLAN/Examiner, Art Unit 2434