DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This is in response to the communications filed on 30 July 2021.
2.  Claims 1-11 are pending in the application.
3.  Claims 1-11 have been rejected.
Information Disclosure Statement
4.  The examiner has considered the information disclosure statement (IDS) filed on 25 June 2020 and 30 July 2021.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
5.  Claims 1-11 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 2 and 6-14 of copending Application No. 16/958,069 (hereinafter the ‘069 application) in view of Ogura et al US 2008/0155657 A1 (hereinafter Ogura). 
16/958,063 (Current Application)
16/958,069
Claim 1, A network security interface component comprising: 

a second network interface separate from the first network interface; 
a unidirectional connection connecting the first network interface to the second network interface; and 
an authentication module connected between the first network interface and the unidirectional connection, 
wherein the unidirectional connection is configured to allow data transfer from the first network interface to the second network interface via the unidirectional connection and to prevent data transfer from the second network interface to the first network interface via the unidirectional connection, 
wherein the authentication module is configured to add authentication data to data received at the first network interface by 


	a first network interface processor for communicating with a first network; 

	a first unidirectional interconnect connecting the first and second network interface processors; wherein the first unidirectional interconnect is configured to allow data transfer from the first network interface processor to the second network interface processor via the first unidirectional interconnect and to prevent data transfer from the second network interface processor to the first network interface processor via the first unidirectional interconnect, 
	wherein the first unidirectional interconnect includes a first switch configured to disable the first unidirectional interconnect, operation of the first switch being made from a secure area having a root of trust, and 

	the second network interface processor is configured to receive data from the first network interface processor via the first unidirectional interconnect.



The ‘069 application does not teach an authentication module connected between the first network interface and the unidirectional connection.  The ‘069 application does not teach that the authentication module is configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated.
Ogura teaches an authentication module connected between the first network interface and the unidirectional connection (i.e. a home gateway that creates authentication data from authentication information) [abstract].  Ogura teaches that the authentication module is configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated (i.e. home gateway adds the authentication data to an IP packet received from a terminal) [abstract].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the ‘069 application so that there would have been an authentication module 
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the ‘069 application by the teaching of Ogura because it helps detect false source addresses [0008].
This is a provisional nonstatutory double patenting rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
6.  Claims 1, 3, 4, 6, 7, 8 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright) in view of Ogura et al US 2008/0155657 A1 (hereinafter Ogura).
As to claim 1, Bright discloses a network security interface component comprising: 
a first network interface (i.e. user interface) [0027]; 
a second network interface separate from the first network interface (i.e. host interface) [0030]; 
a unidirectional connection connecting the first network interface to the second network interface (i.e. initiating a unidirectional connection) [0017]; and 
wherein the unidirectional connection is configured to allow data transfer from the first network interface to the second network interface via the unidirectional connection (i.e. through an initiated unidirectional connection) [0060] and to prevent data transfer from the second network interface to the first network interface via the unidirectional connection (i.e. suspended threads and ports) [0061]. 
Bright does not teach an authentication module connected between the first network interface and the unidirectional connection.  Bright does not teach that the authentication module is configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated.

Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright so that there would have been an authentication module connected between the first network interface and the unidirectional connection.  The authentication module would have been configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated.
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright by the teaching of Ogura because it helps detect false source addresses [0008].
As to claim 3, Ogura teaches the network security interface component of claim 1, wherein the authentication module is configured to identify data received at the first network interface which comprises authentication data and to allow the identified data received at the first network interface which comprises authentication data to be transmitted via the unidirectional connection to the second network interface without adding authentication data (i.e. determining if authentication information is present in option field and allowing data to pass) [0072].  
As to claim 4, Bright discloses a method of transmitting data, performed at a network security interface component comprising a first network interface (i.e. user interface) [0027], a second network interface 
receiving data at the first network interface (i.e. data sent between servers) [0048]; 
transmitting the data received at the first network interface and the authentication data to the second network interface via the unidirectional connection (i.e. transmitting data through unidirectional connection) [0049].  
Bright does not teach an authentication module connected between the first network interface and the unidirectional connection.  Bright does not teach that the authentication module is configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated.
Ogura teaches an authentication module connected between the first network interface and the unidirectional connection (i.e. a home gateway that creates authentication data from authentication information) [abstract].  Ogura teaches that the authentication module is configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated (i.e. home gateway adds the authentication data to an IP packet received from a terminal) [abstract].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright so that there would have been an authentication module connected between 
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright by the teaching of Ogura because it helps detect false source addresses [0008].
As to claim 6, Ogura teaches the method of claim 4, the method comprising the steps of:
identifying data received at the first network interface which comprises authentication data (i.e. determining if authentication information is present in option field and allowing data to pass) [0072]; and
allowing the identified data received at the first network interface which comprises authentication data to be transmitted via the unidirectional connection to the second network interface without adding authentication data (i.e. determining if authentication information is present in option field and allowing data to pass) [0072].  
As to claim 7, Bright teaches the network security interface component of claim 1, wherein the data received at the first network interface comprises individual packets of data (i.e. packet data) [0021].  
As to claim 8, Bright teaches the network security interface component of claim 1, wherein the network security interface component further comprises an integrated circuit and, 
As to claim 11, Bright teaches the network security interface component of claim 1, wherein the first network interface and the second network interface each comprise a processor (i.e. devices implemented with a central processing unit) [0026].
7.  Claims 2 and 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright) and Ogura et al US 2008/0155657 A1 (hereinafter Ogura) as applied to claims 1 and 4 above, and further in view of Ren et al US 2017/0149937 A1 (hereinafter Ren).
As to claim 2, the Bright-Ogura combination teaches that the authentication module is configured to identify data received at the first network interface which does not comprise authentication data (i.e. Ogura teaches determining that authentication information is not present in option field) [0072].
The Bright-Ogura combination does not teach to add authentication data to the identified data received at the first network interface which does not comprise authentication data.  
Ren teaches adding authentication data to the identified data received at the first network interface which does not comprise authentication data (i.e. inserting or adding missing data type) [0026].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura combination so that authentication data would have been added 
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura combination by the teaching of Ren because it helps facilitate the management of customized data types and values [0026].
As to claim 5, the Bright-Ogura combination teaches identifying data received at the first network interface which does not comprise authentication data (i.e. Ogura teaches determining that authentication information is not present in option field) [0072].  
The Bright-Ogura combination does not teach adding authentication data to the identified data received at the first network interface which do not comprise authentication data.  
Ren teaches adding authentication data to the identified data received at the first network interface which does not comprise authentication data (i.e. inserting or adding missing data type) [0026].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura combination so that authentication data would have been added to the identified data received at the first network interface which did not comprise authentication data.
.
8.  Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright) and Ogura et al US 2008/0155657 A1 (hereinafter Ogura) as applied to claim 1 above, and further in view of Gersten U.S. Patent No. 9,806,888.
As to claim 9, the Bright-Ogura combination does not teach the network security interface component of claim 1, wherein the data received at the first network interface comprises sensor data produced by one or more sensors.  
Gersten teaches that the data received at the first network interface comprises sensor data produced by one or more sensors (i.e. encrypted sensor data received via the network interface circuit from one or more sensor devices) [column 10 line 57 to column 11 line 9].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura combination so that the data received at the first network interface would have comprised sensor data produced by one or more sensors.
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura combination by the teaching of Gersten because it helps avoid repetitive use of the same encryption key [column 1, lines 44-50].
10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright) and Ogura et al US 2008/0155657 A1 (hereinafter Ogura) as applied to claim 1 above, and further in view of Kim et al US 2016/0080033 A1 (hereinafter Kim).
As to claim 10, the Bright-Ogura combination does not teach the network security interface component of claim 1, wherein unidirectional connection comprises a data diode, optionally, wherein the data diode is an optical data diode.  
Kim teaches that unidirectional connection comprises a data diode, optionally, wherein the data diode is an optical data diode [0032 and figure 3].  
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura combination so that the unidirectional connection would have comprised a data diode, optionally, wherein the data diode would have been an optical data diode.  
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura combination by the teaching of Kim because it helps guarantee the reliability of data transmission in a unidirectional section [0009].
Relevant Prior Art
10.  The following references have been considered relevant by the examiner:
A.  Kaminski U.S. Patent No. 10,924,350 B1 directed to communicating management controller performance metrics, such as status information associated with the controller, to a remote requestor [abstract].
B.  Vyrros et al US 2012/0307655 A1 directed to establishing a two-way push communication between a provider and a mobile device [abstract].
C.  Grinstein et al US 2008/0178278 A1 directed to an internal gateway that establishes connections to an external gateway through permitted ports and protocols of a firewall [abstract].
Conclusion
11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793. The examiner can normally be reached M-F 5:00-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 





/ARAVIND K MOORTHY/            Primary Examiner, Art Unit 2492