DETAILED ACTION

1.	Notice of Pre-AIA  or AIA  Status:  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-4, 7-21, 14-19, and 20 are presented for allowance. 

3.	Claims 6, 13, and 20 have been canceled, and claims 1, 7, 8, 14, 15, and 21 have been amended as filed on April 22, 2021.

4.	Claims 8-12 and 14 have been amended via an Examiner’s Amendment.

5.	This allowance of application 16/251369 is in response to Applicant’s claim amendments and remarks filed on April 22, 2021.


Claim Interpretations

8.	Claim 1 recites “firewall security layer.”  Since the instant specification does not explain the recited “firewall security layer,” a brief search reveals Cisco’s “what is a Firewall” that explains a firewall(s), and reveals Stranksy-Heilkron, Cheswick, and Doherty which explain the “firewall security layer.”

	Prior art Cisco (“What is a Firewall”, 2020) (page 1) teach “a firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.”  (page 2) teach “Types of Firewalls”…   “Proxy firewall – An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application.  Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network.  However, this also may impact throughput capabilities and the applications they can support.”  “Stateful inspection firewall – now thought of as a ‘traditional’ firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol.  It monitors all activity from the opening of a connection until it is closed.  Filtering decisions are made based on both administrator – defined rules as well as context, which refers to using information from previous connections and packet belonging to the same connection.”  “Unified Threat Management (UTM) firewall – a UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus.  It may also include additional services and often cloud management.  UTMs focus on simplicity and ease of use.”  “Next-Generation FireWall (NGFW) – Firewalls have evolved beyond simple packet filtering and stateful inspection.  Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.”  “According to Garner, Inc.’s definition, a next-generation firewall must include:  Standard firewall capabilities like stateful inspection, integrated intrusion prevention, application awareness and control to see and block risky apps, upgrade paths to include future information feeds, and techniques to address evolving security threats.”  “Threat-focused NGFW – there firewalls include all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation.  With a threat-focused NGFW you can:  known which assets are most at risk with complete context awareness, quickly react to attacks with intelligent security automation that sets policies and hardens your defenses dynamically, better detect evasive or suspicious activity with network and endpoint event correlation, greatly decrease the time from detection to cleanup with retrospective security that continuously monitors for suspicious activity and behavior even after initial inspection, and ease administration and reduce complexity and unified policies that protect across the entire attack continuum.”  (page 3) teach “Virtual firewall – a virtual firewall is typically deployed as a virtual appliance in a private cloud (VMWare ESXi, Microsoft Hyper-V, KVM) or public cloud (AWS, Azure, Google, Oracle) to monitor and secure traffic across physical and virtual networks.  A virtual firewall is often a key component in software-Defined Networks (SDN).” 

9.	Prior art Stranksy-Heilkron (US Pub 20170180395) [0019] teach “malware detection logic and security clients may have component(s) or a type of firewall and security layer (hereinafter a ‘Security Wall’) configured to perform a plurality of malware detection, protection, and other security functions including verification(s) tests comprising a port verification, content verification for virus detection, a deep pocket inspection for detection of known attacks, or generation of alarms.”

10.	Prior art Cheswick et al. (US H001944) (col 3 lines 50 -to- col 4 line 4) teach “a firewall security device is configured for connection to individual clients, e.g., personal computers, for providing firewall security measures directly to the client.  The firewall security device [] is configured as an electronic dongle which is attached to a communications port of the client, e.g., the parallel communications port.  In accordance with the invention, the incoming communications stream to the client from, e.g., routines thereby protecting the client from security breaches triggered by the communication traffic received from the public network.  Illustratively, the set of security routines define at least one security level to which all communication exchanged by the client must comply thereby insuring the integrity of the private network in which the client is interconnected.  Advantageously, [] the firewall is delivered directly by the client without intervention, use, or connection to a separate firewall server,” (col 5 lines 1-25) teach “when firewall security device 200 is connected to a user terminal [] all communications traffic to and from the user terminal is passed through firewall security device 200.  Thus, peripheral device I/O interface 215 facilitates the exchange of data communications between the firewall security device 200, the user terminal to which firewall security device 200 is connected, and some external network, e.g., the Internet,”  “The user terminal to which firewall security device 200 is connected has certain conventional software drivers to facilitate the direction of all communications traffic exchanged by the user terminal through firewall security device 200,” “such software drivers are in the form of well-known Dynamic Link Library (‘DLL’) drivers.  DLL’s are well-known libraries of functions that applications link to at execution time as opposed to compile time,” “DLL’s provide the facilities for the direction of all communications traffic exchanged by the user terminal through firewall security device 200,” (col 5 lines 27-30) “the DLL can provide an additional layer in a conventional TCP/IP stack, between either the user terminal and IP layers, or between IP layers and well-known TCP/UDP layers, to intercept, divert, and/or block packets,” (col 5 lines 42-61) teach “TCP/IP stack 600 further includes firewall security layer 640 implemented through a DLL, as described above, which facilities the direction of all communications traffic exchanged by the client through firewall security device 200 for delivering the various security aspects,” and (col 5 lines 48-61) incoming communication stream 610 [] is received and processed through ethernet layer 630 and immediately directed through firewall security device 200 for delivery of the client-based firewall in accordance with the invention.  The direction of incoming communications stream 610 is facilitated by firewall security layer 640 as well as the continuing transmission and processing of incoming communications stream 610 up through TCP/IP stack 600.  Further, outgoing communications stream 620 from the client [] is also transmitted down through TCP/IP 600 stack to firewall security device 200 to ensure the security of the outgoing transmission.”  

11.	Prior art Doherty et al., (US Pub 20050033984) [0005] teach “solutions proposed to prevent intrusion in a host system fall under two main categories:  external protection or internal protection.  External protection scenarios include [] firewalls and routers which provide protection against various attacks (e.g., denial of service or DoS attacks) on a network infrastructure.  The firewall approach prevents unauthorized access from an outsider [] by monitoring traffic on critical incoming ports.  The firewall security level is a control layer inserted between a local private network and an outside internet network.  The firewall security layer permits only some traffic to pass through.  The firewall is configured by a host master of the local private network based on the local private network’s security policy.”  “The firewall, moreover, cannot block all IP addresses.  An attacker (outsider, unauthorized user or hacker) is able to exploit this vulnerability.  In this scenario, the attacker masks any harmful intent at the beginning of a session, gains access to sensitive data, and at a later point, attacks the host system.  The firewall security level has to update the harmful addresses after such attack or intrusion occurred.  Thus, the firewall solution fails to offer a real-time blocking solution with regard to such harmful IP addresses.”

Based on explanations from these prior arts, a typical firewall and a “firewall security layer” are different.  The “firewall security layer” functions with the TCP/IP.  These explanations provide the interpretation applied to all the claims.


12.	Claim 4 recites “binary security criteria.”  Specification [004] states “the firewall security layer may be a binary security criteria.  The firewall security layer may include a kernel-level binary system integrity validation and restoration.”  This explanation/interpretation is applied to all the claims.

Examiner’s Amendment

13.	An examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR § 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the Issue Fee.

14.	Authorization for this examiner’s amendment was given by Michael Abramson via email to USPTO on July 1, 2021.

15.	The claims have been amended as follows:

1.	(Previously Presented) A computer-implemented method comprising:
applying, by a computing device, a firewall security layer to software for hardware interface;
securing sensor data imported by the hardware interface using the firewall security layer;
providing the sensor data to an artificial intelligence (AI) expert system; 
analyzing the sensor data provided to the AI expert system; 
providing, via a user interface, an indication of an insecure condition based upon, at least in part, analysis of the sensor data; and
sharing kernel binary level asset data with the AI expert system using one of a wired and a wireless interface.  

2.	(Original) The computer-implemented method of claim 1 wherein the user interface includes a graphical user interface.

3.	(Original) The computer-implemented method of claim 1 wherein the user interface includes one or more indicator diodes.

4.	(Original) The computer-implemented method of claim 1 wherein the firewall security layer is a binary security criteria.

5.	(Original) The computer-implemented method of claim 1 where the firewall security layer includes a kernel-level binary system integrity validation and restoration.

6.	(Cancelled)  

7.	(Previously Presented) The computer-implemented method of claim 1 wherein the kernel binary level asset data includes at least one of information technology, operational technology, and internet of things asset data.

8.	(Currently Amended) A  non-transitory computer readable storage medium having a plurality of instructions stored thereon which, when executed across one or more processors, causes at least a portion of the one or more processors to perform operations comprising:
applying a firewall security layer to software for hardware interface;
securing sensor data imported by the hardware interface using the firewall security layer;
providing the sensor data to an artificial intelligence (AI) expert system; 
analyzing the sensor data provided to the AI expert system; 
providing, via a user interface, an indication of an insecure condition based upon, at least in part, analysis of the sensor data; and
sharing kernel binary level asset data with the AI expert system using one of a wired and a wireless interface.  

9.	(Currently Amended) The non-transitory computer readable storage medium  of claim 8 wherein the user interface includes a graphical user interface.

10.	(Currently Amended) The non-transitory computer readable storage medium  of claim 8 wherein the user interface includes one or more indicator diodes.

11.	(Currently Amended) The non-transitory computer readable storage medium  of claim 8 wherein the firewall security layer is a binary security criteria.

12.	(Currently Amended) The non-transitory computer readable storage medium  of claim 8 where the firewall security layer includes a kernel-level binary system integrity validation and restoration.

13.	(Cancelled)  

14.	(Currently Amended)  The non-transitory computer readable storage medium  of claim 8 wherein the kernel binary level asset data includes at least one of information technology, operational technology, and internet of things asset data.

15.  	(Previously Presented) A computing system including one or more processors and one or more memories configured to perform operations comprising:
applying a firewall security layer to software for hardware interface;
securing sensor data imported by the hardware interface using the firewall security layer;
providing the sensor data to an artificial intelligence (AI) expert system; 
analyzing the sensor data provided to the AI expert system; 
providing, via a user interface, an indication of an insecure condition based upon, at least in part, analysis of the sensor data; and
sharing kernel binary level asset data with the AI expert system using one of a wired and a wireless interface.  

16.	(Original) The computing system of claim 15 wherein the user interface includes a graphical user interface.

17.	(Original) The computing system of claim 15 wherein the user interface includes one or more indicator diodes.

18.	(Original) The computing system of claim 15 wherein the firewall security layer is a binary security criteria.

19.	(Original) The computing system of claim 15 where the firewall security layer includes a kernel-level binary system integrity validation and restoration.

20.	(Cancelled)  

21.	(Previously Presented) The computing system of claim 15 wherein the kernel binary level asset data includes at least one of information technology, operational technology, and internet of things asset data.

Reason for Allowance

16.	Claims 1, 8 and 15 of the present invention are directed towards a Computing Device (CD) applying a Firewall Security Layer (FSL) to software for Hardware Interface (HI).  Sensor Data (SD) is secured and imported by the HI using the FSL.  The SD is provided to an Artificial Intelligence (AI) Expert System (ES).  The SD provided to the AI ES is analyzed.  Via a User Interface (UI), an indication of an insecure condition is provided based upon, at least in part, analysis of the SD.  Via a wired or a wireless interface, a kernel binary level asset data is shared with the AI ES.  Independent claims 1, 8 and 15 each identify the uniquely distinct combination of features:
applying, by a computing device, a firewall security layer to software for hardware interface
securing sensor data imported by the hardware interface using the firewall security layer
providing the sensor data to an artificial intelligence (Al) expert system; 
analyzing the sensor data provided to the AI expert system
providing, via a user interface, an indication of an insecure condition based upon, at least in part, analysis of the sensor data
sharing kernel binary level asset data with the AI expert system using one of a wired and a wireless interface
(specification [00119] [00128]) security process may provide, via a user interface, an indication of an insecure condition based upon, at least in part, analysis of the sensor data.


17.	Regarding allowed claims 1, 8 and 15 presented above, the following is an examiner’s statement of reasons for allowance.  The following are the closest prior art:

Riedel et al. (US Pub 20180213671) teach most of the limitations (e.g., applying, securing, providing the sensor data to an artificial intelligence, and providing the sensor data provided to).

Cella et al. (US Pub 20190171187 & US Pub 20180284735) teach some the limitations (e.g., providing the sensor data to an artificial intelligence, analyzing the sensor data, and providing the sensor data provided to)

Peterson (US 5225978) teach the sharing “sharing kernel binary level data with the AI expert system using one of a wired or a wireless interface” limitation.
	
In summary, nowhere do the prior art disclose the unique combination of steps/elements listed above.  The unique combination of steps/elements listed above are a novel combination.  The definitions provided above and the specification (features highlighted in bold above) provide explanation/clarification to some critical features (e.g., user interface) to overcome a 35 USC 101 rejection.  Via the user interface, the security process provides an indication of an insecure condition.  Since the security process provides the indication/direction instead of a human/user, a 35 USC 101 rejection (2019 PEG type, Organizing Human Activity/Behavior group) is overcome.  The prior art, either singularly or in combination fails to anticipate or render obvious the present invention.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

18.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to O. Charlie Vostal whose telephone number is 571-270-3992.  The examiner can normally be reached on 8:30am to 5:00pm EST Monday thru Friday.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the Public PAIR system, see http://portal.uspto.gov/pair/PublicPair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


	/ONDREJ C VOSTAL/           Primary Examiner, Art Unit 2452                                                                                                                                                                                             
	July 1, 2021