DETAILED ACTION
This Office Action is with regard to the most recent papers filed 10/8/2021.

Response to Arguments
On pages 11-14, Applicant argues that the prior art of record fails to teach that the centralized firewall acts as a firewall (meaning that the entity performing certain recited claim functions itself performs firewall functions).  This argument is moot based on the new ground of rejection necessitated by such amendments, where this functionality is addressed with the inclusion of US 2006/0282887 (Trumper).  It is noted that the instant claim fails to provide significant detail of the centralized firewall, including the structure of such firewall or how it is centralized.  For instance, in the art, centralized firewalls that utilize tunnels to receive traffic from various points in one or more networks were generally known, where one singular firewall would be implemented to provide protection for multiple points in the network through the use of such tunnels.  Meanwhile, in Saavedra, a centralized firewall is provided in that control of a plurality of firewalls is provided in a centralized fashion (where when the teachings of Trumper are applied, the controller would also be one of the firewalls).
On page 13, Applicant addresses the findings of Official Notice.  First, it is noted that with regard to claim 2, Applicant’s amendments have removed the need for Official Notice, as the claim recites the argued “five separate elements” now in the alternative, where claim 1 already presents some “auto-learning” functionality, and thus claim 2 fails to further limit claim 1.  Further, MPEP 2144.03 C presents that to adequately traverse such a finding, Applicant must point out the supposed errors in the action including stating why the noticed fact is not well-known.  In this case, Applicant has failed to even provide any statements that the noticed facts were not considered to be well-known in the art (instead, Applicant instead “questions” that the elements are “capable of such instant and unquestionable demonstration as to defy dispute.”  Evidence of any noticed facts will be provided if Applicant provides 
Thus, after careful consideration of Applicant’s arguments, claims 1-11 remain rejected under 35 USC 103 and new claims 13-66 are now rejected under at least 35 USC 103.

Claim Objections
Claims 41-53 are objected to because of the following informalities:  each of the instant claims refer to “non-trnasitory,” which should apparently be “non-transitory.”  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 54-66 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the instant claims are directed toward a system comprising a network, where such network has no structural details provided (the system comprises the network, where the network is “configured to” perform certain functions with no structural elements of the network, itself.).  Thus, it would appear that the network does not include any physical components, and may refer to a software network (e.g. virtual machines, SDN, etc.), where software per se is held to be non-statutory.  Applicant should amend the system of claims 54-66 to clearly not refer to software alone, and include at least some hardware components.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0260831 (Milev) in view of US 2019/0182213 (Saavedra), US 2006/0282887 (Trumper), US 2018/0191681 (Mihelich), and US 2017/0295141 (Thubert).
With regard to claim 1, Milev discloses a computerized method for implementing an automatic centralized firewall for industrial Internet of Things-based (IIOT) wide area network (WAN) fabric, the method comprising: 
an lOT-based WAN fabric (Milev: Paragraph [0008]). 
Milev fails to disclose, but Saavedra teaches (a) providing an automatic centralized firewall in the fabric; and (b) strictly operating the automatic centralized firewall in a white-listed manner (Saavedra: Paragraphs [0015] and [0244].  A centralized firewall can be provided for that may employ white listing functionality.).
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize a centralized firewall for the fabric of Milev to provide distributed firewall points while having a centralized firewall controller, such as Saavedra, to provide for network security in a coordinated fashion across a distributed network.).
Milev in view of Saavedra fails to teach, but Trumper teaches the automatic centralized firewall acting as a firewall (Trumper: Figure 2 and Paragraph [0002].  Trumper teaches the combination of centralized and decentralized architectures for firewalls, where master is used for configuring and performs the security functions, and then the master distributes configurations to the slaves.  When applied to Milev in view of Saavedra, the centralized firewall controller would be implemented as part of the master, while the controlled firewalls of Saavedra would be implemented as slaves.).
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize a hybrid architecture with a centralized firewall that performs the firewall functions while implementing distributed firewalls controlled by the central firewall to realize benefits associated with both centralized and distributed architectures, such as providing a single point of management for distributed firewalls while providing a more efficient use of resources (such that a dedicated firewall controller would not be required, and instead would be implemented as part of a firewall).

Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to discover subnet end points and addresses for each network to allow for more efficient management of the fabric with the knowledge of the topology of the fabric.  It is noted that the instant claim does not appear to provide for any connection between the discovering and any other functionality in the instant claim.
Milev in view of Saavedra, Trumper, and Mihelich fails to teach, but Thubert teaches (d) providing one or more flow rules at both ends of each machine network in the WAN fabric for usage by the automatic centralized firewall (Thubert: Paragraphs [0038] and [0049].  The firewalls can be configured by deriving firewall rules to be provided to each firewall at each port of each device.).  
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to provide flow rules (rules for managing traffic between devices, which would include any flows in as much detail as required by the instant claim) to provide for automated configuration of different firewalls, such as those of Milev in view of Saavedra, thus simplifying such management of the firewalls for a human operator.

With regard to claim 2, the instant claim is substantially within the scope of claim 1, and is rejected for similar reasons (claim 2 provides a list of options, where only one option from the list is 

With regard to claim 3, Milev in view of Thubert teaches that providing the one or more flow rules at both ends of each network is implemented (I) from a machine network end and (I) from a remote access network (Thubert: Paragraphs [0018] and [0049] and Figure 1.  The providing is from a controller (The term machine network end fails to provide significant detail other than that it is an end to some machine network, such as an IIoT network), where the overlay network may be over the Internet (thus providing interconnected remote access networks.).

With regard to claim 4, Milev fails to teach expressly, but Official Notice is taken that it would have been well-known in the art to eliminate a Distributed Denial of Service (DDOS) attack on the WAN fabric while providing appropriate access control to one or more machines of the WAN fabric (more specifically, the instant claim fails to provide any detail of how or what eliminates the DDOS attack.  It is submitted that the providing of access controls (e.g. a firewall) and protection from DDOS attacks within a network (whether by the same or different devices) was well-known in the art).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to protect against DDOS attacks while providing access control (e.g. a firewall) to provide more comprehensive security for the network, thus protecting against a wider variety of attacks.

With regard to claim 5, the instant claim is similar to claim 4, and is rejected for similar reasons.

With regard to claim 6, Milev in view of Saavedra teaches implementing a bookended firewall in, or as part of, the automatic centralized firewall (Saavedra: The distributed firewalls of Saavedra which 

With regard to claim 12, Milev in view of Saavedra, Thumper, Mihelich, and Thupert teaches wherein providing the automatic centralized firewall is for geographically distributed sites each having an IIOT-based WAN fabric (Milev: Paragraphs [0005] and [0035].  First, it is noted that the claim does not present whether the fabrics for the sites are different or the same fabric (The instant specification appears to refer to there being only one fabric across the entire distributed system, and does not include references to multiple fabrics.).  In the case of Milev, assets are presented in a distributed fashion, where the fabric connects these assets.).

With regard to claim 13, Milev in view of Saavedra, Thumper, Mihelich, and Thupert teaches wherein the automatic centralized firewall is disposed remotely from the geographically distributed sites (Milev: Figure 1.  The sites are remote from the cloud host platform.).

With regard to claim 14, Milev in view of Saavedra, Thumper, Mihelich, and Thupert  teaches wherein the automatic centralized firewall is disposed in the cloud (Milev: Figure 1.  The centralized firewall would be presented in the centralized location, which would be the cloud host platform.).

With regard to claim 15, Milev in view of Saavedra, Thumper, Mihelich, and Thupert fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the automatic centralized firewall is operated with (I) conversion of network types and/or (II) conversion message types (more specifically, the conversion of messages, such as for logging or transmitting such messages, was well-known in the art, where the instant claim does not present any 

With regard to claim 16, Milev in view of Saavedra, Thumper, Mihelich, and Thupert  fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to operate the automatic centralized firewall is with (I) proxy authentication and/or (II) and with Operational Technology (OT) proxies (more specifically, at least proxy authentication was well-known in the art, where the instant claim fails to present how the proxy authentication is used, what is using the proxy authentication, or any details concerning the proxy authentication other than that the firewall is somehow operated with proxy authentication (which would allow either the firewall, itself, to be authenticated using a proxy, allow nodes that are authenticated using a proxy to communicate over the firewall, allow nodes that are proxy authenticated to connect to the firewall for configuration, etc.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to have the firewall operated with proxy authentication to provide a well-known mechanism to allow another entity to separate end users from other systems that are being accessed, thus providing additional security and other functions on behalf of a user, where proxy authentication allows a user to provide authentication to such proxy to properly access end resources.  It is noted that the instant claim does not present 

With regard to claim 17, the instant claim is rejected for substantially similar reasons as claim 14, as claim 17 serves to further limit one of the two options presented in the alternative in claim 14, but was not relied upon for the rejection.

With regard to claims 7-11, 20-25, 28-38, 41-51, 54-64, the instant claims are similar to claims 1-6 and 12-17, and are rejected for similar reasons.

Claim Rejections - 35 USC § 103
Claims 18-29, 26-27, 39-40, 52-53, and 65-66 is/are rejected under 35 U.S.C. 103 as being unpatentable over Milev in view of Saavedra, Thumper, Mihelich, and Thupert, and further in view of US 2018/0115528 (Rotvold).
With regard to claim 18, Milev in view of Saavedra, Thumper, Mihelich, and Thupert fails to teach, but Rotvold teaches wherein the IIOT-based WAN fabric includes one or more data diodes (Rotvold: Paragraph [0026].  Rotvold teaches that the inclusion of data diodes in networks were known in the art.  It is noted that the instant claim only requires the inclusion of diodes in the network, but fails to provide for any functionality performed by the method or any functionality of the centralized firewall.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize a diode to allow for secure communications between nodes, such that communications would not be made in the opposite direction over the diode (which serves to protect the sending node).

With regard to claim 19, Milev in view of Saavedra, Thumper, Mihelich, and Thupert fails to teach, but Rotvold teaches providing symmetric key encryption semantics to extend the one or more data diode securely across a specified WAN (Rotvold: Paragraph [0062].  A key can be provided to allow nodes to join in communications.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to provide a symmetric key encryption semantics to allow for the encryption of data across nodes.

With regard to claims 26-27, 39-40, 52-53, and 65-66, the instant claims are similar to claims 18-19, and are rejected for similar reasons.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT B CHRISTENSEN whose telephone number is (571)270-1144. The examiner can normally be reached Monday through Friday, 6AM to 2PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SCOTT B. CHRISTENSEN
Examiner
Art Unit 2444



/SCOTT B CHRISTENSEN/Primary Examiner, Art Unit 2444