DETAILED ACTION
This office action is in response to applicant’s RCE submission filed on 03/30/2021.  Claims 1, 6, 10, 13, 14, 15, and 17 have been amended.  Claims 1-3 and 6-17 are pending and are directed towards apparatus, methods, and computer products for Transmitting and Receiving Cryptographically Protected Network Packets.  Examiner acknowledges applicant’s amendment to claims 6, 13, and 14 and therefore withdraws the previous office action’s objections to these claims.  In addition, the examiner acknowledges applicant’s amendment to claims 10, 13, and 14 and therefore withdraws the previous office action’s 112(b) rejection to these claims.  Finally, the examiner withdraws the previous office action’s 112(d) rejection to claims 15-17.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 03/30/2021 have been fully considered.
A) Applicant’s arguments, with respect to the 112(f) interpretation of claims 1, 8, 10, and 12, that “these claims should not be interpreted as invoking 112(f)” have been fully considered but they are not persuasive.

B) Applicant’s arguments, with respect to the newly amended limitation of claim 1, that Aravindakshan fails to teach “wherein the basic device functionality comprises a restricted safety function or a complete safety function” (page 12-13 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Analysis – 35 USC § 112 (f)
2.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

3.	 The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)      the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)      the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)     the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
4.	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient 
5.	Claim limitation(s) “first classification unit is configured … for selecting”, “security module is configured for a cryptographic processing”, “first packet adapting unit is configured to adapt”, “first classification unit is configured for storing”, “second classification unit is configured … for selecting”, “second security module is configured for cancelling”, “second packet adapting unit is configured to adapt”, and “second classification unit is configured for storing” has/have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because it uses/they use a generic placeholder “unit” and “module” coupled with functional language “configured … for selecting”, “configured for a cryptographic processing”, “configured to adapt”, “configured for storing”, “configured … for selecting”, “configured for cancelling”, “configured to adapt”, and/or “configured for storing”  without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not preceded by a structural modifier.
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claim(s) 1-12 and 16 has/have been interpreted to cover the 
6.	A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: Regarding the limitations “first classification unit is configured … for selecting”, “security module is configured for a cryptographic processing”, “first packet adapting unit is configured to adapt”, and “first classification unit is configured for storing”, Fig. 8 and paragraph 158 (of the Pre-Grant Publication) recite that the first modular security control apparatus comprises a first classification unit 820, a first security module 210, and a first packet adapting unit 840. Therefore, the four limitations invoke 112(f) and their corresponding structure are disclosed by the applicant’s Pre-Grant Publication.
	In addition, regarding the limitations “second classification unit is configured … for selecting”, “second security module is configured for cancelling”, “second packet adapting unit is configured to adapt”, and “second classification unit is configured for storing”, Fig. 9 and para 170 (of the Pre-Grant Publication) recite that the second modular security control apparatus comprises a second classification unit 920, a second security module 220, and a second packet 
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).
Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

8.	Claims 1-3 and 6-17 is rejected under 35 U.S.C. 103 as being unpatentable over Aravindakshan et al. (US Pub. 2013/0298201), hereinafter Aravindakshan, filed on May 3, 2013 in view of Oliver et al. (US Pub. 2017/0374028), hereinafter Oliver, filed on Jan. 28, 2015.
Regarding claim 1, Aravindakshan teaches a first modular security control apparatus for transmitting cryptographically protected network packets (Fig. 2A and para 68, line 21-24 and para 113, line 4-6 and para 173, line 1; appliance device, containing modules, provides a secure virtual private network connection to a client device where network packets transmission are protected with encryption), comprising: 
a control basic device (para 153, line 16; client device resource, such as CPU); 
a first classification unit, wherein the first classification unit is configured by means of a packet filter for selecting network packets using predefined selection parameters (para 266, line 4-15 and para 267, line 2-11 and para 268, line 8-11 and para 269, line 12-16; VPN manager, including an interceptor module and an application detector module, works with both the client and appliance device to 
a first security module, wherein the security module is configured for a cryptographic processing of at least one network packet portion of the selected network packets, the first security module being connected to the control basic device by means of a data connection via a data interface (Fig. 2A and para 68, line 21-24 and para 113, line 4-6 and para 245, line 12-14; appliance device provides a secure virtual private network connection to a client device where network packets transmission are protected with encryption and each appliance comprise a network interface connected to client device with CPU); and 
a first packet adapting unit, wherein the first packet adapting unit is configured to adapt the cryptographically processed network packets to a first destination network, wherein the control basic device is configured for cooperating with the first security module in order that the first modular security control apparatus transmits the cryptographically processed network packets as cryptographically protected network packets to the first destination network (Fig. 1B and para 266, line 4-15 and para 268, line 8-11 and para 269, line 1-12; VPN manager, including a configurator module and a packet producer module, works 
wherein the first security module is releasably connected to the control basic device (para 53, line 1 and line 8-9 and para 54, line 1-4 and para 91, line 1-13; the appliance device may be part of a network with a wire connection to a client computing device which includes a network interface comprising a USB network adapter capable of attaching to and detaching from the client device);
wherein the control basic device, with the first security module having been released, is operable with a basic device functionality (para 54, line 1-4 and para 86, line 6-17 and para 91, line 1-13; the client computing device containing CPU may be connected to the appliance device which is part of a network via a network interface and the client device itself contains components and performs operations common to a computer);
	Aravindakshan does not teach wherein the basic device functionality comprises a restricted safety function or a complete safety function.
	Oliver teaches wherein the basic device functionality comprises a restricted safety function or a complete safety function (para 20, line 1-16; as part of managing security related functionalities, a security control unit 115 may run in a restricted operation environment and may be located in a separate node).

Regarding claim 2, Aravindakshan and Oliver teach apparatus of claim 1.
Aravindakshan teaches the first security module comprises the first packet adapting unit and/or the first classification unit (para 266, line 4-15 and para 268, line 8-11 and para 269, line 1-12; VPN manager, including a configurator module, works with both the client containing CPU and appliance device to configure data packets for a VPN tunnel and to transmit encrypted data packets to a network).
Regarding claim 3, Aravindakshan and Oliver teach apparatus of claim 1.
Aravindakshan teaches the control basic device comprises the first packet adapting unit and/or the first classification unit (para 266, line 4-15 and para 268, line 8-11 and para 269, line 1-12; VPN manager, including a configurator module, works with both the client containing CPU and appliance device to configure data packets for a VPN tunnel and to transmit encrypted data packets to a network).
Regarding claim 6, Aravindakshan and Oliver teach apparatus of claim 1.
The first embodiment in Aravindakshan does not teach the control basic device is furthermore configured for cooperating with a further security module, which is exchangeable for the first security module- with a second cryptographic functionality for the cryptographic processing and/or a further security function of the security control apparatus
A second embodiment in Aravindakshan teaches the control basic device is furthermore configured for cooperating with a further security module, which is exchangeable for the first security module- with a second cryptographic functionality for the cryptographic processing and/or a further security function of the security control apparatus (Fig. 1B and 1C and para 62, line 5-8 and para 65, line 1-5 and para 153, line 16; client device containing CPU communicates with a WAN optimization appliance in place of the appliance device and the WAN optimization appliance encodes any type of data into custom or standard TCP and/or IP header fields of network packets for transmission purposes).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the first embodiment in Aravindakshan to incorporate the teachings of the second embodiment in Aravindakshan to provide a second device providing security 
Regarding claim 7, Aravindakshan and Oliver teach apparatus of claim 1.
Aravindakshan teaches the control basic device comprises a housing (Fig. 1B and 1E and para 86, line 1-9; client computing device is depicted as a computer with an outer housing and the computer includes a CPU inside), 
in the housing a recess is formed and configured for at least partly receiving the first security module (Fig. 1B and para 53, line 1-9 and para 54, line 1-4 and para 91, line 1-13; client computing device is depicted as a computer with an outer housing and includes a network interface comprising a USB network adapter which contains an opening for interfacing with a wire connection from a network appliance device), 
furthermore, an interface connection element for the data interface is provided in the control basic device in such a way that, with the first security module having been received in the recess, a data exchange between control basic device and first security module takes place (Fig. 1B and para 53, line 1-9 and para 54, line 1-4 and para 91, line 1-13; client computing device includes a network interface comprising a USB network adapter which contains an opening 
Regarding claim 8, Aravindakshan and Oliver teach apparatus of claim 1.
Aravindakshan teaches the first classification unit is configured for storing packet supplementary data for a respective network packet (para 20, line 2-7 and 13-15 and para 269, line 12-16; VPN manager, including an interceptor module and an application detector module, intercepts transmitted data packets containing routing data, timestamp the packets, and stores them into a queue to be processed later) and/or 
the first packet adapting unit takes account of at least one portion of the packet supplementary data during adapting (para 266, line 4-15 and para 268, line 8-11 and para 269, line 1-12; VPN manager, including a configurator module and a packet producer module, configures data packets containing destination routing data for a VPN tunnel) and/or 
the first security module takes account of at least one portion of the packet supplementary data during cryptographic processing (Fig. 2A and para 20, line 4-6 and para 68, line 21-24 and para 113, line 4-6; appliance device provides a secure virtual private network connection where transmitted network packets containing destination routing data are protected with encryption).
Regarding claim 9, Aravindakshan and Oliver teach apparatus of claim 1.
Aravindakshan teaches the units each have secure interfaces (para 266, line 1-6 and para 268, line 1-4 and para 269, line 6-10; after a user is authenticated, the user may have access to VPN manager and its various modules for processing data packets and establishing VPN tunnels), 
communication of data to the units or retrieval of data from the units is able to be carried out via the respective secure interface (para 266, line 1-6 and para 268, line 1-4 and line 11-14 and para 269, line 6-10; after a user is authenticated, the user may have access to VPN manager and its various modules for processing data packets and establishing VPN tunnels for communicating with a destination).
Regarding claim 10, Aravindakshan teaches a second modular security control apparatus for receiving cryptographically protected network packets (Fig. 1B and para 54, line 9-13 and para 113, line 4-6 and para 173, line 1; a second appliance device as part of a plurality of appliance devices, containing modules, receives network packets transmission protected with encryption), comprising: 
a control basic device (para 153, line 16; client device resource, such as CPU); 

a second security module, wherein the second security module is configured for canceling and/or evaluating a cryptographic protection of the protected network packet portion of the selected network packets, the second security module being connected to the control basic device by means of a data connection via a data interface (Fig. 1B and para 113, line 4-6 and para 245, line 12-14 and para 246, line 7-12 and line 23-24; second appliance device may decrypt the selected encrypted packets received from first appliance device over 
a second packet adapting unit, wherein the second packet adapting unit is configured to adapt the evaluated and/or the network packets without cryptographic protection to a second destination network, the control basic device is configured for cooperating with the second security2017 PG 9275US 62module in order that the second modular security control apparatus transmits the evaluated and/or the network packets without cryptographic protection to the second destination network (Fig. 1B and 2A and para 20, line 2-7 and para 113, line 4-6 and para 173, line 1 and para 246, line 7-12; second appliance device containing modules, in communication with client device containing CPU via the first appliance device, transmits the received data packet that is decrypted to a second network according to its destination routing data);
the second security module is detachably connected to the basic control unit (para 53, line 1 and line 8-9 and para 54, line 1-4 and para 91, line 1-13; the appliance device may be part of a network with a wire connection to a client computing device which includes a network interface comprising a USB network adapter capable of attaching to and detaching from the client device), the basic control unit can be operated with a basic unit functionality when a first safety 
Aravindakshan does not teach wherein the basic device functionality comprises a restricted safety function or a complete safety function.
	Oliver teaches wherein the basic device functionality comprises a restricted safety function or a complete safety function (para 20, line 1-16; as part of managing security related functionalities, a security control unit 115 may run in a restricted operation environment and may be located in a separate node).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Aravindakshan to incorporate the teachings of Oliver to provide as part of managing security related functionalities, a security control unit may run in a restricted operation environment.  Doing so would allow for secure means against attacks where controllers are configured to operate in different modes, as recognized by Oliver.
Regarding claim 11, Aravindakshan and Oliver teach apparatus of claim 10.

the transmission of the network packets into the second network is suppressed depending on a result of the evaluation (para 267, line 2-11; data packet may be prevented from using the VPN tunnel if the originating application of the data packet is not on the authorized applications list).
Regarding claim 12, Aravindakshan and Oliver teach apparatus of claim 10.
Aravindakshan teaches the second classification unit is configured for storing packet supplementary data for a respective network packet (Fig. 1B and para 20, line 2-7 and 13-15 and para 54, line 9-13 and para 269, line 12-16; VPN manager, including an interceptor module and an application detector module, intercepts transmitted data packets containing routing data, timestamp the packets, and stores them into a queue to be processed later), and/or 
the second packet adapting unit takes account of at least one portion of the packet supplementary data during adapting (Fig. 1B and 2A and para 20, line 2-7 and para 113, line 4-6; second appliance device transmits the received data 
the second security module takes account of at least one portion of the packet supplementary data during evaluation or cancelation of the cryptographic protection (Fig. 1B and 2A and para 113, line 4-6 and para 245, line 12-14; second appliance device may decrypt the selected encrypted packets containing destination routing data).
Regarding claim 13, Aravindakshan teaches a method for transmitting cryptographically protected network packets comprising the following method steps (para 68, line 21-24 and para 113, line 4-6; appliance device provides a secure virtual private network connection where network packets transmission are protected with encryption): 
selecting network packets by means of a packet filter using predefined selection parameters (para 267, line 2-11; determines which application the received data packet originated from and data packet may be allowed access to a network as a result of comparing it to a list of authorized applications); 
cryptographically processing at least one network packet portion of the respectively selected network packets (para 113, line 4-6; network packets communicated by the appliance device may be encrypted); 

transmitting the cryptographically processed network packets as cryptographically protected network packets to the first destination network (Fig. 1B and para 113, line 4-6; encrypted data packets are transmitted from the appliance device to a network destination);
wherein: 
a first modular security control device that sends cryptographically protected network packets to the first target network (Fig. 2A and para 68, line 21-24 and para 113, line 4-6; appliance device provides a secure virtual private network connection where network packets transmission are protected with encryption and are transmitted from the appliance device to a network destination), 
the first safety module is detachably connected to a basic control unit (para 53, line 1 and line 8-9 and para 54, line 1-4 and para 91, line 1-13; the appliance device may be part of a network with a wire connection to a client computing 
the basic control unit is operable with a basic unit functionality when a first safety module has been released (para 54, line 1-4 and para 86, line 6-17 and para 91, line 1-13; the client computing device containing CPU may be connected to the appliance device which is part of a network via a network interface and the client device itself contains components and performs operations common to a computer);
Aravindakshan does not teach wherein the basic device functionality comprises a restricted safety function or a complete safety function.
	Oliver teaches wherein the basic device functionality comprises a restricted safety function or a complete safety function (para 20, line 1-16; as part of managing security related functionalities, a security control unit 115 may run in a restricted operation environment and may be located in a separate node).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Aravindakshan to incorporate the teachings of Oliver to provide as part of managing security related functionalities, a security control unit may run in a restricted operation environment.  Doing so would allow for secure means against 
Regarding claim 14, Aravindakshan teaches a method for receiving cryptographically protected network packets comprising the following method steps (Fig. 1B and para 54, line 9-13 and para 113, line 4-6; a second appliance device as part of a plurality of appliance devices receives network packets transmission protected with encryption): 
receiving and selecting network packets by means of a packet filter using predefined selection parameters, wherein at least one portion of a respective network packet is cryptographically protected (Fig. 1B and para 113, line 4-6 and para 246, line 7-12 and para 269, line 12-16; VPN manager works with the second appliance device to determine which application the received data packet originated from and data packet may be allowed access to a network as a result of comparing it to a list of authorized applications and encrypted packets are communicated from first appliance device); 
canceling and/or evaluating a cryptographic protection of the protected network packet portion of the respectively selected network packets (Fig. 1B and para 113, line 4-6; the selected encrypted data packet received from the first 
adapting the evaluated and/or the network packets without cryptographic protection to a second destination network (Fig. 1B and para 20, line 2-7 and para 113, line 4-6; second appliance device transmits the received data packet that is decrypted to a second network according to its destination routing data); and 
transmitting the evaluated network packets and/or the network packets without cryptographic protection to the second destination network (Fig. 1B and para 113, line 4-6 and para 246, line 7-12; second appliance device transmits the received data packet that is decrypted to a second network);
wherein: 
a second modular security control device sends the evaluated and/or the network packets without cryptographic protection to the second target network (Fig. 1B and para 113, line 4-6 and para 245, line 12-14 and para 246, line 7-12 and line 23-24; second appliance device may decrypt the selected encrypted packets received from first appliance device over the network and second appliance device uses its network interface to eventually connect to client device);

the basic control unit is operable with a basic unit functionality when a first safety module has been released (para 54, line 1-4 and para 86, line 6-17 and para 91, line 1-13; the client computing device containing CPU may be connected to the appliance device which is part of a network via a network interface and the client device itself contains components and performs operations common to a computer);
Aravindakshan does not teach wherein the basic device functionality comprises a restricted safety function or a complete safety function.
	Oliver teaches wherein the basic device functionality comprises a restricted safety function or a complete safety function (para 20, line 1-16; as part of managing security related functionalities, a security control unit 115 may run in a restricted operation environment and may be located in a separate node).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 
Regarding claim 15, Aravindakshan teaches a computer program product, comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method comprising program commands (para 87, line 1-3 and para 88, line 1-4; central processing unit is logic circuitry that processes instructions fetched from the main memory chip) for carrying out the method as claimed in claim 13 (see claim 13 for teachings for the method being claimed here).
Regarding claim 16, Aravindakshan teaches a computer program product, comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method comprising program commands for a construction device which is configured by means of the program commands to construct (para 87, line 1-3 and para 88, line 1-4 and para 173, line 
Furthermore, see teachings for claim 1 for the one of the modular security control apparatuses being claimed here.
Regarding claim 17, Aravindakshan teaches a providing device for a computer program product, comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement the method as claimed in claim 14, wherein the providing device stores and/or provides the computer program product (para 86, line 1-9 and para 87, line 1-3 and para 88, line 1-4; a computing device, for carrying out the functionalities of the client device and appliance device, may include central processing unit is logic circuitry that processes instructions fetched from the main memory chip).
Furthermore, see teachings for claim 14 for the method being claimed here.
Conclusion
9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Buer et al. (US Pub. 2004/0143734) discloses a security device provides security processing in the data path of a packet network; Cumming et al. (US Pub. 2012/0311314) discloses the processor has a restricted mode and a de-restricted mode and is set into the restricted mode by a hardware setting or other mechanism protected by hardware, the code authentication procedure being configured to operate at a higher security level in the restricted mode and a lower security level in the derestricted mode; Davis et al. (US Pub. 2010/0169636) discloses a security processor performs all or substantially all security and network processing to provide a secure I/O interface system to protect computing hardware from unauthorized access or attack.
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492