Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	In a response filed 22 October 2021, Applicant amends claims 1, 8-10, 12 & 15-17; claim 21 is added.
	Claims 1-21 are presented for examination.
Examiner’s Remark
	At the time of writing of the instant action, the Examiner is aware of potential avenues for advancing prosecution and encourages Applicant to contact the Examiner to advance prosecution.
Response to Arguments
Applicant’s arguments with respect to the claims been considered but are moot in view of the new grounds of claim rejections necessitated by the amendments to the claims.

On page 9 of Remarks, Applicant argues: “Edgett describes a system for verifying and updating the configuration of an access device during authentication (Abstract). Specifically, during an authentication and authorization exchange process, an authentication server requests the last known status of the client device configuration from a configuration server. If the client device configuration data fails to meet the predetermined security requirements, the configuration server initiates an update (download) to update the device configuration data for the client device such that access can be granted to the client device. If the client device configuration data cannot be updated, the client access device may be denied access to the network (paragraph 0007). The configuration data includes ‘security settings, anti-virus software status, firewall status or any other security criteria that pertains to the device.’ (paragraphs 0056 and 0060). Chandwani describes a system for controlling network access by requiring that a client computer on the network is in compliance with administrator-defined network 
Applicant’s arguments address, at least in part, the Abstract sections of the references; the Examiner makes no citation to these parts of the reference.  The arguments are not fully responsive to the entirety of the Examiner’s citations.  Further, the Examiner does not subscribe to Applicant’s characterizations of the art of record as such characterizations do not set forth how the art teaches away from the explicit claim language.
The argument that “the configuration server initiates an update” is not recited in the pending claims.  The claims also do not recite language specifying that the amended limitations are performed by the client device itself; although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

On pages 9-10 of Remarks, Applicant argues: “However, both Edgett and Chandwani merely discuss the use of a server- specified pair of a condition and an action to remedy a status of the client device. In Edgett, it is the configuration server that initiates the remedial operations, namely, the downloads to update the device configuration data. In Chandwani, it is also the server that sends the remediation instructions to the client device to initiate the remedial operations. That is, both Edgett and Chandwani only teach the server dictating what actions are to remedy those situations deemed 
The arguments have been carefully considered, but are not persuasive as the claims do not specify whether or not “the server dictating what actions are to remedy those situations deemed unacceptable at the client device”; the explicit claim language does not require the client device itself to specify what actions it ought to trigger.  The arguments are not commensurate with the scope of the claims.  As per the latter argument: “Nowhere in either Edgett or Chandwani is it contemplated that the client device proactively specify, for itself, what actions ought to be triggered by what conditions, let alone the triggering being a check specified by the client device in the firewall access rule in addition to packet-level checks.” is not directed to any specific claim language.  The claim recites: “the first access rule indicative of an action and a first condition when a network packet satisfies a packet-level condition associated with the first access rule, wherein when the first condition is not met, the client device is instructed to perform the action to remedy the first condition,” which makes no reference that the client device is performing any action.  Regardless of the non-functional descriptive material, which is addressed in the instant Office Action infra, when considering the first access rule and determining the first condition being met or not being met, the claim is silent as to the entity performing the determining.  Applicant’s arguments appear to require the client device be performing these steps in isolation, however, the claims are given the broadest reasonable interpretation, and these unclaimed features are not read into the claims.

On page 10 of Remarks, Applicant argues: “Second, neither Edgett nor Chandwani discusses the remedial operations in conjunction with a gateway enforcing firewall rules. In Edgett, the remedial 
	The arguments have been carefully considered, but are not persuasive as the Examiner applies the Ringdahl reference for teaching a gateway enforcing firewall rules; accordingly, the arguments are not fully responsive to the Examiner’s explicit position as the Examiner applies a position of obviousness.  The argument as per the Edgett reference is not specific to any particular claim limitation and does not explain how the art does not teach the recited claim language; the arguments of counsel cannot take the place of evidence in the record. See In re De Blauwe, 736 F.2d 699, 705 (Fed. Cir. 1984); In re Payne, 606 F.2d 303, 315 (CCPA 1979); In re Greenfield, 571 F.2d 1185, 1189 (CCPA 1978); In re Pearson, 494 F.2d 1399, 1405 (CCPA 1974).   While the Examiner makes numerous citations to the Chandwani reference, ¶18, is not cited by the Examiner; accordingly, the arguments are not responsive to the Examiner’s explicit position.  Nevertheless, the arguments do not explain how the Chandwani reference teaches away from the claim language; the arguments of counsel cannot take the place of evidence in the record. See In re De Blauwe, 736 F.2d 699, 705 (Fed. Cir. 1984); In re Payne, 606 F.2d 303, 315 (CCPA 1979); In re Greenfield, 571 F.2d 1185, 1189 (CCPA 1978); In re Pearson, 494 F.2d 1399, 1405 (CCPA 1974).   As per what one of ordinary skill in the art would consider, is speculative and does not point to any explicit reference; the arguments appear spurious and cannot take the place of evidence in the record. See In re De Blauwe, 736 F.2d 699, 705 (Fed. Cir. 1984); In re Payne, 606 F.2d 303, 315 (CCPA In re Greenfield, 571 F.2d 1185, 1189 (CCPA 1978); In re Pearson, 494 F.2d 1399, 1405 (CCPA 1974).  

	On page 10 of Remarks, Applicant argues: “Further, Applicant has previously addressed Be’ery and Chickering in prior responses, and does not repeat the details of the arguments here, but instead incorporates the entirety thereof herein.”
	Likewise, the Examiner sustains previously held rebuttals.  The Examiner notes that merely restating previous arguments is not necessarily responsive to previously stated rebuttals and incorporating arguments by reference does not hold them in abeyance when the claims have been amended and the Office has newly presented positions.

	The non-statutory double patenting rejections are updated to reflect the amended claim language and are likewise sustained.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 5, 10-12, 16, 17 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Ringdahl et al (U.S. Pat App Pub 2015/0058967 A1), hereinafter referred to as Ringdahl, Chickering (U.S. Pat 8806605 B1), hereinafter referred to as Chickering, and Be’ery et al (U.S. Pat App Pub 2014/0317738 A1), hereinafter referred to as Be’ery, in further view of either Edgett et al (U.S. Pat App Pub .
	Re claims 1, 12 and 16: Ringdahl teaches a method comprising, a system, comprising: at least one processor; and a non-transitory computer readable storage medium storing instructions programmed to instruct the at least one processor to, and a non-transitory computer readable storage medium storing instructions configured to instruct a computing system to: implementing, by a gateway [Fig 1, elt 1150], a firewall [Fig 1, elts 1154 & 1155] including firewall rules for selectively blocking and allowing network traffic between a client device and one or more network devices in a separate network (¶12; ¶26; ¶30); receiving, by the gateway from the client device, a first access rule; and in response to receiving the first access rule, creating a first firewall rule of the firewall rules (Figs 3 & 4; ¶33-¶38).
	Chickering teaches a firewall including firewall rules for selectively blocking and allowing network traffic between a client device and one or more network devices in a private network (Fig 1; col 2, line 52 – col 4, line 9); receiving, by the gateway from the client device, a first access rule, and in response to receiving the first access rule, creating a first firewall rule of the firewall rules (Figs 8 & 9 and the associated descriptions; page 12, claim 1).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl with the teachings of Chickering, for the purpose of providing authenticated access to protected resources via dynamic provisioning of access through a firewall; doing so has the known benefit of permitting or dropping packets at a firewall based on policies in a policy server.  Both references are within the same realm of endeavor as to each other and to Applicant which are all directed to an intermediate device operating a firewall to protect access to protected resources.

(The Examiner notes this language appears to constitute non-functional descriptive material. “When presented with a claim including nonfunctional descriptive material, an Examiner must determine whether such material should be given patentable weight.” Ex Parte Halligan, 89 USPQ2d 1355, 1367 (BPAI 2008) (non-precedential). In making this determination for a process claim, the relevant inquiry becomes whether there is a “new and unobvious functional relationship” between the process and the descriptive material. MPEP §2111.05 (citing In re Kao, 639 F.3d 1057, 1072–74 (Fed. Cir. 2011); King Pharm. Inc. v. Eon Labs, Inc., 616 F.3d 1267, 1278 (Fed. Cir. 2010)). For claims involving a computer process, the Board has held that the nature of the information being manipulated by the computer should not be given patentable weight absent evidence that the information is functionally related to the process “by changing the efficiency or accuracy or any other characteristic” of the steps. Ex parte Nehls, 88 USPQ2d 1883, 1888 (BPAI 2008) (precedential).  “Claim limitations directed to printed matter are not entitled to patentable weight unless the printed matter is functionally related to the substrate on which the printed matter is applied.” Praxair Distribution, Inc. v. Mallinckrodt Hosp. Prods. IP Ltd., 890 F.3d 1024, 1031 (Fed. Cir. 2018) (emphasis added). Our reviewing court has also explained that this printed matter doctrine is not strictly limited to “printed” materials. Mallinckrodt, 890 F.3d at 1032. More specifically, “a claim limitation is directed to printed matter ‘if it claims the content of information.’” Mallinckrodt, 890 F.3d at 1032 (quoting In re Distefano, 808 F.3d 845, 848 (Fed. Cir. 2015)). The content of non-functional descriptive material is not entitled to weight in the patentability analysis. Cf. In re Lowry, 32 F.3d 1579, 1583. “Where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability.” In re Gulack, 703 F.2d 1381, 1385 (Fed. Cir. 1983) (footnote omitted). As a general proposition, the Examiner need not give patentable weight to non-functional descriptive material absent a new and nonobvious functional relationship between the descriptive material and the substrate. See In re Ngai, 367 F.3d 1336, 1339 (Fed. Cir. 2004); see also King Pharm., Inc. v. Eon Labs, Inc., 616 F.3d 1267, 1279 (Fed. Cir. 2010); and Manual of Patent Examining Procedure (MPEP) §2111.05 (9th ed. Rev. 10.2019, June 2020).).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl and Chickering with the teachings of Be’ery for the purpose of providing predictable variations in the art of preventing network attacks where Be’ery provides for automatic detection of continuously-changing attack variants and other “zero-day” attacks to protect against new attacks (see ¶33).

(The Examiner notes this language appears to constitute non-functional descriptive material. “When presented with a claim including nonfunctional descriptive material, an Examiner must determine whether such material should be given patentable weight.” Ex Parte Halligan, 89 USPQ2d 1355, 1367 (BPAI 2008) (non-precedential). In making this determination for a process claim, the relevant inquiry becomes whether there is a “new and unobvious functional relationship” between the process and the descriptive material. MPEP §2111.05 (citing In re Kao, 639 F.3d 1057, 1072–74 (Fed. Cir. 2011); King Pharm. Inc. v. Eon Labs, Inc., 616 F.3d 1267, 1278 (Fed. Cir. 2010)). For claims involving a computer process, the Board has held that the nature of the information being manipulated by the computer should not be given patentable weight absent evidence that the information is functionally related to the process “by changing the efficiency or accuracy or any other characteristic” of the steps. Ex parte Nehls, 88 USPQ2d 1883, 1888 (BPAI 2008) (precedential).  “Claim limitations directed to printed matter are not entitled to patentable weight unless the printed matter is functionally related to the substrate on which the printed matter is applied.” Praxair Distribution, Inc. v. Mallinckrodt Hosp. Prods. IP Ltd., 890 F.3d 1024, 1031 (Fed. Cir. 2018) (emphasis added). Our reviewing court has also explained that this printed matter doctrine is not strictly limited to “printed” materials. Mallinckrodt, 890 F.3d at 1032. More specifically, “a claim limitation is directed to printed matter ‘if it claims the content of information.’” Mallinckrodt, 890 F.3d at 1032 (quoting In re Distefano, 808 F.3d 845, 848 (Fed. Cir. 2015)). The content of non-functional descriptive material is not entitled to weight in the patentability analysis. Cf. In re Lowry, 32 F.3d 1579, 1583. “Where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability.” In re Gulack, 703 F.2d 1381, 1385 (Fed. Cir. 1983) (footnote omitted). As a general proposition, the Examiner need not give patentable weight to non-functional descriptive material absent a new and nonobvious functional relationship between the descriptive material and the substrate. See In re Ngai, 367 F.3d 1336, 1339 (Fed. Cir. 2004); see also King Pharm., Inc. v. Eon Labs, Inc., 616 F.3d 1267, 1279 (Fed. Cir. 2010); and Manual of Patent Examining Procedure (MPEP) §2111.05 (9th ed. Rev. 10.2019, June 2020).).



Re claim 5: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches the first firewall rule is created by the gateway based on the first access rule (Ringdahl: Figs 3 & 4; ¶33-¶38; Chickering: Figs 8 & 9 and the associated descriptions; page 12, claim 1).
	Re claims 10 and 17: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches receiving the network packet that triggers the first firewall rule; in response to triggering the first firewall rule, determining whether the first condition is linked to the first firewall rule; and in response to determining that the first condition is linked to the first firewall rule, retrieving one or more attributes for checking the first condition (Be’ery: ¶31; ¶80; ¶82; Figs 3A & 3B; ¶86-¶87; ¶92; ¶108; ¶117; Fig 14; ¶121; Fig 23; ¶152; page 19, claim 1).
	Re claim 11: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches the attributes are retrieved from at least one of the client device or a directory service (Be’ery: ¶31; ¶80; ¶82; Figs 3A & 3B; ¶86-¶87; ¶92; ¶108; ¶117; Fig 14; ¶121; Fig 23; ¶152; page 19, claim 1).
	Re claim 21: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches the first condition is checked based on at least one of: one or more attributes of the client device, one or more attributes of a user of the client device, or one or more attributes of an environment of the client device (Be’ery: ¶31; ¶80; ¶82; Figs 3A & 3B; ¶86-¶87; ¶92; ¶108; ¶117; Fig 14; ¶121; Fig 23; ¶152; page 19, claim 1).


Claims 2-4 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ringdahl et al (U.S. Pat App Pub 2015/0058967 A1), hereinafter referred to as Ringdahl, Chickering (U.S. Pat 8806605 B1), hereinafter referred to as Chickering, Be’ery et al (U.S. pat App Pub 2014/0317738 A1), hereinafter referred to as Be’ery, and either Edgett et al (U.S. Pat App Pub 2005/0228874 A1) or Chandwani (U.S. Pat App Pub 2009/0113540 A1), hereinafter referred to as Edgett/Chandwani, in further view of either Moineau et al (U.S. Pat App Pub 2004/0215957 A1), hereinafter referred to as Moineau or Warrier et al (U.S. Pat 7096495 B1), hereinafter referred to as Warrier.
	Re claims 2 and 20: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches all the limitations of claims 1 and 16 as previously stated.
	Moineau teaches establishing a network tunnel between the client device [Fig 1, elts 22 & 24] and the gateway [Fig 1, elt 26], wherein the first firewall rule is created while the network tunnel is active (Fig 3, elts 30-34; ¶44-¶47).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl, Chickering, Be’ery & Edgett/Chandwani with the teachings of Moineau, for the purpose of ensuring that a total check is performed on any user device even when a wireless client device has a “roaming” tunnel but seamlessly allows for continued re-association and validation of traffic (see ¶50)
	Warrier teaches establishing a network tunnel between the client device [Fig 1, elts 105 & 110; Fig 2, elts 200, 210 & 220] and the gateway [Figs 1 & 2, elt 125], wherein the first firewall rule is created while the network tunnel is active (col 2, lines 32-67; col 3, lines 15-44; col 3, line 61 – col 4, line 27).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl, Chickering, Be’ery & 
	Re claim 3: The combination of Ringdahl, Chickering, Be’ery, Edgett/Chandwani in view of Moineau/Warrier teaches the first access rule is received in response to an update to a policy after establishing the network tunnel (Moineau: Fig 3, elts 30-34; ¶44-¶47; Warrier: col 2, lines 32-67; col 3, lines 15-44; col 3, line 61 – col 4, line 27).
	Re claim 4: The combination of Ringdahl, Chickering, Be’ery, Edgett/Chandwani in view of Moineau/Warrier teaches the first access rule is generated by a controller based on the policy (Moineau: Fig 3, elts 30-34; ¶44-¶47; Warrier: col 2, lines 32-67; col 3, lines 15-44; col 3, line 61 – col 4, line 27).

Claims 6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ringdahl et al (U.S. Pat App Pub 2015/0058967 A1), hereinafter referred to as Ringdahl, Chickering (U.S. Pat 8806605 B1), hereinafter referred to as Chickering, Be’ery et al (U.S. pat App Pub 2014/0317738 A1), hereinafter referred to as Be’ery, and either Edgett et al (U.S. Pat App Pub 2005/0228874 A1) or Chandwani (U.S. Pat App Pub 2009/0113540 A1), hereinafter referred to as Edgett/Chandwani, in further view Li et al (U.S. Pat App Pub 2008/0077705 A1), hereinafter referred to as Li.
	Re claims 6 and 18: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches all the limitations of claims 1 and 16 as previously stated.
	Li teaches the first access rule comprises an identifier for a host in the private network, the method further comprising: looking up a network address that corresponds to the identifier (¶69; ¶87; ¶90-¶91); wherein the first firewall rule includes the client device as a source address, and the network address as a destination address (¶9; ¶14; ¶20; ¶45; ¶47; page 11, claims 1 & 2).
.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Ringdahl et al (U.S. Pat App Pub 2015/0058967 A1), hereinafter referred to as Ringdahl, Chickering (U.S. Pat 8806605 B1), hereinafter referred to as Chickering, Be’ery et al (U.S. pat App Pub 2014/0317738 A1), hereinafter referred to as Be’ery, and either Edgett et al (U.S. Pat App Pub 2005/0228874 A1) or Chandwani (U.S. Pat App Pub 2009/0113540 A1), hereinafter referred to as Edgett/Chandwani, in further view HAN (U.S. Pat App Pub 2017/0244673 A1), hereinafter referred to as HAN.
	Re claim 7: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches all the limitations of claim 1 as previously stated.
	HAN teaches the first access rule comprises an identifier for an infrastructure management service that provides access to virtual hosts in the private network, the method further comprising:SV 347910921v17__ 32 __Patent ApplicationAttorney Docket No. 155313-200715/US retrieving, from the infrastructure management service, a selection of a first virtual host; wherein the first firewall rule includes the client device as a source address, and the first virtual host as a destination address (Figs 6A & 6B; ¶57-¶65; Fig 7; ¶68-¶79).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl, Chickering, Be’ery and Edgett/Chandwani with the teachings of HAN for the purpose of providing predictable variations in the art of firewall protection to protect physical devices, but also virtual machines.  Doing so has the known benefit of protecting further types of hosts.
Re claim 14: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches all the limitations of claim 12 as previously stated and further teaches the first access rule comprises an identifier for an infrastructure management service that provides access to network devices in the private network (Id).
	HAN teaches the instructions further instruct the at least one processor to: retrieve, from the infrastructure management service, a selection of a first network device; wherein the first firewall rule includes the client device as a source address and a network address of the first network device as a destination address (Figs 6A & 6B; ¶57-¶65; Fig 7; ¶68-¶79).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl, Chickering, Be’ery and Edgett/Chandwani with the teachings of HAN for the purpose of providing predictable variations in the art of firewall protection to protect physical devices, but also virtual machines.  Doing so has the known benefit of protecting further types of hosts.

Claims 8 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Ringdahl et al (U.S. Pat App Pub 2015/0058967 A1), hereinafter referred to as Ringdahl, Chickering (U.S. Pat 8806605 B1), hereinafter referred to as Chickering, Be’ery et al (U.S. pat App Pub 2014/0317738 A1), hereinafter referred to as Be’ery, and either Edgett et al (U.S. Pat App Pub 2005/0228874 A1) or Chandwani (U.S. Pat App Pub 2009/0113540 A1), hereinafter referred to as Edgett/Chandwani, in view of Luo et al (U.S. Pat App Pub 2014/0075497 A1), hereinafter referred to as Luo.
	Re claims 8 and 15: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches all the limitations of claims 1 and 12 as previously stated.
	Luo teaches receiving, from the client device, the first condition associated with the first access rule; receiving, by the gateway, the network packet; determining, for the network packet, whether the 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl, Chickering, Be’ery and Edgett/Chandwani with the teachings of Luo for the purpose of providing predictable variations in the art of network security by analyzing multiphase attribute conditions when implementing network policies; doing so prevents firewall rule conflicts.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Ringdahl et al (U.S. Pat App Pub 2015/0058967 A1), hereinafter referred to as Ringdahl, Chickering (U.S. Pat 8806605 B1), hereinafter referred to as Chickering, Be’ery et al (U.S. pat App Pub 2014/0317738 A1), hereinafter referred to as Be’ery, and either Edgett et al (U.S. Pat App Pub 2005/0228874 A1) or Chandwani (U.S. Pat App Pub 2009/0113540 A1), hereinafter referred to as Edgett/Chandwani, in view of Mullick et al (U.S. Pat App Pub 2014/0344891 A1), hereinafter referred to as Mullick.
	Re claim 9: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches all the limitations of claim 1 as previously stated.
	Mullick teaches receiving, from the client device, the first condition associated with the first access rule; wherein the first condition requires that the client device runs a local firewall (¶8; ¶20; ¶175; ¶205; ¶211-¶213; ¶217).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl, Chickering, Be’ery and Edgett/Chandwani with the teachings of Mullick for the purpose of providing predictable variations in the art of network security by analyzing the security of a client device accessing protected resources; .

Claims 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ringdahl et al (U.S. Pat App Pub 2015/0058967 A1), hereinafter referred to as Ringdahl, Chickering (U.S. Pat 8806605 B1), hereinafter referred to as Chickering, Be’ery et al (U.S. pat App Pub 2014/0317738 A1), hereinafter referred to as Be’ery, and either Edgett et al (U.S. Pat App Pub 2005/0228874 A1) or Chandwani (U.S. Pat App Pub 2009/0113540 A1), hereinafter referred to as Edgett/Chandwani, in further view Singer et al (U.S. Pat App Pub 2014/0282818 A1), hereinafter referred to as Singer.
	Re claims 13 and 19: The combination of Ringdahl, Chickering, Be’ery and Edgett/Chandwani teaches all the limitations of claims 12  and 16 as previously stated.
	Singer teaches a controller configured to generate the first access rule based on a policy, wherein the first access rule is received in response to an update to the policy (Fig 2A; ¶74-¶95).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Ringdahl, Chickering, Be’ery and Edgett/Chandwani with the teachings of Singer for the purpose of providing predictable variations in the art of preventing network attacks as dynamic updating access policies and firewall rules provide the predictable results of granting only approved access to protected resources.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Pat 10541971. Although the claims at issue are not identical, they are not patentably distinct from each other.  The pending claims are rendered obvious in view of the patented supra; the rationale for combining is fully incorporated herein and is not duplicated.
Claims 1-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Pat 10412048. Although the claims at issue are not identical, they are not patentably distinct from each other.  The pending claims are rendered obvious in view of the patented claims where the differences and rationale for combining are set forth supra; the rationale for combining is fully incorporated herein and is not duplicated.
	Claims 1-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of U.S. Pat 9628444. Although the claims at issue are not identical, they are not patentably distinct from each other.  The pending claims are rendered obvious in view of the patented claims where the differences and rationale for combining are set forth supra; the rationale for combining is fully incorporated herein and is not duplicated.
Claims 1-21 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over the claims of copending Application No. 16/565139 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other.  The pending claims are rendered obvious in view of the patented claims where the differences and rationale for combining are set forth supra; the rationale for combining is fully incorporated herein and is not duplicated.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Conclusion
	Examiner's Note: 
The Examiner identified and designated “the particular part[s] [of the references] relied on” as provided in 37 C.F.R § 1.104(c)(2).

“The prima facie case is merely a procedural device that enables an appropriate shift of the burden of production.” Hyatt v. Dudas, 492 F.3d. 1365, 1369 (Fed. Cir. 2007) (citing In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992)). The court has, thus, held that the USPTO carries its procedural burden of establishing a prima facie case when its rejection satisfies the requirements of 35 U.S.C. § 132 by notifying the applicant of the reasons for rejection, “together with such information and references as may be useful in judging of the propriety of continuing the prosecution of [the] application.” See In re Jung, 637 F.3d 1356, 1362 (Fed. Cir. 2011).
MPEP 2123 [R – 08.2012] states: "The use of patents as references is not limited to what the patentees describe as their own inventions or to the problems with which they are concerned. They are part of the literature of the art, relevant for all they contain." In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275, 277 (CCPA 1968)). 
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale
A reference may be relied upon for all that it would have reasonably suggested to one having ordinary skill the art, including nonpreferred embodiments. Merck & Co. v. Biocraft Laboratories, 874 F.2d 804, 10 USPQ2d 1843 (Fed. Cir.), cert. denied, 493 U.S. 975 (1989). See also Upsher-Smith Labs. v. Pamlab, LLC, 412 F.3d 1319, 1323, 75 USPQ2d 1213, 1215 (Fed. Cir. 2005) (reference disclosing optional inclusion of a particular component teaches compositions that both do and do not contain that component); Celeritas Technologies Ltd. v. Rockwell International Corp., 150 F.3d 1354, 1361, 47 USPQ2d 1516, 1522-23 (Fed. Cir. 1998) (The court held that the prior art anticipated the claims even 

In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. See: Ralston Purina Co. v. FarMar-Co, Inc., 772 F.2d 1570, 1575 (Fed. Cir. 1985), In re Kaslow, 707 F.2d 1366, 1375 (Fed. Cir. 1983), Ariad Pharmaceuticals, Inc. v. Eli Lilly and Co., 598 F.3d 1336, 1352 (Fed. Cir. 2010), Purdue Pharma L.P. v. Faulding, Inc., 230 F.3d 1320, 1323 (Fed. Cir. 2000), Vas-Cath Inc. v. Mahurkar, 935 F.2d 1555, 1560 (Fed. Cir. 1991) and TurboCare Div. of Demag Delavel Turbomachinery Corp. v. Gen. Elec. Co., 264 F.3d 1111, 1118 (Fed. Cir. 2001)

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTOL-892.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARREN B SCHWARTZ whose telephone number is (571)270-3850. The examiner can normally be reached 9am-7pm EST, Monday-Thursday, 9am-5pm EST, Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARREN B SCHWARTZ/Primary Examiner, Art Unit 2435