DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This Action is in response to application 16/919,132, filed on 07/02/2020.
2.	Claims 1-18 are pending.
3.	Claims 1-18 are rejected.
Oath or Declaration
4.	Applicant(s) oath or declaration filed on 07/02/2020 are approved by the office.
Drawings
5.	The drawings and specifications filed on 07/02/2020 are approved by the office.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



6.	Claims 1-19 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Marshall et al., (USPUB# 2014/0047503 A1) hereinafter Marshall.


inspecting a specified network packet, which is scheduled to be transmitted via a specified path (see para. [0019], [0100] and [0108] show packet inspection); 
extracting a packet characteristic from a data link layer of the specified network packet (see para. [0019], [0033], [0100] and [0108] show extracting data for analysis against DLP policy); 
directly transmitting the specified network packet via the specified path if the packet characteristic does not comply with a preset condition; and redirecting the specified network packet to be transmitted via another path different from the specified path or mirroring the specified network packet to create a mirror packet if the packet characteristic complies with the preset condition (see para. [0019], [0033], [0090], [0100], [0104] and [0108] show extracting data for analysis against DLP policy, creating a “copy” of the packet via port mirroring and redirecting for further analysis based on the analysis or forwarding based on the analysis).

Claim 12 recites A internal networking monitoring system that further includes limitations that are substantially similar to claim 1. Marshall disclosed A internal networking monitoring system (see Fig.1 and associated texts). As such, is rejected under the same rationale as above.



9.	Regarding claim 3, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a network address of a source device initiating the specified network packet, and the preset condition is that the source device is new to the internal network within a specified period of time (see para. [0027] and [0080]).

10.	Regarding claim 4, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a network address of a source device initiating the specified network packet, and the preset condition is that a count of different destination network addresses that the source device visits within a specified duration reaches a threshold. (see para. [0080-0081]).

11.	Regarding claim 5, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a network address of a source device initiating the specified network packet, and the preset condition is that a count of different communication interfaces that the source device visits within a specified duration reaches a threshold (see para. [0105], [0110-0115]).

12.	Regarding claim 6, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a destination network address that the specified 

13.	Regarding claim 7, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a destination network address that the specified network packet is to be transmitted to, and the preset condition is that a traffic between the source device and the destination network address reaches a threshold (see para. [0105], [0110-0115]).

14.	Regarding claim 8, Marshall disclosed the method according to claim 1, further comprising: providing at least one bait device to camouflage an internal network device, and assigning a network address to each of the at least one bait device; and when a destination network address that the specified network packet is to be transmitted to is the network address of the at least one bait device, increasing a count of network packets to be transmitted from the source device to the destination network address (see para. [0019], [0033], [0100] and [0108]).

15.	Regarding claim 9, Marshall disclosed the method according to claim 8, wherein the at least one bait device is implemented with a virtual device or a container (see para. [0094] and [0110-0115]).




17.	Regarding claim 11, Marshall disclosed the method according to claim 1, further comprising: determining whether the specified network packet or the mirror packet complies with a preset rule; and issuing an alarm signal, restricting a transmission rate via the specified path and/or interrupting the specified path if the specified network packet or the mirror packet complies with the preset rule (see para. [0019], [0033], [0090], [0100], [0104] and [0110-0115]).

18.	Regarding claim 14, Marshall disclosed the system according to claim 12, further comprising a network repeater, which includes a second network connection port in communication with the first internal network, and a plurality of third network connection ports, each in communication with a second internal network, wherein the specified network packet, if being received from the second internal network via one of the third network connection ports, is transmitted to the first internal network via the second network connection port without being transmitted via the other ones of the third network connection ports (see para. [0019], [0033], [0090], [0100], [0104] and [0110-0115]).



20.	Regarding claim 16, Marshall disclosed The system according to claim 12, wherein the network fire switch includes: a monitoring device electrically coupled to the first network connection port, inspecting the specified network packet, extracting the packet characteristic; directly transmitting the specified network packet via the specified path if the packet characteristic does not comply with the preset condition; and mirroring the specified network packet to create the mirror packet if the packet characteristic complies with the preset condition; and a firewall device electrically coupled to the specified path for receiving the mirror packet, determining whether the mirror packet complies with a preset rule or not, and issuing an alarm signal, restricting a transmission rate via the specified path and/or interrupting the specified path if the specified network 

21.	Regarding claim 17, Marshall disclosed The system according to claim 16, wherein the network fire switch further includes at least one bait device, which camouflages an internal network device and is assigned with a network address, and the monitoring device records the network address of the at least one bait device, and determines that the specified network packet complies with the preset condition if a count of network packets to be transmitted from a source device initiating the specified network packet to a destination network address, which is the network address of the at least one bait device, reaches a threshold (see para. [0019], [0033], [0090], [0100], [0104] and [0110-0115]).

22.	Regarding claim 18, Marshall disclosed The system according to claim 15, wherein the network fire switch further includes at least one bait device, which camouflages an internal network device and is assigned with a network address, and the monitoring device records the network address of the at least one bait device, and determines that the specified network packet complies with the preset condition if a count of network packets to be transmitted from a source device initiating the specified network packet to a destination network address, which is the network address of the at least one bait device, reaches a threshold (see para. [0019], [0033], [0090], [0100], [0104] and [0110-0115]).

Conclusion
Relevant Prior Art Not Relied Upon
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure. The additional cited art, including but not limited to the excerpts below, further establishes the state of the art at the time of Applicant’s invention and shows the following was known:
a method of receiving a management command in an appliance to configure a network security policy, where the appliance is connected to a network end-point device. The method includes receiving a packet from a security device. Checking is performed to determine whether the packet includes a specific identifier. Upon a determination that the packet received includes a specific identifier, the management command is retrieved from a payload of the packet to configure the appliance. (Hsiung et al. ‘254)
A system and method for controlling routing of data. It is determined whether at least one data flow is active, the at least one data flow having an ingress portion of a current ingress path to a first point from a second point and an egress portion of a current egress path to the second point from the first point. Another data flow is routed via a next ingress portion of a next path to the first point from the second point. (Klinker e al. ‘422)
An apparatus is described that facilitates selective mirroring through processing of network traffic in accordance with provisioned rules and policies. The apparatus includes a port included in a set of at least one port, wherein each port in the set receives input traffic, a data processor that processes input data from the set of at least one port to generate mirrored data, based on rules with bitwise granularity across a header and a payload of the input data, and a mirror port selectable from the set of at least one port that transmits output traffic corresponding to the mirrored data. Advantageously, the apparatus provides an architectural framework well suited to a low cost, high speed, robust implementation of selective mirroring that enables flexible, advanced network security and monitoring features and network traffic analysis. (Kay  ‘028)


Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVOUD ZAND whose telephone number is (571)272-, Fax (571) 273-2697.  The examiner can normally be reached on Mon-Fri 9:30-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on (571) 272-3880.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DAVOUD A ZAND/Primary Examiner, Art Unit 2443