DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 11/23/2019.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on November 23, 2019 claims priority of continuing application 15/603,232 filed on May 23, 2017, which claims priority of continuation in part application 14/827,144, which claims priority of provisional application filed on April 06, 2014.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 4-7, 11-12 and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. (US PAT. # US 8,868,757, hereinafter “Liu”), and further in view of Frenkel et al. (US PGPUB. # US 2009/0319773, hereinafter “Frenkel”).

Referring to Claims 1 and 11:
Regarding Claim 1, Liu teaches,
An apparatus comprising: 
one or more request servers interfacing with one or more first networks via one or more first network interfaces (CL(4), LN(30-35), “the computerized device includes a memory system, a processor, communications interface in an interconnection mechanism connecting these components”, Fig. 3(12), CL(6), LN(37-44), “The Web Service gateway (TARGET) 32 is disposed between the first firewall 14 and client 12 of a first domain”, i.e. client (request server) interfaced with one or more domains (networks)) , wherein the one or more request servers comprise at least one hardware processor (CL(4), LN(30-35), “a processor”, CL(4), LN(63-67), CL(8), LN(29-36)); 
one or more response servers interfacing with one or more second networks via one or more second network interfaces (CL(4), LN(30-35), “the computerized device includes a memory system, a processor, communications interface in an interconnection mechanism connecting these components”, Fig. 3(18), CL(6), LN(37-44), “the second firewall 16 and server 18 of a second domain”, i.e. a response server interfaced with one or more second domain (networks))wherein the one or more response servers comprise at least one hardware processor (CL(4), LN(30-35), “a processor”, CL(4), LN(63-67), CL(8), LN(29-36)); 
one or more robots interfacing with a secure system (Fig. 2(32, 38), CL(6), LN(40-44), “TARGET 32 includes WSDLs 34, a tunnel server 36 and a router 38”, Examiner submits that as per the paragraph 114 of the disclosure a routing system is considered as a robot); 
one or more first unidirectional data channels that do not permit reverse data transmission (Fig. 2(40), CL(7), LN(4-7), “unidirectional connections 40”, i.e. first unidirectional connection (channel) that do not permit reverse data transmission) the one or more first unidirectional data channels connected such that the one or more robots receive information from the one or more request servers exclusively via the one or more first unidirectional data channels (Fig. 2(40, 32, 38), CL(7), LN(1-7), “there must be an intermediary router gateway 32 sitting between the client and the server to bridge the two unidirectional connections 40 and 42 into one two-way connection”, i.e. a router (robot) receives data from the client via unidirectional connection 40); 
[one or more second unidirectional data channels that do not permit reverse data transmission, the one or more second unidirectional data channels connected such that] the one or more response servers Fig. 3(18), CL(6), LN(37-44), “the second firewall 16 and server 18 of a second domain”, i.e. a response server interfaced with one or more second domain (networks)) [receive information from the one or more robots exclusively via the one or more second unidirectional data channels]; and the one or more first unidirectional data channels and (Fig. 2, Fig. 3, CL(7), LN(1-10), CL(7), LN(23-37), i.e. information is transmitted via first unidirectional channel to the response server) 
Liu does not teach explicitly,
one or more second unidirectional data channels that do not permit reverse data transmission, the one or more second unidirectional data channels connected such that [the one or more response servers] receive information from the one or more robots exclusively via the one or more second unidirectional data channels; [and the one or more first unidirectional data channels] and 
the one or more second unidirectional data channels rendering the secure system not visible from the one or more first network interfaces and not visible from the one or more second network interfaces.
However, Frenkel teaches,
one or more second unidirectional data channels that do not permit reverse data transmission (Fig. 3(54, ¶67, “gateway 52 may be connected to public network 26 via a one-way link 54, i.e., a communication link that is physically configured to carry signals in one direction and to be incapable of carrying signals in the opposite direction”, i.e. one-way link (unidirectional channel) that do not permit reverse data transmission), the one or more second unidirectional data channels connected such that [the one or more response servers] receive information from the one or more robots exclusively via the one or more second unidirectional data channels (¶68-¶69, “Gateway 52 sends the encrypted data over link 54 to destination computer 58.”, i.e. received data via second one-way (unidirectional channel)); [and the one or more first unidirectional data channels] and 
the one or more second unidirectional data channels rendering the secure system not visible from the one or more first network interfaces and not visible from the one or more second network interfaces (¶67, “The one-way link makes it impossible for a hacker outside network 22 to tamper with gateway 52 (or with other computers in network 22 via the gateway, assuming there is no other ingress to network 22)”, i.e. one-way link (second unidirectional channel) renders the secure system not visible from the second network interface).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Frenkel with the invention of Liu.
Liu teaches, a unidirectional channel transmitting data from one endpoint to a second endpoint via a gateway router. The unidirectional channel does not permit reverse data transmission. Frenkel teaches, a second one-way link transmitting data to endpoint from a gateway. Therefore, it would have been obvious to have a second one-KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 11, it is a method claim of above apparatus claim 1, and therefore Claim 11 is rejected with the same rationale as applied against Claim 1 above.

Referring to Claims 2 and 12:
Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Liu teaches,
The apparatus of claim 1, wherein the one or more robots each comprise one or more routing systems (Fig. 2(32, 38), CL(6), LN(40-44), “TARGET 32 includes WSDLs 34, a tunnel server 36 and a router 38”, i.e. one or more robots comprises a routing system).

Regarding Claim 12, rejection of Claim 11 is included and Claim 12 is rejected with the same rationale as applied against Claim 2 above.

Referring to Claims 4 and 14:
Regarding, Claim 4 rejection of Claim 1 is included and for the same motivation Liu teaches,
The apparatus of claim I, wherein the one or more first unidirectional data channels are uncoupled from the one or more second unidirectional data channels (Fig. 2 (40, 42), CL(7), LN(1-10), “there must be an intermediary router gateway 32 sitting between the client and the server to bridge the two unidirectional connections 40 and 42 into one two-way connection”, i.e. two unidirectional channels are uncoupled).

Regarding Claim 14, rejection of Claim 11 is included and Claim 14 is rejected with the same rationale as applied against Claim 4 above.

Referring to Claims 5 and 15:
Regarding, Claim 5 rejection of Claim 1 is included and for the same motivation Liu does not teach explicitly,
The apparatus of claim 1, wherein outgoing data flowing from the one or more robots to the one or more response servers is encrypted.
However, Frenkel teaches,
The apparatus of claim 1, wherein outgoing data flowing from the one or more robots to the one or more response servers is encrypted (Fig. 1 (24, 22,30), ¶49-¶50, “Gateway 24 encrypts the traffic, as described hereinbelow, and then transmits the traffic in encrypted form toward the appropriate destination”, Fig. 2(42), ¶55, i.e. outgoing data is encrypted).
Regarding Claim 15, rejection of Claim 11 is included and Claim 15 is rejected with the same rationale as applied against Claim 5 above.

Referring to Claims 6 and 16:
Regarding, Claim 6 rejection of Claim 5 is included and for the same motivation Liu does not teach explicitly,
The apparatus of claim 5, wherein the outgoing data is encrypted by the one or more robots using encryption keys.
However, Frenkel teaches,
The apparatus of claim 5, wherein the outgoing data is encrypted by the one or more robots using encryption keys (¶28, “to encrypt the data using an encryption key selected from a set of one or more keys”, ¶44, ¶55, “the gateway chooses the key using a pseudo-random process. The key may be chosen by selection from a list that was prepared in advance, or it may be chosen by pseudo-random generation at the time the data packet is received”).

Regarding Claim 16, rejection of Claim 15 is included and Claim 16 is rejected with the same rationale as applied against Claim 6 above.

Referring to Claims 7 and 17:
Regarding, Claim 7 rejection of Claim 6 is included and for the same motivation Liu does not teach explicitly,
The apparatus of claim 6, wherein a new set of encryption keys is used by the one or more robots for each separate data transaction.
However, Frenkel teaches,
The apparatus of claim 6, wherein a new set of encryption keys is used by the one or more robots for each separate data transaction (¶55, “the gateway chooses the key using a pseudo-random process. The key may be chosen by selection from a list that was prepared in advance, or it may be chosen by pseudo-random generation at the time the data packet is received”, i.e. new set of keys is used for each separate transaction).

Regarding Claim 17, rejection of Claim 16 is included and Claim 17 is rejected with the same rationale as applied against Claim 7 above.

Claims 3, 8-10, 13 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. (US PAT. # US 8,868,757, hereinafter “Liu”), and further in view of Frenkel et al. (US PGPUB. # US 2009/0319773, hereinafter “Frenkel”), and further in view of Zuk et al. (US PGPUB. # US 2015/0026794, hereinafter “Zuk”).

Referring to Claims 3 and 13:
Regarding, Claim 3 rejection of Claim 2 is included and combination of Liu and Frenkel does not teach explicitly,
The apparatus of claim 2, wherein the one or more robots comprise at least one software-defined router.
However, Zuk teaches,
The apparatus of claim 2, wherein the one or more robots comprise at least one software-defined router (Fig. 1(108), ¶34, “client device or server device 102 is in communication with client device or server device 108 via SDN network device 104 (e.g., a network device that is SDN-compliant/compatible, such as a switch, router, and/or another type of network device, which can be a physical network device and/or a virtual network device, such as hypervisor-based))”, i.e. one or more router (robots) is a software defined (SDN) router).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Zuk with the invention of Liu in view of Frenkel.
Liu in view of Frenkel teaches, a unidirectional channel transmitting data from one endpoint to a second endpoint via a gateway router. The unidirectional channel does not permit reverse data transmission and a second one-way link transmitting data to endpoint from a gateway. Zuk teaches, a software defined router. Therefore, it would have been obvious to have a software defined router of Zuk into the teachings of Liu in view of Frenkel to transmit data securely from one endpoint to another endpoint using an intelligent software defined router and avoiding outside attack. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Regarding Claim 13, rejection of Claim 12 is included and Claim 13 is rejected with the same rationale as applied against Claim 3 above.

Referring to Claims 8 and 18:
Regarding, Claim 8 rejection of Claim 6 is included and combination of Liu and Frenkel does not teach explicitly,
The apparatus of claim 6, wherein incoming request information flowing from the one or more request servers to the one or more robots is encrypted.
However, Zuk teaches,
The apparatus of claim 6, wherein incoming request information flowing from the one or more request servers to the one or more robots is encrypted (Fig. 6, ¶57, “If applicable, SSL decryption is applied using, for example, an SSL decryption engine using various techniques as described herein”, Fig. 7, ¶60, “If the monitored traffic is encrypted (e.g., encrypted using HTTPS, SSL, SSH, or another known encryption protocol), then the monitored traffic can be decrypted using a decrypt engine 710”, i.e. traffic is decrypted indicates that the traffic to router was encrypted).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.

Liu in view of Frenkel teaches, a unidirectional channel transmitting data from one endpoint to a second endpoint via a gateway router. The unidirectional channel does not permit reverse data transmission and a second one-way link transmitting data to endpoint from a gateway. Zuk teaches, a software defined router. Therefore, it would have been obvious to have a software defined router of Zuk into the teachings of Liu in view of Frenkel to transmit data securely from one endpoint to another endpoint using an intelligent software defined router and avoiding outside attack. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).

Regarding Claim 18, rejection of Claim 16 is included and Claim 18 is rejected with the same rationale as applied against Claim 8 above.

Referring to Claims 9 and 19:
Regarding, Claim 9 rejection of Claim 8 is included and for the same motivation combination of Liu and Frenkel does not teach explicitly,
The apparatus of claim 8, wherein the incoming request information is decrypted by the one or more robots.
However, Zuk teaches,
The apparatus of claim 8, wherein the incoming request information is decrypted by the one or more robots (Fig. 7, ¶60, “If the monitored traffic is encrypted (e.g., encrypted using HTTPS, SSL, SSH, or another known encryption protocol), then the monitored traffic can be decrypted using a decrypt engine 710”, i.e. traffic is decrypted by the router (robot)).

Regarding Claim 19, rejection of Claim 18 is included and Claim 19 is rejected with the same rationale as applied against Claim 9 above.

Regarding, Claim 10 rejection of Claim 9 is included and for the same motivation combination of Liu and Frenkel does not teach explicitly,
The apparatus of claim 9, wherein the one or more first networks are the one or more second networks.
However, Zuk teaches,
The apparatus of claim 9, wherein the one or more first networks are the one or more second networks (Abstract, Fig. 1, ¶5, Fig. 2, ¶6, ¶31, “SDN networks (e.g., SDN networks and/or other network architectures that decouple the control and data planes) can be used to provide for more flexible and dynamic network architectures that are used for various changing network patterns”, ¶34, ¶43, i.e. first networks and second networks are same).

Regarding, Claim 20 rejection of Claim 19 is included and for the same motivation combination of Liu and Frenkel does not teach explicitly,
The method of claim 19, wherein the one or more robots comprise at least one software-defined router.
However, Zuk teaches,
The method of claim 19, wherein the one or more robots comprise at least one software-defined router (Fig. 1(108), ¶34, “client device or server device 102 is in communication with client device or server device 108 via SDN network device 104 (e.g., a network device that is SDN-compliant/compatible, such as a switch, router, and/or another type of network device, which can be a physical network device and/or a virtual network device, such as hypervisor-based))”, i.e. one or more router (robots) is a software defined (SDN) router).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Fausak et al. (US PAT. # US 8,910,273) discloses, setting up VPN connection are provided. Method includes facilitating creating gateway connection between client side and server side. Client side comprises multiple client side virtual NICs and server side comprises multiple server side virtual NICs. Method includes facilitating creating data paths for VPN connection between each of at least portion of client side virtual NICs and each of at least portion of server side virtual NICs. Data path of each pair of corresponding client side virtual NICs and corresponding server side virtual NIC is associated with gateway connection and port forward. Method includes facilitating 
Balfanz et al. (US PGPU. # US 2004/0098581) discloses, computer users to simply create, provision, and maintain secured infrastructure--an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.
Ternullo et al. (US PGPUB. # US 2002/0023249) discloses, a system and method for performing reliable unidirectional communication in a data network is disclosed. Unidirectional data is sent from a transmitting device to a receiving device. Prior to transmission, the data is divided into a window (401a) comprised of data bytes. A checksum value (407) is computed across data bytes comprising window (401a). Checksum value (407) is placed into an XML integrity element (402) that encapsulates window (401a) in a manner allowing a receiving device to use the contents of integrity element (402) to validate the received window (401a). Checksum value (407) is compared to a second check sum value computed across window (401a) at the receiving device. If checksum value (407) matches the second checksum value, window (401a) is validated. 
Zhang et al. (US PGPUB. # US 2014/0072781) discloses, a gateway apparatus supports differentiated secure communications among heterogeneous electronic 
Reshef et al. (US PAT. # US 6,321,337) discloses, a security gateway system positioned between an external, untrusted computing environment and an internal, trusted computing environment that converts messages received from the external environment into simplified messages and converts the simplified messages into messages suitable for use on the internal environment. The conversion involves the removal of external environment transfer protocols and the reduction of the content of the messages left after removing the protocols into a simplified representation of the content to create a simplified message. The simplified representation is then converted to an internal message by converting the simplified representation to a representation appropriate to the internal environment, including to applications operating on the internal environment, and adding internal environment protocols, including transfer protocols, to the converted message. Simplified representations exist for some but not necessarily all types of content which may be received from the external environment, thus limiting the content which may be passed from the external to the internal environment.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DARSHAN I DHRUV/           Primary Examiner, Art Unit 2498