Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/29/2021 has been entered.
 
3.	This Office Action is in response to the Amendment filed on 5/20/2021.

4.	Applicant submitted an amendment on 5/20/2021, amending claims 1, 14 and cancelling claim 11. 

5.	As per instant Examiner Amendment, claims 1 and 14 have been further amended.
6.	Claims 1-10 and 12-20 have been examined and are pending in this application. Claims 1 and 14 are independent.

s 1-10 and 12-20 are allowed.

EXAMINER'S AMENDMENT
8.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Attorney Christopher J. Rourk (Reg. No. 39,348) on May 20, 2021.

The application has been amended as follows: 

1. (Currently Amended) A method for filtering data packets at a firewall system comprising:
receiving a data packet that is transmitted over a public network, the data packet having a plurality of fields at a data packet system;
determining whether a precondition evaluates to true for one or more of the plurality of fields, where an action is associated the precondition;
performing the action associated with the precondition on the data packet if it is determined that the precondition exists for one or more of the plurality of fields;
processing the data packet using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields;
identifying a user associated with the data packet;
by comparing one or more data fields from the data packet with the one or more data fields of the cache, wherein the cache is separate from the data packet system; 
processing the one or more rules stored in the cache to provide user group matching to identify one or more groups that are associated with the user that are not mentioned in a policy that are to be ignored, and wherein the cache is checked for one or more remaining groups; and
processing the data packet using the one or more rules stored in the cache if present.

11.	(Cancelled). 

14.	(Currently Amended) A firewall system for filtering data packets comprising:
a first processor configured to receive a data packet that is transmitted over a public network, the data packet having a plurality of fields from a network interface at a data packet system;
a second processor configured to retrieve a precondition from a data memory device and to use the precondition to determine whether a precondition evaluates to true for one or more of the plurality of fields by comparing the precondition to the one or more of the plurality of fields, where an action is associated the precondition;
a third processor configured to perform the action associated with the precondition on the data packet if it is determined by the second processor that the precondition exists for one or more of the plurality of fields;
a fourth processor configured to process the data packet using a plurality of rules if it is determined by the second processor that the precondition does not exist for the one or more of the plurality of fields; and
a fifth processor configured to determine whether one or more rules are stored in a cache for one or more of a plurality of groups associated with a user by comparing one or more data fields from the data packet with the one or more data fields of the cache and to process the data packet using the one or more rules stored in the cache if present, wherein the cache is separate from the data packet system, and to process the one or more rules stored in the cache to provide user group matching to identify one or more groups that are associated with the user that are not mentioned in a policy that are to be ignored, and wherein the cache is checked for one or more remaining groups.


Examiner's Statement of reason for Allowance
9.	Claims 1-10 and 12-20 are allowed.
10.	The following is an examiner’s statement of reasons for allowance: 
The present invention is directed to a system has a solution generation unit which generates solution, when the receiving unit receives the partial solution transmitted from the transmitter. A partial solution generation unit generates the partial solution from the solution generated by the solution generation unit. An authentication unit authenticates the transmitter that sends the valid partial solution, when one of the partial solutions generated by second partial solution generation unit is associated with the receiver corresponding to the partial solution transmitted from the transmitter.
The closest prior art, as previously recited, 

packet filtering cache results based on rule priority, the network node comprising: a cache of results of a packet filtering rule set to store a plurality of entries, each cache entry including a rule identifier of a packet filtering rule to which the cache entry relates and a rule set version identifier that identifies a version of the packet filtering rule set when the cache entry was created; a version memory to store a highest priority rule modified for each of a plurality of rule set version identifiers; a current rule set version identifier identifying a current version of the packet filtering rule set; and a packet processor to: determine, when a cache entry corresponding to a received packet is included in the cache, whether the rule identifier included in the cache entry is of a higher priority than a highest priority rule stored in the version memory for the rule set version identifier included in the cache entry, and apply, to the packet, an action included in the cache entry when the rule identifier included in the cache entry is of a higher priority.

12.	Teal (Pub. No.: US 2019/0081983 A1) provides a data recorder on a firewall, and the method may further include applying a network security rule at the firewall based on the process data, e.g., to control network communications associated with the first process or one or more other processes executing on the endpoint. In this manner, an endpoint firewall may usefully be controlled based on a set of firewall rules or properties stored in, or secured by, a tamper protection cache and an endpoint protection driver as 

13.	Kraft (US patent No. 10,878,110 B2) provides a data packet filter firewall is to use a memory cache. In such a system, when a data packet arrives, the relevant parameters (e.g. source and destination) of the data packet are stored in a cache. In addition, after the packet filter rules have been applied to the received data packet, the disposition (e.g. allow or deny) is also stored in the cache associated with the relevant parameters of the received data packet. Thereafter, if a data packet is received with parameters which are the same as parameters previously stored in the cache, the firewall can apply the associated disposition without applying all the rules to the data packet. This enhances performance in view of the fact that for certain applications, ongoing communications will occur between two computers, and there is no need to check every data packet exchanged between the computers during the communication session (i.e., connection). Thus, while this technique improves performance for data packets exchanged during connections, the technique does not improve performance for new connections.

11. 	Krishnan et al. (US patent No.: 6,606,710 B2) provides a data packet filter firewall is to use a memory cache. In such a system, when a data packet arrives, the relevant parameters (e.g. source and destination) of the data packet are stored in a cache. In addition, after the packet filter rules have been applied to the received data packet, the disposition (e.g. allow or deny) is also stored in the cache associated with the relevant parameters of the received data packet. Thereafter, if a data packet is received with parameters which are the same as parameters previously stored in the cache, the firewall can apply the associated disposition without applying all the rules to the data packet. This enhances performance in view of the fact that for certain applications, ongoing communications will occur between two computers, and there is no need to check every data packet exchanged between the computers during the communication session (i.e., connection). Thus, while this technique improves performance for data packets exchanged during connections, the technique does not improve performance for new connections.

12. 	Santos et al. (US patent 8,627,448 B2) provide the node have a current rule set version identifier identifying a current version e.g. alphanumeric value, of a packet filtering rule set. A packet processor e.g. CPU, determines whether a rule identifier included in a cache entry has higher priority than a highest priority rule stored in a version memory e.g. RAM, for the version identifier when the entry corresponding to a received packet is included in a cache . The processor applies an action included in the entry to the packet when the rule identifier included in the entry has the higher priority.

Conclusion
13	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932.  The examiner can normally be reached on Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center 






A.G.
May 20, 2021
/ABIY GETACHEW/Primary Examiner, Art Unit 2434