01/13/2022DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/13/2022 has been entered.
 
Specification
Applicant is reminded of the proper content of an abstract of the disclosure.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the 
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.


Response to Arguments
Applicant’s arguments with respect to claim(s) 31-60 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 52 is rejected under 35 U.S.C. 103 as being unpatentable over Hidle, (US Publication No. 2009/0113202), and further in view of Eren et al., (US Publication No. 2019/0109864), hereinafter “Eren”.

Regarding claim 52, Hidle disclose
a product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having a kernel loadable module embodied therein, the kernel loadable module executable by a first computing device to perform communication management operations in a kernel of Hidle, Abstract, paragraphs 4, 45, figures 2, 3], the communication management operations comprising: 
i) a first port assigned to a first user-application, the first port hosted by the first computing device, the data packet comprising a payload and a second port number [Hidle, Abstract, paragraphs 14, 21, 22, 44, 45, figures 2, 3, when two end point devices are communicating… they exchange a sequence of handshake packets to establish authenticity using codes.. the two end point devices verify encryption keys]; 
iii) transmitting a data packet comprising the payload to the second computing device via a communication pathway [Hidle, Abstract, paragraphs 14, 21, 22, 44, 45, figures 2, 3].

Hidle does not specifically disclose
intercepting a data packet;
ii) passing the second 

However, Eren teaches 
intercepting a data packet [Eren, paragraph 19, intercepts network traffic] and verifying and allowing secure communication between device ports [Eren, paragraph 19, intercepts network traffic and verifies if access to requested website is authorized or unauthorized].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to intercept communication between devices in order to ensure that the communication to an internal network was secure and authorized.

Claims 31-35, 39-41, 43-55, 59 and 60 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al., (US Publication No.2012/0099425), hereinafter “Wang”, and further in view of Eren and further in view of Kadyk et al., (US Publication No. 2002/0157019), hereinafter “Kadyk”.

Regarding claim 31, Wang discloses
a product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having a kernel loadable module embodied therein, the kernel loadable module executable by a first computing device to perform communication management operations in a kernel of the first computing device [Wang, Abstract], the communication management operations comprising: 
i) the first port hosted by the first computing device, the request comprising a second port number [Wang, paragraphs 41, 53, figure 3, the second network device is connected to the first electronic device (via ports on each network device)]; 

Wang does not specifically disclose
i) intercepting a network connection request from a first port assigned to a first user- application;
ii) verifying on the first computing device that the first user-application is specifically authorized to communicate with a second port on a second computing device, the second port number assigned to the second port; 
iii) receiving a nonpublic second identification code from the second computing device; 
iv) passing the nonpublic second identification code to a first network security software, the first network security software cooperatively configured with the kernel loadable module to compare the nonpublic second identification code with a pre-established value for the second computing device; 
v) further receiving a second application identifier for a second user-application from the second computing device; and 
vi) further passing the second application identifier to a second network security software, the second network security software cooperatively configured with the kernel loadable module to compare the second application identifier with a pre-established value for the second user-application.

However, Eren teaches 
verifying on the first computing device [Eren, paragraph 19, intercepts network traffic and verifies if access to requested website is authorized or unauthorized].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to intercept communication between devices in order to ensure that the communication to an internal network was secure and authorized.


Further, Kadyk teaches
intercepting a secure connection request at the proxy [Kadyk, paragraphs 33-35, figures 4, 5], verifying the connection is valid and authenticated [Kadyk, paragraphs 33-35, figures 4, 5, paragraphs 53, 54], receiving nonpublic identification code [Kadyk, paragraphs 33-35, figures 4, 5, paragraphs 53, 54], verifying the user authentication and Kadyk, paragraphs 33-35, figures 4, 5, paragraphs 53-58].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use a proxy to intercept a connection request from a client to a server in order to authenticate the client to the server and verify the server is the device the client is authorized to access. Each client is authenticated to the various servers in order to provide security for both the clients and servers.

Regarding claim 32, Wang-Eren-Kadyk further discloses
wherein the nonpublic second identification code is passed and/or the second application identifier is further passed via an application-to-kernel program interface [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 33, Wang-Eren-Kadyk further discloses
wherein the kernel loadable module is not open source [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to not use open source code in order to protect the security of the communications.

Regarding claim 34, Wang-Eren-Kadyk further discloses
wherein the kernel loadable module is not subject to a copyleft license [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 35, Wang-Eren-Kadyk further discloses
wherein the kernel loadable module is configured to be loaded by an operating system [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 39, Wang-Eren-Kadyk further discloses
wherein the kernel loadable module is invoked by at least one modified kernel function [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 40, Wang-Eren-Kadyk further discloses
wherein the modified kernel function is selected from a bind() function, a connect() function, a listen() function, a UDP sendto() function, a UDP bindto() function, and a close() function [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections in order to send packets].

Regarding claim 41, Wang-Eren-Kadyk further discloses
i) receiving a data type identification code from the second computing device [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections]; and 
ii) passing the data type identification code to a third network security software, the third network security software cooperatively configured with the kernel loadable software to compare the data type identification code with a pre-established data type value [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 43, Wang-Eren-Kadyk further discloses
wherein the product further comprises the first network security software, the second network security software, and the third network security software [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections using multiple security software instances].

Regarding claim 44, Wang-Eren-Kadyk further discloses
Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections using multiple security software instances].

Regarding claim 45, Wang-Eren-Kadyk further discloses
wherein the comparing the nonpublic second identification code, the comparing the second application identifier, and the comparing the received data type identification code are performed prior to any communication of application data between the first user-application and the second user-application [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64].

Regarding claim 46, Wang-Eren-Kadyk further discloses
i) receiving a data packet from the first port, the data packet comprising a payload and the second port number [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64]; and 
ii) passing the payload to an assembly software, the assembly software cooperatively configured with the kernel loadable module to assemble a packet segment for the received data packet, the packet segment comprising the payload, an identifier for the Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64].

Regarding claim 47, Wang-Eren-Kadyk further discloses
i) intercepting a network connection request from the second port, the request comprising the first port number [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64]; and 
ii) verifying that the first port is specifically authorized to receive packet data from the second port, the first port number assigned to the first port [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64].

Regarding claim 48, Wang-Eren-Kadyk further discloses
i) receiving a network packet via the communication pathway, the network packet comprising the first port number, data from the second user-application, the second application identifier, and the data type identifier [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64]; and 
ii) passing the second application identifier and the data type identification code to a third network security software, the third network security software cooperatively configured with the kernel loadable module to compare the second application identifier and the data type identification code with further pre-established values identified based on the first port number [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64].

Regarding claim 49, Wang-Eren-Kadyk further discloses
passing the nonpublic second identification code to a decryption software, the decryption software cooperatively configured with the kernel loadable module to decrypt the nonpublic second identification code with a single-use cryptographic key [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64].

Regarding claim 50, Wang-Eren-Kadyk further discloses
passing data received from the second user-application to translation software, the translation software cooperatively configured with the kernel loadable module to translate the data from the second user-application to a format expected by the first user-application [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64].

Regarding claim 51, Wang-Eren-Kadyk further discloses
wherein the translation software is configured to translate the from a pre-established format, the pre-established format determined from the data type identification code [Kadyk, paragraphs 33-35, figures 4 and 5, and paragraphs 53-64].

Regarding claim 52, Wang-Eren-Kadyk further discloses
a product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having a kernel loadable module embodied therein, the kernel loadable module executable by a first computing device to perform communication management operations in a kernel of the first computing device, the communication management operations comprising: 
Wang, paragraphs 41, 53, figure 3, packet is determines destination path and port, determines destination path data]; 
ii) passing the second port number to a first network security software, the first network security software cooperatively configured with the kernel loadable module to compare the second port number with a pre-established value for a second port on a second computing device [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs 53-64, multiple servers or clients making connections]; and 
iii) transmitting a data packet comprising the payload to the second computing device via a communication pathway [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs 53-64, multiple servers or clients making connections].

Regarding claim 53, Wang-Eren-Kadyk further discloses
wherein the kernel loadable module is not open source [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 54, Wang-Eren-Kadyk further discloses
Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 55, Wang-Eren-Kadyk further discloses
wherein the kernel loadable module is configured to be loaded by an operating system [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 59, Wang-Eren-Kadyk further discloses
wherein the kernel loadable module is invoked by at least one modified kernel function [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Regarding claim 60, Wang-Eren-Kadyk further discloses
wherein the modified kernel function is selected from a bind() function, a connect() function, a listen() function, a UDP sendto() function, a UDP bindto() function, and a close() function [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs  53-64, multiple servers or clients making connections].

Claims 36 and 56 are rejected under 35 U.S.C. 103 as being unpatentable over Wang-Eren-Kadyk as applied to claims 31 and 52 above, and further in view of Owen et al., (US Publication No. 2004/0088704), hereinafter “Owen”.

Regarding claims 36 and 56, Wang-Eren-Kadyk does not specifically disclose
wherein the kernel loadable module is configured to be dynamically linked to an operating system.

However, Owen teaches dynamically linking a section of code to the OS [Owen, paragraph 51].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to dynamically link code to the OS in order to reduce memory space.

Claims 37 and 57 are rejected under 35 U.S.C. 103 as being unpatentable over Wang-Eren-Kadyk as applied to claims 31 and 52 above, and further in view of Kadam, (US Publication No. 2003/0065970).

Regarding claims 37 and 57, Wang-Eren-Kadyk does not specifically disclose
wherein the kernel loadable module is configured to be statically linked to an operating system.
However, Kadam teaches linking the application statically [Kadam, paragraph 20].
paragraph 51].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to statically like the application to the OS in order to load files when running the application.

Claims 38, 42 and 58 are rejected under 35 U.S.C. 103 as being unpatentable over Wang-Eren-Kadyk as applied to claims 31 and 52 above, and further in view of Sim et al., (US Publication No. 2002/0133491), hereinafter “Sim”.

Regarding claims 38 and 58, Wang-Eren-Kadyk does not specifically disclose
wherein the kernel loadable module is configured to be loaded by a kernel-to-kernel program interface.
However, Sim teaches a kernel interface [Sim, paragraphs 260, 281]. 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide an interface for use while loading modules and files.

Regarding claim 42, Wang-Eren-Kadyk-Sim further discloses
wherein the nonpublic second identification code is passed, the second application identifier is further passed, and/or the data type identification code is passed [Kadyk, paragraphs 33-35, request for connection, proxy authenticates client, creating a SSL connection between ports, see also figures 4 and 5, and paragraphs related to figures, multiple servers or clients making connections] via an application-to-kernel program interface [Sim, paragraphs 260 and 281].

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433