Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.        This action is in response to application amendments filed on 5-6-2021. 
2.        Claims 1, 3 - 10, 12 - 19 are pending.  Claims 1, 10 have been amended.  Claims 2, 11 have been canceled.   Claims 1, 10, 19 are independent.   This application was filed on 11-7-2017.  

Response to Arguments

3.    Applicant's arguments have been fully considered, however upon further consideration of the prior art and the claimed limitation, they were not persuasive.

A.  The Claim Objections for Claims 1 and 10 have been withdrawn due to claim amendments. 

B.  Applicant argues on page 9 of Remarks:    ...   the internal network connection module (120), the external network connection module (140), and the intermediate connection module (130) in the presently claimed embodiment are different from one another in configuration/structure/function,    ...   . 

    The Examiner respectfully disagrees.  Nguyen discloses communication between an internal network and an external network. (see Nguyen Figure 4A (internal network, external network, bypass switch), (402, 403), (405, 406); col 3, lines 45-50: network 

C.  Applicant argues on page 10 of Remarks:    ...   Nguyen does not disclose data traveling through one-way communication in the network access device, but only discloses that the network access device uses a processing unit to convey data bidirectionally between internal and external networks,   ...   . 

    The Examiner respectfully disagrees.  Nguyen discloses communication between an internal network and an external network. (see Nguyen Figure 4A (internal network, external network, bypass switch), (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling 
    And, Frenkel discloses the capability to utilize one-way communication links, a first communications link controlling communications from a node within a first (internal) network to a node within a second (external) network, and a second one-way communications link controlling communications from a node within a second (external) network to a node within a first (internal) network.  And, Frenkel discloses a switch utilized to control the direction of communication signals over a set of two one-way communication links. (see Frenkel paragraph [0006], lines 7-16: one-way link capable of carrying signals in one direction and incapable of carrying signals in the other opposite direction, coupled to a switch configured to be toggled between a first configuration in which communications signals are conveyed from a first input via a one-way link to a second output and a second configuration in which communications signals are conveyed from a second input via a one-way link to a first input; paragraph [0007], lines 1-8: a switch for selection of first input to transmit side of one-way link in a first configuration and select second input to transmit side of one-way link in a second configuration; paragraph [0013], lines 1-10: a single one-way link physically capable of carrying communications signals in one direction and incapable of carrying 

D.  Applicant argues on page 11 of Remarks:    ...   Nguyen only discloses that the data is unconditionally conveyed bidirectionally between the internal and external networks. Moreover, although Nguyen discloses the bypass circuit for redirecting data (which appears to be asserted by Examiner to correspond to the internal network bypass switch of Claim 1), the redirection only indicates that data is not conveyed through the content processing module but through the bypass circuit, ...  . 

    The Examiner respectfully disagrees. Nguyen discloses communication between an internal network and an external network. (see Nguyen Figure 4A (internal network, external network, bypass switch), (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy)  Nguyen discloses a bypass switch acting as a communication relay between the internal network and external network. (see Nguyen col 5, lines 17-21: bypass circuit controlled by a relay control and controlled by procedural algorithms in control module; col 3, lines 45-50: control module for controlling a network bypass circuit; (switch ports enable separate 

E.  Applicant argues on page 12 of Remarks:    ...   in Nguyen, two different two-way (bidirectional) communications, i.e., one bidirectional communication through the content processing module and another bidirectional communication through the bypass circuit, are alternatively used in conveying data between the internal and external networks.

    The Examiner respectfully disagrees.  Nguyen discloses communication between an internal network and an external network. (see Nguyen Figure 4A (internal network, external network, bypass switch), (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy)  Nguyen discloses a bypass switch acting as a communication relay between the internal network and external network. (see Nguyen col 5, lines 17-21: bypass circuit controlled by a relay control and controlled by procedural algorithms in control module; col 3, lines 45-50: control module for controlling a network bypass circuit; (switch ports enable separate communications connections between network-connected nodes)) 
    Frenkel discloses the capability to utilize one-way communication links, a first communications link controlling communications from a node within a first (internal) 

F.  Applicant argues on page 13 of Remarks:    ...   Nguyen does not disclose data traveling through one-way communication in the network access device, but only discloses that the network access device uses a processing unit to convey data bidirectionally between internal and external networks,   ...   . 

    The Examiner respectfully disagrees.  Frenkel discloses the capability to utilize one-way communication links, a first communications link controlling communications from a node within a first (internal) network to a node within a second (external) network, and a second one-way communications link controlling communications from a node within a second (external) network to a node within a first (internal) network.  And, Frenkel discloses a switch utilized to control the direction of communication signals over a set of two one-way communication links as stated above. 

G.  Applicant argues on page 14 of Remarks:    ...   Nguyen, unless a failure of the content processing module (404) occurs, the network access device uses a processing unit to convey data bidirectionally between the internal and external networks; whereas if a failure of the content processing module (404) occurs, data traveling between the internal and external networks is either isolated from the content processing module or the data is redirected and conveyed bidirectionally 

    The Examiner respectfully disagrees.   Nguyen discloses communication between an internal network and an external network. (see Nguyen Figure 4A (internal network, external network, bypass switch), (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy)  Nguyen discloses a bypass switch acting as a communication relay between the internal network and external network. (see Nguyen col 5, lines 17-21: bypass circuit controlled by a relay control and controlled by procedural algorithms in control module; col 3, lines 45-50: control module for controlling a network bypass circuit; (switch ports enable separate communications connections between network-connected nodes))

H.  Applicant argues on page 15 of Remarks:    ...   Nguyen discloses the intermediate connection module for transmitting data received from the internal network connection module to the external network connection module and transmitting data received from the external network connection module to the internal network connection module   ...   . 

    The Examiner respectfully disagrees.  Nguyen discloses communication between an internal network and an external network. (see Nguyen Figure 4A (internal network, 

I.  Applicant argues on page 15 of Remarks:    ...   Nguyen corresponds to all of the internal network connection module (120), the external network connection module (140), and the intermediate connection module (130)   ...   . 

    The Examiner respectfully disagrees.  Nguyen discloses communication between an internal network and an external network. (see Nguyen Figure 4A (internal network, external network, bypass switch), (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling 

J.  Applicant argues on page 15 of Remarks: The citation to Frenkel or Kim has not been contended to make up for this deficiency.

    The Examiner respectfully disagrees.  The Office Action indicates the claim limitation(s) Frenkel and Kim are utilized to reject.  

K.  Applicant argues on page 17 of Remarks:    ...   Kim appears to only disclose that the switch operation modes include an exclusive operation mode such that one of the first and second one-way communications is enabled and the other one of the first and second one-way communications is disabled,   ...   . 

    The Examiner respectfully disagrees.  Kim discloses one-way (i.e. one direction) communication paths enabled from a transmission host (external network) to a reception host (internal network), utilizing a one-way input module unit, a one-way output module unit, and an apparatus control module (relay connection between input module unit and output module unit). (see Kim paragraph [0021], lines 1-18: one-way communications; receiving by a one-way input module unit data from an external 

L.  Applicant argues on page 18 of Remarks:    ...   Kim only discloses that the switch operation modes include an exclusive operation mode such that one of the first and second one-way communications is enabled and the other one of the first and second one-way communications is disabled,   ...   . 

    The Examiner respectfully disagrees.  Kim discloses one-way (i.e. one direction) communication paths enabled from a transmission host (external network) to a reception host (internal network), utilizing a one-way input module unit, a one-way output module unit, and an apparatus control module (relay connection between input module unit and output module unit). (see Kim paragraph [0021], lines 1-18: one-way communications; receiving by a one-way input module unit data from an external transmission host; transferring received data through a one-way communication controller in the one-way input module in one direction; receiving, by an apparatus control module, data from the one-way input module unit; transferring the received data to a one-way output module unit; transferring, by the one-way output module unit, the 

M.  Applicant argues on page 19 of Remarks:    ...   Nguyen does not disclose two different one-way communications,   ...   . 

    The Examiner respectfully disagrees.  Kim discloses one-way (i.e. one direction) communication paths enabled from a transmission host (external network) to a reception host (internal network), utilizing a one-way input module unit, a one-way output module unit, and an apparatus control module (relay connection between input module unit and output module unit). (see Kim paragraph [0021], lines 1-18: one-way communications; receiving by a one-way input module unit data from an external transmission host; transferring received data through a one-way communication controller in the one-way input module in one direction; receiving, by an apparatus control module, data from the one-way input module unit; transferring the received data to a one-way output module unit; transferring, by the one-way output module unit, the received data through a one-way communication controller in the one-way output module in one direction; transferring data received in one direction to an external reception host; (one direction communication for communications interface indicates communication in the other direction is disabled))

N.  Applicant argues on page 20 of Remarks: Claims 1, 10 and 19 are now in condition for allowance in view of the above-noted remarks. Dependent claims 3-9 and 12-18 are also submitted to be in condition for allowance in view of their dependence from the allowable base claim   ...   . 

        Independent claims 10, 19 have similar limitations as independent claim 1.  Responses to arguments against independent claim 1 also answer arguments against independent claims 10, 19.  Responses to arguments against the independent claims also answer arguments against the associated dependent claims.  

35 USC § 112(f) Analysis

4.       The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

5.       The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. 

Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) limitations. The specification in paragraph [0333] discloses the following: 
[0333] The above-described embodiment of the present invention may be implemented as program instructions executable by various computer components, and may be recorded in computer-readable storage media. The computer-readable storage media may separately or collectively include program instructions, data files, data structures, and the like. The program instructions recorded in the computer-readable storage media may be specially designed and configured for the embodiment, or may be available by being well known to computer software experts. 

The Applicant has defined the means for performing the indicated steps as computing software executing by a computing system (i.e. a computing system comprising a CPU or processor executing a sequence of instructions or software).  The specification has disclosed sufficient structure and steps to perform the indicated the non-structural term performing the “requests”, “controlling”, “communicating”, storing”, 

If applicant does not intend to have these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103  

6.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

7.        Claims 1, 3, 10, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al. (US Patent No. 7,509,520) in view of Frenkel (US PGPUB No. 20140317753) and further in view of Kim et al. (US PGPUB No. 20150365346).     	

Regarding Claim 1, Nguyen discloses an apparatus for supporting data communication between separate networks, comprising:

b)  an external network connection module for sending data, which is received from the intermediate connection module through another one-way communication, to an external network and sending data, which is received from the external network, to the intermediate connection module through second one-way communication under control of an external network bypass switch; (see Nguyen Figure 4A (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and 
c)  the intermediate connection module for transmitting data received from the internal network connection module to the external network connection module and transmitting data received from the external network connection module to the internal network connection module. (see Nguyen col 3, lines 53-57: content processing performed by content processing module includes: anti-spyware, content filtering, intrusion detection and prevention; col 4, lines 50-57: data content processing filtering module connects network ports for conveying data between them via programmable processing unit and utilizes intermediate storage for data being conveyed; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy)   

Nguyen does not specifically discloses for d): a switch for selecting switch operation modes for an internal network bypass switch and an external network bypass switch, and for e): switch operation modes include an operation mode indicating internal network bypass switch and external network bypass switch are activated in a mutually exclusive manner. 
However, Frenkel discloses:
d)  a switch operation mode selection unit for selecting switch operation modes for the internal network bypass switch and the external network bypass switch; (see 
e)  wherein the switch operation modes include an exclusive operation mode indicating that the internal network bypass switch and the external network bypass switch are activated in such a mutually exclusive manner. (see Frenkel paragraph [0006], lines 7-16: one-way link capable of carrying signals in one direction and incapable of carrying signals in the other opposite direction, coupled to a switch configured to be toggled between a first configuration in which communications signals are conveyed from a first input via a one-way link to a second output and a second configuration in which communications signals are conveyed from a second input via a one-way link to a first input; paragraph [0007], lines 1-8: a switch for selection of first input to transmit side of one-way link in a first configuration and select second input to transmit side of one-way link in a second configuration) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen for d): a switch for selecting switch operation modes for an internal network bypass switch and an external network bypass switch, and for e): switch operation modes include an operation mode indicating internal network bypass switch and external network bypass switch are activated in a mutually exclusive manner as taught by Frenkel.  One of ordinary skill in the art would have been motivated to employ the teachings of Frenkel for the benefits achieved from a system that enables preventing confidential 

Nguyen-Frenkel does not specifically disclose for e): one of a first and second one-way communications is enabled and the other of a first and second one-way communications is disabled, while a one-way communication and a other one-way communication are enabled, and for f): wherein network connection modules are configured so as to be physically separated from one another. 
However, Kim discloses: 
e)  wherein the operation modes include an exclusive operation mode such that one of the first and second one-way communications is enabled and the other one of the first and second one-way communications is disabled, while the one-way communication and the other one-way communication are enabled; (see Kim paragraph [0021], lines 1-18: one-way communications; receiving by a one-way input module unit data from an external transmission host; transferring received data through a one-way communication controller in the one-way input module in one direction; receiving, by an apparatus control module, data from the one-way input module unit; transferring the received data to a one-way output module unit; transferring, by the one-way output module unit, the received data through a one-way communication controller in the one-way output module in one direction; transferring data received in one direction to an external reception host; (one direction communication for communications interface indicates the communication in the other direction is disabled)) and 
such that the internal network connection module, the intermediate connection module, and the external network connection module are physically separated from one another. (see Kim paragraph [0021], lines 1-18: one-way communications; receiving by a one-way input module unit data; transferring received data through a one-way communication controller in one direction; transferring received data to a one-way output module unit; transferring received data through a one-way communication controller in one direction; transferring data received in one direction to an external reception host; (data transferred utilizing a transmission host; a one-way input module unit; an apparatus control module; one-way output module unit; an external reception host; separate communication modules))  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel for e): one of a first and second one-way communications is enabled and the other of a first and second one-way communications is disabled, while a one-way communication and a other one-way communication are enabled, and for f): wherein network connection modules are configured so as to be physically separated from one another as taught by Kim. One of ordinary skill in the art would have been motivated to employ the teachings of Kim for the benefits achieved from a system that ensures the reliability of data transmissions utilizing one-way communication paths within a network environment. (see Kim paragraph [0003], lines 1-6)  

Regarding Claim 3, Nguyen-Frenkel-Kim discloses the apparatus of claim 2, wherein the internal network connection module controls the internal network bypass switch by sending a control signal to the internal network bypass switch. (see Nguyen col 5, lines 17-21: bypass circuit controlled by a relay control and controlled by procedural algorithms in control module; col 3, lines 45-50: control module for controlling a network bypass circuit; (switch ports enable separate communications connections between network-connected nodes))    

Regarding Claim 10, Nguyen-Frenkel-Kim discloses a method for supporting data communication between separate networks, comprising:
b)  controlling first one-way communication from an intermediate connection module to an internal network connection module using an internal network bypass switch, the intermediate connection module communicating between the internal network connection module, which communicates with an internal network, and an external network connection module, which communicates with an external network; and c) controlling second one-way communication from the external network connection module to the intermediate connection module using an external network bypass switch; (see Nguyen Figure 4A (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between 
d)  communicating with the internal network in such a way that the internal network connection module and the intermediate connection module communicate with each other through one-way communication from the internal network connection module to the intermediate connection module and through the first one-way communication; and e) communicating with the external network in such a way that the intermediate connection module and the external network connection module communicate with each other through another one-way communication from the intermediate connection module to the external network connection module and through the second one-way communication; (see Nguyen Figure 4A (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy) and    
f)   transmitting data received from the internal network connection module, by the intermediate connection module, to the external network connection module and transmitting data received from the external network connection module, by the intermediate connection module, to the internal network connection module. (see Nguyen col 3, lines 53-57: content processing performed by content processing 

Nguyen does not specifically discloses for a): selecting switch operation modes for an internal network bypass switch and an external network bypass switch, and for g): switch operation modes include an operation mode indicating an internal network bypass switch and an external network bypass switch activated in a mutually exclusive manner. 
However, Frenkel discloses:
a)  selecting, by a switch operation mode selection unit, switch operation modes for the internal network bypass switch and the external network bypass switch; (see Frenkel paragraph [0007], lines 1-8: a switch for selection of first input to transmit side of one-way link in a first configuration and select second input to transmit side of one-way link in a second configuration) and 
g)  wherein the switch operation modes include an exclusive operation mode indicating that the internal network bypass switch and the external network bypass switch are activated in a mutually exclusive manner (see Frenkel paragraph [0006], lines 7-16: one-way link capable of carrying signals in one direction and incapable of carrying signals in the other opposite direction, 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen for a): selecting switch operation modes for an internal network bypass switch and an external network bypass switch, and for g): switch operation modes include an operation mode indicating an internal network bypass switch and an external network bypass switch activated in a mutually exclusive manner as taught by Frenkel. One of ordinary skill in the art would have been motivated to employ the teachings of Frenkel for the benefits achieved from a system that enables preventing confidential data from being accessed either entering or leaving a protected facility. (see Frenkel paragraph [0003], lines 1-2)  

Nguyen-Frenkel does not specifically disclose for g): one of a first and second one-way communications is enabled and the other of a first and second one-way communications is disabled, while a one-way communication and a other one-way communication are enabled, and for h): wherein network connection modules are configured so as to be physically separated from one another.

h)  wherein the internal network connection module, the intermediate connection module, and the external network connection module are configured such that the internal network connection module, the intermediate connection module, and the external network connection module are physically separated from one another. (see Kim paragraph [0021], lines 1-18: one-way communications; receiving by a one-way input module unit data; transferring received data through a one-way communication controller in one direction; transferring received data to a one-way output module unit; transferring received data through a one-way communication controller in one direction; transferring data received in one 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel for g): one of a first and second one-way communications is enabled and the other of a first and second one-way communications is disabled, while a one-way communication and a other one-way communication are enabled, and for h): wherein network connection modules are configured so as to be physically separated from one another as taught by Kim. One of ordinary skill in the art would have been motivated to employ the teachings of Kim for the benefits achieved from a system that ensures the reliability of data transmissions utilizing one-way communication paths within a network environment. (see Kim paragraph [0003], lines 1-6)  

Regarding Claim 12, Nguyen-Frenkel-Kim discloses the method of claim 10, further comprising:
delivering an internal network bypass switch control signal generated in the internal network connection module to the internal network bypass switch, wherein the controlling the first one-way communication is configured to control the internal network bypass switch depending on the internal network bypass switch control signal. (see Nguyen col 5, lines 17-21: bypass circuit controlled by a relay control and controlled by procedural algorithms in control module; col 3, lines 45-50: control module for controlling a network bypass circuit)      

Regarding Claim 19, Nguyen discloses an apparatus for supporting data communication between separate networks, comprising:
a)  an internal network connection module for sending data, which is received from an intermediate connection module through first one-way communication under control of an internal network bypass switch, to an internal network; (see Nguyen Figure 4A (internal network, external network, bypass switch), (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy)        
b)  an external network connection module for sending data, which is received from an external network, to the intermediate connection module through second one-way communication under control of an external network bypass switch; (see Nguyen Figure 4A (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; network access content processing module for controlling a content processing module and network bypass circuit based on a programmable policy; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; 
c)  the intermediate connection module for transmitting data received from the internal network connection module to the external network connection module and transmitting data received from the external network connection module to the internal network connection module; (see Nguyen col 3, lines 53-57: content processing performed by content processing module includes: anti-spyware, content filtering, intrusion detection and prevention; col 4, lines 50-57: data content processing filtering module connects network ports for conveying data between them via programmable processing unit and utilizes intermediate storage for data being conveyed; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy) 

Nguyen does not specifically disclose for d): selecting switch operation modes for an internal network bypass switch and an external network bypass switch. 
However, Frenkel discloses:
d)  a switch operation mode selection unit for selecting switch operation modes for the internal network bypass switch and the external network bypass switch. (see Frenkel paragraph [0007], lines 1-8: a switch for selection of first input to transmit side of one-way link in a first configuration and select second input to transmit side of one-way link in a second configuration; paragraph [0006], lines 7-16: one-way link capable of carrying signals in one direction and incapable of carrying 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen for d): a switch for selecting switch operation modes for an internal network bypass switch and an external network bypass switch as taught by Frenkel.  One of ordinary skill in the art would have been motivated to employ the teachings of Frenkel for the benefits achieved from a system that enables preventing confidential data from being accessed either entering or leaving a protected facility. (see Frenkel paragraph [0003], lines 1-2)  

Nguyen-Frenkel does not specifically disclose for e): internal network connection module sends data to intermediate connection module through one-way communication, and for f): wherein the external network connection module sends data, which is received from the intermediate connection module through fourth one-way communication, to the external network, and for g): wherein switch operation modes indicates that the internal network bypass switch and the external network bypass switch are activated such that one of a first and second one-way communications is enabled and the other one of a first and second one-way communications is disabled. 
However, Kim discloses:

g)  wherein the switch operation modes include an exclusive operation mode indicating that the internal network bypass switch and the external network bypass switch are activated in such a mutually exclusive manner that one of the first and second one-way communications is enabled and the other one of the first and second one-way communications is disabled, while the third one-way communication and the fourth one-way communication are enabled. (see Kim paragraph [0021], lines 1-18: one-way communications; receiving by a one-way input module unit data from an external transmission host; transferring received data through a one-way communication controller in the one-way input module in one direction; receiving, by an apparatus control module, data from the one-way 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel for e): internal network connection module sends data to intermediate connection module through one-way communication, and for f): wherein the external network connection module sends data, which is received from the intermediate connection module through fourth one-way communication, to the external network, and for g): wherein switch operation modes indicates that the internal network bypass switch and the external network bypass switch are activated such that one of a first and second one-way communications is enabled and the other one of a first and second one-way communications is disabled as taught by Kim. One of ordinary skill in the art would have been motivated to employ the teachings of Kim for the benefits achieved from a system that ensures the reliability of data transmissions utilizing one-way communication paths within a network environment. (see Kim paragraph [0003], lines 1-6)

s 4 - 7, 13 - 16 are rejected under 35 U.S.C. 103 as being unpatentable over Nguyen in view of Frenkel and further in view of Kim and Reynolds et al. (US Patent No. 7,260,200).     

Regarding Claim 4, Nguyen-Frenkel-Kim discloses the apparatus of claim 3, including an internal network bypass switch and the external network bypass switch. (see Nguyen Figure 4A (402, 403), (405, 406); col 3, lines 45-50: network configuration includes: network access device for interfacing an external network and an internal network; col 3, lines 59-66: control module controls the switches or relays and isolates data traveling between external network and internal network; redirect data through the bypass circuit between internal network and external network based on policy)

Nguyen-Frenkel-Kim does not specifically disclose switches are controlled using one or more of enabling/disabling bypass connection and enabling/disabling supply of power. 
However, Reynolds discloses wherein switches are controlled using one or more of enabling/disabling bypass connection and enabling/disabling supply of power. (see Reynolds col 5, lines 36-42: communication path includes a transmit (TX) path and a receive (RX) path for network interface device; col 6, lines 20-26: DTR signal enables communication, when set to a high voltage communication paths between input and output data connectors is enabled, when DTR signal is set to a low voltage communication paths between input and output data communication connectors are severed (disabled))    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel-Kim for switches are 

Regarding Claim 5, Nguyen-Frenkel-Kim-Reynolds discloses the apparatus of claim 4, wherein the external network bypass switch is controlled by receiving an external network bypass switch control signal that is generated in the internal network connection module or in the internal network bypass switch. (see Nguyen col 5, lines 17-21: bypass circuit controlled by a relay control and controlled by procedural algorithms in control module; col 3, lines 45-50: control module for controlling a network bypass circuit)        

Regarding Claim 6, Nguyen-Frenkel-Kim-Reynolds discloses the apparatus of claim 5.
Nguyen-Frenkel-Kim does not specifically disclose controlling communication via enabling and disabling communication connections.  
However, Reynolds discloses wherein if the first one-way communication is enabled, the external network bypass switch control signal to be sent to the external network bypass switch is a control signal for disabling the second one-way communication. (see Reynolds col 5, lines 36-42: communication path includes a transmit (TX) path and a receive (RX) path for network interface device; col 6, lines 20-26: DTR signal enables communication, when set to a high voltage communication paths between input and 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel-Kim for controlling communication via enabling and disabling communication connections as taught by Reynolds.   One of ordinary skill in the art would have been motivated to employ the teachings of Reynolds for the benefits achieved from a system capable of interrupting network communications at specified and required times.  (see Reynolds col 1, lines 8-12)  

Regarding Claim 7, Nguyen-Frenkel-Kim-Reynolds discloses the apparatus of claim 6, wherein the intermediate connection module is configured to:
a)  check at least one of whether the intermediate data include malicious code, whether integrity of the intermediate data is maintained, and whether the intermediate data are infected with viruses; (see Nguyen col 3, lines 53-57: content processing performed by content processing module include: anti-spyware, content filtering, intrusion detection and prevention; col 4, lines 50-57: data/content processing/filtering module connects network ports for conveying data between them via programmable processing unit as an intermediate storage for data being conveyed) and
b)  send only data that pass checking when sending the intermediate data. (see Nguyen col 6, lines 9-13: programmed failure mode can be changed from “fail 

Regarding Claim 13, Nguyen-Frenkel-Kim discloses the method of claim 12. 
Nguyen-Frenkel-Kim does not specifically disclose controlling communication via enabling and disabling communication connections. 
a)  the controlling the first one-way communication is configured to control the first one-way communication using one or more of enabling/disabling bypass connection of the internal network bypass switch and enabling/disabling supply of power to the internal network bypass switch; and b) the controlling the second one-way communication is configured to control the second one-way communication using one or more of enabling/disabling bypass connection of the external network bypass switch and enabling/disabling supply of power to the external network bypass switch. (see Reynolds col 5, lines 36-42: communication path includes a transmit (TX) path and a receive (RX) path for network interface device; col 6, lines 20-26: DTR signal enables communication, when set to a high voltage communication paths between input and output data connectors is enabled, when DTR signal set to a low voltage communication paths between input and output data communication connectors are severed (disabled))     


Regarding Claim 14, Nguyen-Frenkel-Kim-Reynolds discloses the method of claim 13, further comprising:
sending an external network bypass switch control signal generated in the internal network connection module or in the internal network bypass switch to the external network bypass switch, wherein the controlling the second one-way communication is configured to control the external network bypass switch depending on the external network bypass switch control signal. (see Nguyen col 5, lines 17-21: bypass circuit controlled by a relay control and controlled by procedural algorithms in control module; col 3, lines 45-50: control module for controlling a network bypass circuit)    

Regarding Claim 15, Nguyen-Frenkel-Kim-Reynolds discloses the method of claim 14.
Nguyen-Frenkel-Kim does not specifically disclose controlling communication via enabling and disabling communication connections. 
However, Reynolds discloses wherein if the first one-way communication is enabled, the external network bypass switch control signal to be sent to the external network 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel-Kim for controlling communication via enabling and disabling communication connections as taught by Reynolds.  One of ordinary skill in the art would have been motivated to employ the teachings of Reynolds for the benefits achieved from a system capable of interrupting network communications at specified and required times.  (see Reynolds col 1, lines 8-12)   

Regarding Claim 16, Nguyen-Frenkel-Kim-Reynolds discloses the method of claim 15, wherein:
a)  the temporarily storing and managing the intermediate data comprises checking at least one of whether the intermediate data include malicious code, whether integrity of the intermediate data is maintained, and whether the intermediate data are infected with viruses; (see Nguyen col 3, lines 53-57: content processing performed by content processing module include: anti-spyware, content filtering, intrusion detection and prevention; col 4, lines 50-57: data content processing 
b)  the communicating with the internal network and communicating with the external network are configured to send only data that pass the checking when sending the intermediate data. (see Nguyen col 6, lines 9-13: programmed failure mode can be changed from “fail opened” to “fail closed” in response to detection of an attempt to breach security and compromise the node and raising of an intruder alert; col 1, line 65 - col 2, line 3: failure condition viewed as a “fail closed” condition; failures occur such as due to undesired software behavior; (only successfully checked data is transmitted))    

9.        Claims 8, 9, 17, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Nguyen in view of Frenkel and further in view of Kim and Reynolds and Lin et al. (US Patent No. 8,074,279).     

Regarding Claim 8, Nguyen-Frenkel-Kim-Reynolds discloses the apparatus of claim 7, wherein the internal network connection module is configured to:
b)  control the internal network bypass switch and the external network bypass switch depending on determination of whether to perform data communication. (see Nguyen col 6, lines 9-13: programmed failure mode can be changed from “fail opened” to “fail closed” in response to detection of an attempt to breach security and compromise the node and raising of an intruder alert; col 1, line 65 - 

Nguyen-Frenkel-Kim-Reynolds does not specifically disclose using whitelists corresponding to internal network bypass switch and the external network bypass switch.
However, Lin discloses:
a)  determine whether to perform data communication with an external network device, which is connected to the external network, using whitelists respectively corresponding to the internal network bypass switch and the external network bypass switch. (see Lin col 6, lines 11-20: list of authorized and legitimate wireless AP IP addresses is referred to as a “white list”; if AP IP address is on authorized AP list, then next packet is scanned: it has been determined that the data packet originated from a legitimate wireless device using an authorized AP in the network; if IP address is not in authorized data set (“white list”), then data packet was routed via an unauthorized AP and is suspect) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel-Kim-Reynolds for using whitelists corresponding to internal network bypass switch and the external network bypass switch as taught by Lin.  One of ordinary skill in the art would have been motivated to employ the teachings of Lin for the benefits achieved from a system that enables the detection of rogue or unauthorized network nodes within computer networks.  (see Lin col 1, lines 7-10)  

Regarding Claim 9, Nguyen-Frenkel-Kim-Reynolds-Lin discloses the apparatus of claim 8.
Nguyen-Frenkel-Kim-Lin does not specifically disclose controlling communication via enabling and disabling communication connections.   
However, Reynolds discloses wherein the intermediate connection module requests two-way communication with the external network connection module when the second one-way communication is enabled by the external network bypass switch, when the first one-way communication is disabled by the internal network bypass switch, or periodically. (see Reynolds col 5, lines 36-42: communication path includes a transmit (TX) path and a receive (RX) path for network interface device; col 6, lines 20-26: DTR signal enables communication, when is set to a high voltage communication paths between input and output data connectors is enabled, when DTR signal is set to a low voltage communication paths between input and output data communication connectors are severed (disabled))     
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel-Kim-Lin for controlling communication via enabling and disabling communication connections as taught by Reynolds.  One of ordinary skill in the art would have been motivated to employ the teachings of Reynolds for the benefits achieved from a system capable of interrupting network communications at specified and required times.  (see Reynolds col 1, lines 8-12)  

Regarding Claim 17, Nguyen-Frenkel-Kim-Reynolds discloses the method of claim 16, further comprising:
b)  controlling the internal network bypass switch and the external network bypass switch depending on the determining whether to perform data communication. (see Nguyen col 1, line 65 - col 2, line 3: failure condition viewed as a “fail closed” condition; failures occur such as due to undesired software behavior)   

Nguyen-Frenkel-Kim-Reynolds does not specifically discloses using whitelists corresponding to internal network bypass switch and the external network bypass switch.
However, Lin discloses: 
a)  determining whether to perform data communication between a device connected to the internal network and a device connected to the external network using whitelists respectively corresponding to the internal network bypass switch and the external network bypass switch. (see Lin col 6, lines 11-20: list of authorized and legitimate wireless AP IP addresses is referred to as a “white list”; if AP IP address is on authorized AP list, then next packet is scanned: it has been determined that the data packet originated from a legitimate wireless device using an authorized AP in the network; if IP address is not in authorized data set (“white list”), then data packet was routed via an unauthorized AP and is suspect) 
         It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel-Kim-Reynolds for using whitelists corresponding to internal network bypass switch and the external network bypass switch as taught by Lin.  One of ordinary skill in the art 

Regarding Claim 18, Nguyen-Frenkel-Kim-Reynolds-Lin discloses the method of claim 17. 
Nguyen-Frenkel-Kim-Lin does not specifically disclose controlling communication via enabling and disabling communication connections.
However, Reynolds discloses further comprising: requesting two-way communication between the intermediate connection module and the external network connection module when the second one-way communication is enabled by the external network bypass switch, when the first one-way communication is disabled by the internal network bypass switch, or periodically. (see Reynolds col 5, lines 36-42: communication path includes a transmit (TX) path and a receive (RX) path for network interface device; col 6, lines 20-26: DTR signal enables communication, when is set to a high voltage communication paths between input and output data connectors is enabled, when DTR signal is set to a low voltage communication paths between input and output data communication connectors are severed (disabled))  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Nguyen-Frenkel-Kim-Lin for controlling communication via enabling and disabling communication connections as taught by Reynolds.  One of ordinary skill in the art would have been motivated to    

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032.  The examiner can normally be reached on Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/CJ/
August 2, 2021        

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436