Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
Claims 1-20 are presented for examination.



Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/26/2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.


Drawings
The drawings filed on 10/26/2020 are accepted by the examiner.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following claims are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

In Claims 1, 7, 12, and 16, limitations “a generating unit” have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because they use a generic placeholder “unit” coupled with functional language without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not preceded by a structural modifier.  Thus, the claim is rejected under 112(b) as being indefinite because there is no corresponding structure disclosed for the recited elements in the specification where the identification of the corresponding structure is required (37 CFR 1.105).
Dependent claims inherit the deficiencies of the independent claims and therefore are rejected under 35 U.S.C. 112(b) by virtue of their dependency.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
 (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may 



1.	Claim 11 is rejected under 35 U.S.C. 102(a)(2) as being anticipated by Mori et al. (US Publication No. 2020/0228496, hereinafter “Mori”).

Regarding claim 1, Mori disclose a communication device that belongs to a communication network including a control device and a plurality of communication devices connected to the control device, and transmits a communication packet to a transmission destination communication device, the communication device and the transmission destination communication device being differently one of the plurality of communication devices, the communication device comprising: 
a memory that stores first information for judging a normality of the communication packet (Mori, (para. [0023] and figure 3), the whitelist 110 is a list of packet information 121 on the packets permitted to be transferred by the transfer apparatus 101); and 
processing circuitry configured to operate as: an analyzing unit configured to judge the normality of a received communication based on the received communication packet and the first information (Mori, (para. [0088, 0027]), the destination determination unit 232 in receipt of the packet searches the whitelist storage memory 231 to determine whether the header information and the control information of the received packet are included in the whitelist 110), and 
discard the received communication packet received when it is judged that the received communication packet is not normal (Mori, (para. [0047]), the destination determination unit 232 works as a check unit 232A that searches the whitelist 110 stored in the whitelist storage memory 231 to check whether the received packet is registered in the whitelist 110. If the received packet is not registered in the whitelist 110, the destination determination unit 232 works as a discard unit 232 that discards the packet).  
Claim limitation “an analysis unit”, has been interpreted under 35 U.S.C. 112(f).  A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) limitation: FIG. 2.  
Since this claim limitation invokes 35 U.S.C. 112(f), claim 11 is interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
If Applicants wish to provide further explanation or dispute the Office’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If Applicants do not wish to have the claim limitation treated under 35 U.S.C. 112(f), Applicants may amend the claim so that it will clearly not invoke 35 U.S.C. 112 (f), or present a sufficient showing that the claim recites sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f).
For more information, see Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to 

2.	Claims 1-10 and 12-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mori et al. (US Pub No. 2020/0228496, hereinafter “Mori”) in view of Kim et al. (US Pub No. 2021/0092094, hereinafter “Kim”).

Regarding claim 1, Mori does disclose, a communication device that belongs to a communication network including a control device and a plurality of communication devices connected to the control device, and transmits a communication packet to a transmission destination communication device (Mori, (para. [0036]), a plurality of packet sending units 205), the communication device and the transmission destination communication device being differently one of the plurality of communication devices (Mori, (para. [0039]), each packet sending unit 205 is connected with an external apparatus such as a terminal or another transfer apparatus 101 through a line such as a metal cable or an optical cable and sends the packet received from the packet transfer unit 203 to the connected external apparatus), the communication device comprising: a memory that stores first information for judging a normality of the communication packet (Mori, (para. [0023] and figure 3), the whitelist 110 is a list of packet information 121 on the packets permitted to be transferred by the transfer apparatus 101); and processing circuitry configured to operate as: an analyzing unit configured to judge the normality of a received communication packet based on the received communication packet and the first information (Mori, (para. [0088, 0027]), the destination determination unit 232 in receipt of the packet searches the whitelist storage memory 231 to determine whether the header information and the control information of the received packet are included in the whitelist 110); a transmission destination determining unit configured to determine the transmission destination communication device and the control device as transmission destinations of the received communication packet, when the analyzing unit judges that the received communication packet is not normal (Mori, (para. [0073]), if the packet is not registered (i.e. not normal) in the whitelist 110, the destination determination unit 232 accesses the addition list storage memory 235 to determine whether the addition list 120 includes the MAC address included in the packet. If the addition list 120 includes the MAC address (i.e. destination), the operation in the case where the active configuration 602 of the record 604 is operation mode is performed); and a generating unit configured to [encrypt] the communication packet to be transmitted to the transmission destinations determined by the transmission destination determining unit (Mori, (para. [0073]), the destination determination unit 232 checks whether the packet received from the packet receiving unit 202 is registered in the whitelist 110 stored in the whitelist storage memory 231. If this packet is registered in the whitelist 110, the destination determination unit 232 performs packet transfer processing on the received packet).  
Mori does not explicitly disclose but the analogous art Kim discloses, encrypt the communication packet to be transmitted (Kim, (para. [0226]), a source node 2702 may transmit data packets 2710 to a gateway 2704. The source node may insert the application flow ID into the data packet to be transmitted by the application based on the application flow routing table received from the controller. It then may encrypt the packet (excluding the application flow ID) and transmit the packet to the gateway using the generated node flow).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Mori by including encrypt the communication packet to be transmitted taught by Kim for the advantage of securely and efficiently transmitting data packet between the source node and destination node via the application flow (Kim, (para. [0057])).
Claim limitation “an analysis unit”, “a transmission destination determination unit” have been interpreted under 35 U.S.C. 112(f).  A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) limitation: FIG. 2.  
Since this claim limitation invokes 35 U.S.C. 112(f), claim 1 is interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
If Applicants wish to provide further explanation or dispute the Office’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If Applicants do not wish to have the claim limitation treated under 35 U.S.C. 112(f), Applicants may amend the claim so that it will clearly not invoke 35 U.S.C. 112 
For more information, see Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Regarding claim 2, the combination of Mori-Kim does disclose the communication device according to claim 1, further comprising: a transmitting unit configured to transmit the communication packet encrypted by the generating unit, to the transmission destinations (Kim, (para. [0226]), It then may encrypt the packet and transmit the packet to the gateway using the generated node flow).  

Regarding claim 3, the combination of Mori-Kim does disclose the communication device according to claim 1, wherein the transmission destination determining unit determines the transmission destination communication device as a transmission destination of the communication packet, when the analyzing unit judges that the communication packet is normal (Mori, (para. [0027]), upon receipt of a packet, the transfer apparatus 101 checks the whitelist 110 for the packet information 121 on the received packet. If the packet information 121 on this packet is registered in the whitelist 110, the transfer apparatus 101 transfers the packet to the destination registered in the transfer table 130).  

Regarding claim 4, the combination of Mori-Kim does disclose the communication device according to claim 1, wherein the first information is packet information of communication packets of which communication is allowed (Mori, (para. [0031] and figure 3), the packet information 121 on the packets having a source or a destination of the terminal 102, 103, or 104 is registered in the whitelist 110).  

Regarding claim 5, the combination of Mori-Kim does disclose the communication device according to claim 4, wherein the analyzing unit judges that the communication packet is not normal when a packet information of the communication packet does not match the packet information of the first information (Mori, (para. [0073]), if the packet is not registered (i.e. not normal) in the whitelist 110, the destination determination unit 232 accesses the addition list storage memory 235 to determine whether the addition list 120 includes the MAC address included in the packet).  

Regarding claim 6, the combination of Mori-Kim does disclose the communication device according to claim 5, wherein the analyzing unit judges that the communication packet is normal when the packet information of the communication packet matches the packet information of the first information (Mori, (para. [0027]), upon receipt of a packet, the transfer apparatus 101 checks the whitelist 110 for the packet information 121 on the received packet. If the packet information 121 on this packet is registered in the whitelist 110, the transfer apparatus 101 transfers the packet to the destination registered in the transfer table 130).  

Regarding claim 7, the combination of Mori-Kim does disclose the communication device according to claim 1, wherein the memory further stores a group key to be shared by the control device and the transmission destination communication device (Kim, (para. [0111]), the perimeter controller upon receiving the initiation of the security code process can generate a security code for the creation of the node flow. The information included in this security code may include any of a node flow identifier, a gateway IP (address of the gateway that will be between the source and destination node), a port number, and appropriate encryption keys or predefined shared keys), and the generating unit performs encryption using the group key (Kim, (para. [0118]), encrypt the packet using the keys provided).  

Regarding claim 8, the combination of Mori-Kim does disclose the communication device according to claim 1, wherein the communication network further comprises a plurality of control devices and a plurality of analysis devices respectively connected to each of the plurality of control devices, and the transmission destination determining unit determines any of the plurality of control devices as the transmission destination (Kim, (para. [0059] and figures 1, 15), a network security system may include a first defined perimeter (perimeter A 110) and a second defined perimeter (perimeter B 120). Each defined perimeter can include one or more devices 112a-b (e.g., user devices, servers, internet of things (IoT) devices). The defined perimeters (e.g., perimeter A 110 and perimeter B 120) may transmit trusted data (e.g., trusted data 114) between the defined perimeters on a trusted flow 116 created between defined perimeters).  

Regarding claim 9, the combination of Mori-Kim does disclose the communication device according to claim 8, wherein the transmission destination determining unit, when a type of a communication protocol used by the communication packet is a control system protocol (Mori, (para. [0044]), the transfer table memory 233 can be a CAM or a DRAM; it stores correspondence information between header information (for example, a MAC address, an IP address, and a protocol) of a packet and the destination of the packet or a packet sending unit 205), determines a control device connected to an analysis device which is appropriate for analysis of the control system protocol as the transmission destination, and when the type of the communication protocol is an information system protocol, determines a control device connected to an analysis device which is appropriate for analysis of the information system protocol as the transmission destination (Mori, (para. [0048]), where the destination determination unit 232 receives a packet during a whitelist generation mode, the destination determination unit 232 extracts predetermined header information (for example, the MAC address, the IP address, the protocol, and the port number) and predetermined control information (for example, the packet receiving unit number and the VLAN number) from the received packet and forwards them to the S/W controller 204. The destination determination unit 232 determines whether to pursue the communication utilizing the whitelist 110 in accordance with the configuration of the transfer configuration memory 234).  

Regarding claim 10, the combination of Mori-Kim does disclose the communication device according to claim 1, wherein the communication device becomes a transmission destination communication device, when the communication device receives a communication packet from another communication device included in the plurality of communication devices (Mori, (para. [0027]), upon receipt of a packet, the transfer apparatus 101 checks the whitelist 110 for the packet information 121 on the received packet. If the packet information 121 on this packet is registered in the whitelist 110, the transfer apparatus 101 transfers the packet to the destination registered in the transfer table 130).  

Regarding claim 12, Mori does disclose, the communication device according to claim 11, wherein the memory further stores second information for judging whether or not the communication packet is suspected to be unauthorized, and the analyzing unit judges whether or not the communication packet is suspected to be unauthorized based on the communication packet and the second information, when it is judged that the communication packet is normal (Mori, (para. [0010]), a generation unit configured to generate specific reliable information indicating that communication between the destination address and the source address included in the data is authorized and register the generated specific reliable information to the whitelist in a case where the check unit confirms within the valid period that either address is the specific address), 
Mori does not explicitly disclose but the analogous art Kim discloses, a transmission destination determining unit configured to determine the transmission destination Kim, (para. [0117]), a fluid gateway 912 may transmit a destination node tunnel process 918b to a destination node 908. The gateway may create an encrypted tunnel to the destination node. The encrypted tunnel may facilitate communication between the source node, the gateway, and the destination node. Using this process, only the authorized applications can send data through the node flow to the target gateway, and unauthorized applications may be prevented by the security application to send the packet to the target gateway); and a generating unit configured to encrypt the communication packet to be transmitted to the transmission destinations (Kim, (para. [0226]), a source node 2702 may transmit data packets 2710 to a gateway 2704. The source node may insert the application flow ID into the data packet to be transmitted by the application based on the application flow routing table received from the controller. It then may encrypt the packet (excluding the application flow ID) and transmit the packet to the gateway using the generated node flow).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Mori by including encrypt the communication packet to be transmitted taught by Kim for the advantage of securely and efficiently transmitting data packet between the source node and destination node via the application flow (Kim, (para. [0057])).
  
Regarding claim 13, the substance of the claimed invention is similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.

Regarding claim 14, the substance of the claimed invention is similar to that of claim 3. Accordingly, this claim is rejected under the same rationale.
 
Regarding claim 15, the combination of Mori-Kim does disclose the communication device according to claim 12, wherein the second information is information included in communication packets which have been previously judged as unauthorized communication (Kim, (para. [0117]), the encrypted tunnel may facilitate communication between the source node, the gateway, and the destination node. Using this process, only the authorized applications can send data through the node flow to the target gateway, and unauthorized applications may be prevented by the security application to send the packet to the target gateway).  

Regarding claim 16, Mori discloses an information processing system comprising: a control device; and a communication device that belongs to a communication network including the control device and a plurality of communication devices connected to the control device (Mori, (para. [0036]), a plurality of packet sending units 205), and transmits a communication packet to a transmission destination communication device, the communication device and the transmission destination communication device being differently one of the plurality of communication devices (Mori, (para. [0039]), each packet sending unit 205 is connected with an external apparatus such as a terminal or another transfer apparatus 101 through a line such as a metal cable or an optical cable and sends the packet received from the packet transfer unit 203 to the connected external apparatus), wherein the communication device comprises a memory that stores first information for judging a normality of the communication packet (Mori, (para. [0023] and figure 3), the whitelist 110 is a list of packet information 121 on the packets permitted to be transferred by the transfer apparatus 101), processing circuitry configured to operate as an analyzing unit configured to judge the normality of a received communication packet based on the received communication packet and the first information (Mori, (para. [0088, 0027]), the destination determination unit 232 in receipt of the packet searches the whitelist storage memory 231 to determine whether the header information and the control information of the received packet are included in the whitelist 110), a transmission destination determining unit configured to determine the transmission destination communication device and the control device as transmission destinations of the received communication packet, when the analyzing unit judges that the received communication packet is not normal (Mori, (para. [0073]), if the packet is not registered (i.e. not normal) in the whitelist 110, the destination determination unit 232 accesses the addition list storage memory 235 to determine whether the addition list 120 includes the MAC address included in the packet. If the addition list 120 includes the MAC address (i.e. destination), the operation in the case where the active configuration 602 of the record 604 is operation mode is performed), generating unit configured to [encrypt] the communication packet to be transmitted to the transmission destinations determined encrypted] by the generating unit, to the transmission destinations, wherein the control device comprises an [encrypted] communication receiving unit configured to receive the communication packet transmitted by the transmitting unit (Mori, (para. [0073]), the destination determination unit 232 checks whether the packet received from the packet receiving unit 202 is registered in the whitelist 110 stored in the whitelist storage memory 231. If this packet is registered in the whitelist 110, the destination determination unit 232 performs packet transfer processing on the received packet).  
Mori does not explicitly disclose but the analogous art Kim discloses, encrypt the communication packet to be transmitted (Kim, (para. [0226]), a source node 2702 may transmit data packets 2710 to a gateway 2704. The source node may insert the application flow ID into the data packet to be transmitted by the application based on the application flow routing table received from the controller. It then may encrypt the packet (excluding the application flow ID) and transmit the packet to the gateway using the generated node flow), and 
a plain text communication generating unit configured to decrypt the communication packet received by the encrypted communication receiving unit (Kim, (para. [0122]), the gateway may perform decryption of the packet and forward the packet as plain text to the destination node).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Mori by including 
Claim limitation “an analysis unit”, “a transmission destination determination unit” have been interpreted under 35 U.S.C. 112(f).  A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) limitation: FIG. 2.  
Since this claim limitation invokes 35 U.S.C. 112(f), claim 16 is interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
If Applicants wish to provide further explanation or dispute the Office’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If Applicants do not wish to have the claim limitation treated under 35 U.S.C. 112(f), Applicants may amend the claim so that it will clearly not invoke 35 U.S.C. 112 (f), or present a sufficient showing that the claim recites sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f).
For more information, see Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).


Regarding claim 17, the combination of Mori-Kim does disclose the information processing system according to claim 16, further comprising: an analysis device connected to the control device, wherein the control device further comprises a plain text communication analysis requesting unit configured to transmit the communication packet decrypted by the plain text communication generating unit, to the analysis device (Kim, (para. [0122]), the gateway may perform decryption of the packet and forward the packet as plain text to the destination node).  

Regarding claim 18, the combination of Mori-Kim does disclose the information processing system according to claim 17, wherein the analysis device comprises a plain text communication receiving unit configured to receive the communication packet transmitted by the plain text communication analysis requesting unit, a plain text communication analyzing unit configured to analyze the communication packet received by the plain text communication receiving unit, and an analysis result transmitting unit configured to transmit an analysis result of the communication packet analyzed by the plain text communication analyzing unit, to the control device (Kim, (para. [0122]), the gateway may perform decryption of the packet and forward the packet as plain text to the destination node; (para. [0186]), each node and gateway may receive application flow routing table information that includes information about what to do with the flow, such as to encrypt, decrypt, or forward the data packet according to the information contained in the application flow routing table).  

Regarding claim 19, the combination of Mori-Kim does disclose the information processing system according to claim 18, wherein the control device further comprises an analysis result notifying unit configured to receive the analysis result transmitted by the analysis result transmitting unit, and notify the analysis result via a display device (Kim, (para. [0252]), based on the information registered in the controller in advance, a gateway 3002 may notify the controller 3006 using a gateway shutdown message 3010 indicating that the gateway is shutting down and should be removed from all network node; (para. [0276-0277]), display).  

Regarding claim 20, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI	whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST.    If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeffrey L. Nickerson can be reach on (469) 295-9235. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more 

/MORSHED MEHEDI/Primary Examiner, Art Unit 2432