DETAILED ACTION

1.	Claims 1-14, and 21-26 are presented for consideration.

Claim Rejections - 35 USC § 103

2.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1, 2, 5-7, 9-12, 21-23, 25, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Crawford [ US Patent No 7,966,654 ], in view of Gopalakrishnan [ US Patent Application No 2017/0153882 ].

4.	As per claim 1, Crawford discloses the invention as claimed including a method for configuring an enforcement module on a host device to enforce a segmentation policy [ i.e. network, subsystem and proxy, and firewall policy dictates how the firewall should handle network traffic associated with specific application ] [ Figure 1; Abstract; and paragraph 0009 ] , the method comprising: 
receiving, from a segmentation server, management instructions for enforcing a segmentation policy [ i.e. multiple configuration schemes may be specified by the network administrator using graphical user interface or command line interface, the settings specified by 
instantiating a transparent application proxy on the host device [ i.e. when a new communication session matching a particular firewall policy is initiated, this session inherits the scheme identifier value from the corresponding policy structure, the proxy program, to which the communication connection is redirected, then retrieves this identifier value from the communication connection structure ] [ 107, Figure 1; and paragraphs 0034, 0038, and 0043 ]; 
configuring a traffic filter based on the instructions to enforce the segmentation policy [ i.e. the necessary connection information may be extracted from the network packets intercepted by the networking subsystem ] [ 106, Figure 1; and paragraphs 0056, and 0057 ], the traffic filter to filter traffic based on network layer data including source and destination addresses [ i.e. find policy that matches connection source address, destination address ] [ 903, Figure 9; and paragraphs 0029, 0031, and 0056 ], and the traffic filter including a filtering rule configured to redirect traffic to or from the application to the transparent application proxy [ i.e. the firewall policy may provide an additional option for handling of the network traffic, which may include re-directing specific packets to routine or program, such as a proxy for deeper examination and/or logging ] [ 107, Figure 1; and paragraphs 0032, 0033, and 0040 ]; 
configuring the transparent application proxy to implement an application layer filter that blocks traffic to or from the application exploiting the one or more security vulnerabilities [ i.e. store parameters are retrieved from the database by the proxy 107, and the proxy 107 can continue with any filtering tasks or other tasks necessary to handle the networking session ] [ paragraphs 0042-0044 ]; and 

Crawford does not specifically disclose
the segmentation policy including a virtual patch for patching an application to protect against one or more security vulnerabilities, and includes applying a virtual patch.
Gopalakrishnan discloses
the segmentation policy including a virtual patch for patching an application to protect against one or more security vulnerabilities, and includes applying a virtual patch [ i.e. patch filter can be set to detect incoming data associated with the specific user profile and take action to prevent active attacks ] [ Figure 4; and paragraphs 0022, and 0032 ].
It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Crawford and Gopalakrishnan because the teaching of Gopolakrishnan would enable to protect software component without modifying or restarting the application [ Gopalakrishnan, paragraph 0001 ].

5.	As per claim 2, Crawford discloses wherein instantiating the transparent application proxy comprises: detecting that the transparent application proxy is not present on the host device to enforce the virtual patch; and instantiating the transparent application proxy responsive to the detection [ i.e. support new protocols as well as new filtering and other content processing capabilities ] [ paragraphs 0046-0049 ].  



7.	As per claim 6, Crawford discloses dropping the inbound data packet responsive to determining to block the inbound data packet based on the application layer data [ i.e. rejection connection ] [ paragraph 0057 ].  

8.	As per claim 7, Crawford discloses forwarding the inbound data packet to the application responsive to determining to allow the inbound data packet based on the application layer data [ i.e. allow connection ] [ paragraph 0057 ].  

9.	As per claim 9, Crawford discloses wherein the traffic filter comprises an IP address-based traffic filter to filter the traffic based on source and destination IP addresses [ paragraph 0031 ].  



11.	As per claims 11, 12, 21-23, they are rejected for similar reasons as stated above in claims 1, 2, and 5-7.

12.	As per claims 25 and 26, they are rejected for similar reasons as stated above in claims 1, and 2.


13.	Claims 3, 4, 8, 13, 14, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Crawford [ US Patent No 7,966,654 ], in view of Gopalakrishnan [ US Patent Application No 2017/0153882 ], and further in view of Kuo [ US Patent Application No 2008/0040790 ].

14.	As per claim 3, Crawford in view of Gopalakrishnan does not specifically disclose detecting an update to application information associated with the application; transmitting the update to the segmentation server; responsive to transmitting the update, receiving from the segmentation server, updated instructions for removing the virtual patch; and removing the transparent application proxy in response to the updated instructions; and updating the traffic filter to remove the filtering rule redirecting the traffic to or from the application to the transparent application proxy.  Kuo discloses detecting an update to application information 

15.	As per claim 4, Kuo discloses detecting an update to application information associated with the application; determining that the virtual patch is not applicable to the application based on the updated application information; responsive to determining that the virtual patch is not applicable, removing the transparent application proxy; and updating the traffic filter to remove the filtering rule redirecting the traffic to or from the application to the transparent application proxy [ i.e. patch management] [ paragraphs 0014, and 0090 ].  

16.	As per claim 8, Kuo discloses wherein applying the traffic filter and the transparent application proxy comprises: receiving an outbound data packet having a source address 

17.	As per claims 13, and 14, they are rejected for similar reasons as stated above in claims 3, and 4.	

18.	As per claim 24, it is rejected for similar reasons as stated above in claim 8.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN NGUYEN whose telephone number is (571)272-3971. The examiner can normally be reached Monday-Friday 9-6 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DUSTIN NGUYEN/Primary Examiner, Art Unit 2446