DETAILED ACTION
Response to Amendment
This allowance is in response to a non-provisional utility patent application filed by Applicant on 6/3/2020. The application has been fully considered.

Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 6/3/2020 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Allowed Claims
Claims 1-20 are allowed.

Reasons for Allowance 
The following is the Examiner’s statement of reasons for allowance: The closest prior art of record, Boire-Lavigne (U.S. Pat. App. Pub. 2010/0205313 A1) teaches traversing a firewall for a communication session which opens ports behind the firewall by means of a relay agent; Keohane (U.S. Pat. App. Pub. 2016/0285828 A1), teaches receiving packets at a trusted firewall with connection information including ports and checking the firewall trusted connection table; Saavedra (U.S. Pat. App. Pub. 2019/0182213 A1) teaches a firewall controller behind a software defined perimeter for aggregating connections. 
However, Boire-Lavigne, Keohane, and Saavendra do not anticipate or render obvious the combination set forth in the independent claim 1, recited as “… a firewall connection table configured to map an identity of the first device and an identity of the second device for transmitting a plurality of packets between the first device and the second device; and a firewall filter table configured to open and close ports of the firewall based on user inputs for the identity of the first device and the identity of the second device; authenticating, by the SDP controller, according to a SDP authentication protocol, the first device; providing, by the SDP controller, the identity of the first device to the second device; transmitting, by the second device and through the firewall, a first packet of the plurality of packets to the first device; mapping, by the firewall in the firewall connection table and in response to the transmitting of the first packet, the identity of the first device in association with an identity of the second device to indicate that the first device is enabled for communicating with the second device; transmitting, by the first device, a second packet of the plurality of packets to the second device; and determining, by the firewall in response to the second packet, that the identity of the first device is in the firewall connection table for communicating with the second device and forwarding the second packet to the second device; wherein the method establishes a secure connection for transmitting the plurality of packets directly between the first device and the second device while bypassing the firewall filter table in the firewall and without passing the plurality of packets through an intermediate broker.”
Recited in claim 11 as, “… a first firewall connection table configured to map an identity of the first device and an identity of the second device for transmitting a plurality of packets between the first device and the second device; and a first firewall filter table configured to open and close ports of the first firewall based on user inputs for the identity of the first device and the identity of the second device; and the second firewall comprises: a second firewall connection table configured to map the identity of the first device and the identity of the second device for transmitting the plurality of packets between the first device and the second device; and a second firewall filter table configured to open and close ports of the second firewall based on user inputs of the identity of the first device and the identity of the second device; authenticating, by the SDP controller, according to a SDP authentication protocol, the first device; initiating, by the SDP controller, a hole punching protocol to detect the identity of the first device; providing, by the SDP controller, the identity of the first device to the second device; transmitting, by the second device and through the second firewall, a first packet of the plurality of packets to the first device; mapping, by the second firewall in the second firewall connection table and in response to the receiving of the first packet, the identity of the first device in association with the identity of the second device to indicate that the first device is enabled for communicating with the second device; initiating, by the SDP controller, the hole punching protocol to detect the identity of the second device; providing, by the SDP controller, the identity of the second device to the first device; transmitting, by the first device, a second packet of the plurality of packets to the second device; and mapping, by the first firewall in the first firewall connection table and in response to the transmitting of the second packet, the identity of the second device in association with the identity of the first device to indicate that the second device is enabled for communicating with the first device; wherein the method establishes a secure connection for transmitting the plurality of packets directly between the first device and the second device while bypassing the first firewall filter table in the first firewall and the second firewall filter table in the second firewall, and without passing the plurality of packets through an intermediate broker.” 
These limitations are in conjunction with all the other claim limitations which are not specifically recited in the quotes. Thus, for at least the foregoing reasons, the prior art of record neither anticipates nor rendered obvious the present invention as set forth in the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Luo (U.S. Pat. App. Pub. 2016/0366184 A1) creating a physical-logical attribute mapping for the security control device to facilitate a security service for electronic assets; Lu (U.S. Pat. App. Pub. 2018/0063255 A1, cited in IDS filed 6/3/2020) network access including mapping of network address pairs.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571)270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493