Notice of Pre-AIA  or AIA  Status
	The present application is being examined under the pre-AIA  first to invent provisions. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
	Claims 1-14, 16 and 17 are pending, claims 15 and 18 have been canceled, and claims 1-5 and 7-14 have been amended.

Objection to abstract
	The abstract refers to the item numbers in the drawing. It is suggested to remove the item numbers from the abstract as the abstract is intended to be read on its own. Appropriate correction required. 

Information Disclosure Statement PTO-1449 
	The Information Disclosure Statement submitted by applicant on 09-12-2019 has been considered. Please see attached PTO-1449. 
Claim Rejections - 35 USC § 102
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


	Claims 1, 14, 16 and 17 are rejected under 35 U.S.C. 102 (a)(2) as being anticipated by Aziz et al. (US Patent No. 10,165,000) .
As per claim 1 and 16, Aziz discloses, a network device comprising: a memory storing instructions, and a processor configured to execute the instructions stored in the memory (column 18, lines 22-24) to;	transfer a main signal for user data through a main signal path between the network device and another network device (column 4, lines 51-53, device 105 transmit network data over a network 120 to the device 110, the path between the devices 105 and 110 considered as the main signal path) ;	transmit and receive a monitoring and control signal for monitoring and control through a monitoring and control path between the network device and a monitoring and control device (column 5, lines 40-45, controller receive and analyze network data for the presence of malware, the path between the device 105 and the controller is considered as monitoring and control path); and separate the main signal path and the monitoring and control path upon detection of unauthorized access (column 15, lines 48-54,  when the network data is identified as containing attack, the network data is directed away from the destination device 110, for example by rerouting network data from the device 105 to the controller 125. It is noted that the network data is directed away from the device 110, which corresponds to the claimed separating the main pat and monitoring, and control path).
	As per claim 14 and 17, Aziz discloses, a monitoring and control device for monitoring and controlling a network device constituting a network, comprising: a memory storing instructions, and a processor configured to execute the instructions stored in the memory (column 18, lines 22-24) to; transmit and receive a monitoring and control signal for monitoring and control through a monitoring and control path between the monitoring and control device and the network device (column 5, lines 40-45, controller receive and analyze network data for the presence of malware, the path between the device 105 and the controller is considered as monitoring and control path); and separate a main signal path for transferring a main signal for user data by the network device and the monitoring and control path upon detection of unauthorized access to the network device (column 15, when the network data is identified as containing attack, the network data is directed away from the destination device 110, for example by rerouting network data from the device 105 to the controller 125. It is noted that the network data is directed away from the device 110, which corresponds to the claimed separating the main pat and monitoring, and control path).

Claim Rejections - 35 USC § 103
		The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 2-8, 10, 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Aziz et al. (US Patent No. 10,165,000 ), in view of Matityahu et al. (US Patent No. 9,019,863).
	As per claim 2, Aziz teaches all limitation of claim as applied to claim 1 above.  While Aziz discloses the processor is configured to execute the instructions stored in the memory to switch the main signal path containing the network device where the unauthorized access is detected (column 15, lines 48-54), Aziz does not explicitly teach, wherein, when there is a redundant path for the main signal path, the processor is further configured to execute the instructions stored in the memory to switch the main signal path containing the network device to the redundant path. However, in an analogous art, Matityahu discloses wherein, when there is a redundant path for the main signal path, the processor is further configured to execute the instructions stored in the memory to switch the main signal path containing the network device to the redundant path (figure 7 and 9, column 13, lines 55-58, redundant link/path arrangement”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Aziz and Matityahu, in order to provide a streamlined arrangement by providing multiple paths to ensure the continual accessibility of the network without sacrificing the security of the network.
As per claim 3, Matityahu furthermore teaches, wherein the processor is further configured to execute the instructions stored in the memory to switch the main signal path to the redundant path in response to control from the monitoring and control device (column 14, lines 1-4, data traffic is shifted from path 930 to path 932 by network arrangement 906).
	The motivation to combine is similar to the motivation provided in claim 2 above.
	As per claim 4, Matityahu furthermore teaches, switch the main signal path to the redundant path in accordance with a path control protocol for controlling the main signal path between the network device and the another network device (column 6, lines 4-6, arrangement and method for automatically switching between inline monitoring /security system).
	The motivation to combine is similar to the motivation provided in claim 2 above.
	As per claim 5, Aziz discloses all limitations of claim as applied to claim 1 above. Aziz furthermore teaches a main signal port configured to connect to the main signal path (Aziz, column 4, lines 51-53, transmit network data over communication network 120 to device 110); and a monitoring and control port configured to connect to the monitoring and control path (Aziz, column 5, lines 42-43, controller 125 receives network data over the tap115).
	 Aziz does not explicitly disclose, but in an analogous art Matityahu discloses wherein, when there is a redundant path for the main signal path, the processor is further configured to execute the instructions stored in the memory to shut down the main signal port and the monitoring and control port (column 6, lines 4-6, automatically switching between inline monitoring/security systems, switching).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Aziz and Matityahu, in order to provide a streamlined arrangement by providing multiple paths to ensure the continual accessibility of the network without sacrificing the security of the network.
	As per claim 6, Aziz in view of Matityahu discloses all limitations of claim as applied to claim 5 above. Aziz furthermore discloses wherein the main signal port includes a wireless communication port column 5, lines 26-29, wireless telecommunication network).
	As per claim 7, Aziz in view of Matityahu teaches all limitation of claim as applied to claim 5 above. Matityahu  furthermore discloses a local port configured to locally connect a terminal device (column 12, lines 27-32, “port 710 to a port 718..”), wherein, when there is a redundant path for the main signal path, the processor is further configured to execute the instructions stored in the memory to shut down the main signal port and the monitoring and control port without shutting down the local port ( Matityahu, column 12, lines 22-32, inline network arrangement is moved from normal mode (data traffic flowing from a port 710 out through a port 712 ) to a secondary mode when diagnostic test indicates monitoring system is not functioning properly) .
	The motivation to combine is similar to the motivation provided in claim 5 above.
	As per claim 8, Aziz teaches all limitation of claim as applied to claim 1 above. Aziz furthermore teaches a switch circuit configured to switch the main signal of the main signal path and the monitoring and control signal of the monitoring and control path (column 10, lines 20-22, switch to redirect network data to the controller).
	Aziz does not explicitly teach but in an analogous art, Matityahu teaches wherein, when there is no redundant path for the main signal path, the processor is further configured to execute the instructions stored in the memory to disconnect the monitoring and control path without disconnecting the main signal path in the switch circuit (column 11, lines 23-26, “switch form a normal mode to a bypass mode”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Aziz and Matityahu, in order to provide a streamlined arrangement by providing multiple paths to ensure the continual accessibility of the network without sacrificing the security of the network.
	As per claim 10, Aziz in view of Matityahu teaches all limitation of claim as applied to claim 8 above. Aziz in view of Matityahu furthermore discloses, a main signal port configured to connect to the main signal path (Aziz, column 4, lines 51-53, transmit network data over communication network 120 to device 110); and a monitoring and control port configured to connect to the monitoring and control path (Aziz, column 5, lines 42-43, controller 125 receives network data over the tap115), wherein the processor is further configured to execute the instructions stored in the memory to disconnect the monitoring and control path through the monitoring and control port without disconnecting the main signal path through the main signal port (Matityahu, column 8, lines 48-53, switch 318 employed to switch  network arrangement from a mode in which the data traffic is being protected by monitor system to a mode in which data traffic is being routed through a path that is not secured . it is noted switch 38  disconnects the monitoring system while unsecure path is connected). 
	The motivation to combine is similar to the motivation provided in claim 8 above.
	As per claim 11, Matityahu furthermore discloses  a local port configured to locally connect a terminal device, wherein the processor is further configured to execute the instructions stored in the memory to disconnect the monitoring and control path through the monitoring and control port without disconnecting a connection through the local port and the main signal path through the main signal port (Matityahu, column 8, lines 48-53, switch 318 employed to switch  network arrangement from a mode in which the data traffic is being protected by monitor system to a mode in which data traffic is being routed through a path that is not secured . It is noted switch 38 disconnects the monitoring system while other paths are connected). 
	The motivation to combine is similar to the motivation provided in claim 8 above.
	As per claim 12, Aziz teaches all limitation of claim as applied to claim 1 above. Aziz does not explicitly teach but in an analogous art,  Matityahu  discloses  wherein the processor is further configured to execute the instructions stored in the memory to reconnect to a network containing the monitoring and control path after separating the main signal path and the monitoring and control path (column 11, lines 35-38, once the monitoring system is connected back…).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Aziz and Matityahu, in order to provide a streamlined arrangement by 
	Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Aziz et al. (US Patent No. 10,165,000 ) in view of Matityahu et al. (US Patent No. 9,019,863), further in view of Antony (US Publication No. 2015/0043334).
	As per claim 9, Aziz in view of Matityahu discloses all limitation of claim as applied to claim 8 above. Aziz furthermore discloses wherein the main signal path and the monitoring and control path are connected via virtual network connection in the switch circuit (figure 3, column 16, lines 1-6, and virtual machine 315”). Aziz does not explicitly teach but in an analogous art, Antony discloses the processor is further configured to execute the instructions stored in the memory to disconnect a virtual network connection of the monitoring and control path without disconnecting a virtual network connection of the main signal path (paragraph [0018], “disconnect a virtual network adapter from a virtual switch, such as disconnecting the virtual network adapter 325 from the virtual switch 302”. It is noted that in Antony while virtual network adapter is disconnected other paths and switches remain connected). 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Aziz and Matityahu with Antony in order to isolate virtual machine causing network storm while other path or port remains enabled.
	Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Aziz et al. (US Patent No. 10,165,000 ) in view of Matityahu et al. (US Patent No. 9,019,863), further in view of Unagami et al. (US Publication No. 2016/0149908).
	As per claim 13, Aziz in view of Matityahu discloses all limitation of claim as applied to claim 12 above. Aziz in view of Matityahu does not explicitly teach, wherein the processor is further configured to execute the instructions stored in the memory to perform mutual authentication with the monitoring and control device when making the reconnection. However, performing mutual authentication with the monitoring and control device is well known in art of computer security as illustrated by Unagami 
	It would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Aziz and Matityahu with Unagami in order to achieve the predictable result of  providing security for devices by implementing the well know mutual authentication between the devices communicating with each other.  
References Cited, Not Used

	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	Onoda, US Publication No. 2013/0254891, discloses a computer system includes: a controller; a switch configured to perform, on a received packet complying with a flow entry set by the controller, a relay operation regulated by the flow entry; and a host terminal configured to be connected to the switch. The switch notifies the controller of transmission source address information of a received packet which does not comply with a flow entry set for itself. The controller judges, when legal address information of a host terminal does not coincide with the transmission source address information, that a transmission source address of the received packet is spoofed.
	Harada.  US Pub No. 2005/0120231, discloses a terminal device and a control server device are connected with each other via a switch. The switch is connected to a network. The switch includes a communication processing unit that accepts connection propriety information and controls the connection of the terminal device to the network using the connection propriety information. The connection
propriety information is information about whether the terminal device is allowed to be connected to the network and it is generated by the control server device based on security countermeasure level data of the terminal device.

Conclusion
	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be 
/ALI S ABYANEH/Primary Examiner, Art Unit 2437