DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This Action is in response to applicant’s amendment filed on 01/25/2022.
2.	Claims 1 and 12 are amended.
3.	Claims 1-18 are pending.

Response to Arguments
4.	Applicant’s arguments and amendments filed on 01/25/2022 have been carefully considered but they are not deemed fully persuasive.  
5.	       Applicant’s arguments include “according to the present invention, data inspection is commonly conducted no matter how many network connection ports are included in the network fire switch. In contrast, as shown in Marshall's FIG. 1, each virtual machine 107a-d requires an ONM VM Communication Manager 109a-d to specifically work with for data transmission analysis” [see Applicant’s Response, page 8].  
Examiner respectfully disagrees.
It is evident from the mappings found in the rejection below that Marshall shows at paragraph [0026] “The Communication Manager module 150 that manages communications for the associated computing systems 155a-155n can have various forms, such as, for example, a proxy computing device, firewall device, or networking device (e.g., a switch, router, hub, etc.) through which communications to and from the 

Applicant has not provided no specific arguments regarding claims 2-11 and 13-19, therefore  applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. Therefore the rejection of the claims is maintained and newly added limitations if any has been addressed in the rejection rendered. Furthermore Applicant's lack of arguments regarding claims 2-11 and 13-19 do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections. Examiner notes that 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



6.	Claims 1-19 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Marshall et al., (USPUB# 2014/0047503 A1) hereinafter Marshall.

7.	Regarding claim 1, Marshall disclosed an internal network monitoring method for use with a network fire switch for monitoring an internal network, the network fire switch including a plurality of network connection ports (see [0026] shows “The Communication Manager module 150 that manages communications for the associated computing systems 155a-155n can have various forms, such as, for example, a proxy computing device, firewall device, or networking device (e.g., a switch, router, hub, etc.) through which communications to and from the physical computing systems travel.”), the method comprising: 
inspecting a specified network packet received from a designated one of the plurality of network connection ports scheduled to be transmitted via a specified path (see para. [0019], [0100], [0108] show packet inspection and [0096] “DLP policies may establish that the network data transmission analysis system 816 analyze network packets based, at least in part, on any of a source IP address, destination IP address, source MAC address, destination MAC address, communication protocol, Ethernet type, VLAN identifier, source port, destination port, etc.”); 
extracting a packet characteristic from a data link layer of the specified network packet (see para. [0019], [0033], [0100] and [0108] show extracting data for analysis against DLP policy); 
to the another one of the plurality of network connection ports via the specified path if the packet characteristic does not comply with a preset condition; and redirecting the specified network packet to be transmitted via another path different from the specified path or mirroring the specified network packet to create a mirror packet if the packet characteristic complies with the preset condition (see para. [0019], [0033], [0090], [0100], [0104] and [0108] show extracting data for analysis against DLP policy, creating a “copy” of the packet via port mirroring and redirecting for further analysis based on the analysis or forwarding based on the analysis).

Claim 12 recites A internal networking monitoring system that further includes limitations that are substantially similar to claim 1. Marshall disclosed A internal networking monitoring system (see Fig.1 and associated texts). As such, is rejected under the same rationale as above.

8.	Regarding claims 2 and 13, Marshall disclosed the method according to claim 1, wherein the specified network packet is transmitted via the specified path while the mirror packet is created (see para. [0090]). 

9.	Regarding claim 3, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a network address of a source device initiating the specified network packet, and the preset condition is that the source device is new to the internal network within a specified period of time (see para. [0027], [0085] and [0092-0096]).

10.	Regarding claim 4, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a network address of a source device initiating the specified network packet, and the preset condition is that a count of different destination network addresses that the source device visits within a specified duration reaches a threshold. (see para. [0080-0081], [0085] and [0092-0096]).

11.	Regarding claim 5, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a network address of a source device initiating the specified network packet, and the preset condition is that a count of different communication interfaces that the source device visits within a specified duration reaches a threshold (see para. [0085], [0092-0096], [0105] and [0110-0115]).

12.	Regarding claim 6, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a destination network address that the specified network packet is to be transmitted to, and the preset condition is that a count of network packets to be transmitted from the source device to the destination network address reaches a preset value (see para. [0085], [0092-0096], [0105] and [0110-0115]).

13.	Regarding claim 7, Marshall disclosed the method according to claim 1, wherein the packet characteristic includes a destination network address that the specified network packet is to be transmitted to, and the preset condition is that a traffic between 

14.	Regarding claim 8, Marshall disclosed the method according to claim 1, further comprising: providing at least one bait device to camouflage an internal network device, and assigning a network address to each of the at least one bait device; and when a destination network address that the specified network packet is to be transmitted to is the network address of the at least one bait device, increasing a count of network packets to be transmitted from the source device to the destination network address (see para. [0019], [0033], [0100] and [0108]).

15.	Regarding claim 9, Marshall disclosed the method according to claim 8, wherein the at least one bait device is implemented with a virtual device or a container (see para. [0094] and [0110-0115]).


16.	Regarding claim 10, Marshall disclosed The method according to claim 8, wherein the at least one bait device includes a deeply inspecting module for analyzing network packets to be transmitted from the source device to the destination network address, which is the network address of the at least one bait device (see para. [0019], [0033], [0090], [0100], [0104] and [0108]).



18.	Regarding claim 14, Marshall disclosed the system according to claim 12, further comprising a network repeater, which includes a second network connection port in communication with the first internal network, and a plurality of third network connection ports, each in communication with a second internal network, wherein the specified network packet, if being received from the second internal network via one of the third network connection ports, is transmitted to the first internal network via the second network connection port without being transmitted via the other ones of the third network connection ports (see para. [0019], [0033], [0090], [0100], [0104] and [0110-0115]).

19.	Regarding claim 15, Marshall disclosed the system according to claim 12, wherein the network fire switch includes: a monitoring device electrically coupled to the first network connection port, inspecting the specified network packet, extracting the packet characteristic; directly transmitting the specified network packet via the specified path if the packet characteristic does not comply with the preset condition; and redirecting the specified network packet to be transmitted via the another path if the 

20.	Regarding claim 16, Marshall disclosed The system according to claim 12, wherein the network fire switch includes: a monitoring device electrically coupled to the first network connection port, inspecting the specified network packet, extracting the packet characteristic; directly transmitting the specified network packet via the specified path if the packet characteristic does not comply with the preset condition; and mirroring the specified network packet to create the mirror packet if the packet characteristic complies with the preset condition; and a firewall device electrically coupled to the specified path for receiving the mirror packet, determining whether the mirror packet complies with a preset rule or not, and issuing an alarm signal, restricting a transmission rate via the specified path and/or interrupting the specified path if the specified network packet complies with the preset rule (see para. [0019], [0033], [0090], [0100], [0104] and [0110-0115]).

21.	Regarding claim 17, Marshall disclosed The system according to claim 16, wherein the network fire switch further includes at least one bait device, which camouflages an internal network device and is assigned with a network address, and 

22.	Regarding claim 18, Marshall disclosed The system according to claim 15, wherein the network fire switch further includes at least one bait device, which camouflages an internal network device and is assigned with a network address, and the monitoring device records the network address of the at least one bait device, and determines that the specified network packet complies with the preset condition if a count of network packets to be transmitted from a source device initiating the specified network packet to a destination network address, which is the network address of the at least one bait device, reaches a threshold (see para. [0019], [0033], [0090], [0100], [0104] and [0110-0115]).

Conclusion
Relevant Prior Art Not Relied Upon
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure. The additional cited art, including but not limited to the excerpts below, further establishes the state of the art at the time of Applicant’s invention and shows the following was known:
A system and method are provided to monitor and prevent potential enterprise policy and/or rule violations by subscribers (Kennedy ‘196)
a system and method for using agent-based distributed case-based reasoning to manage a computer network. In particular, the system includes interface agents, distributed case-based reasoning agents, and response agents, which run on hosts in the network. An interface agent monitors a resource in the network and reports an event to an appropriate distributed case-based reasoning agent. The distributed case-based reasoning agent, using one or more case bases, determines a response to the event. An appropriate response agent implements the response. (Musman ‘501)
A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps. Exposing threats and intrusions within packet payload at or near real-time rates enhances network security from both external and internal sources while ensuring security policy is rigorously applied to data and system resources. Intrusion Detection and Protection (IDP) is provided by a flow processing facility that processes a data flow to address patterns relevant to a variety of types of network and data integrity threats that relate to computer systems, including computer networks. (Kapoor et al. ‘540)

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVOUD ZAND whose telephone number is (571)272-2697, Fax (571) 273-2697.  The examiner can normally be reached on Mon-Fri 9:30-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
/DAVOUD A ZAND/Primary Examiner, Art Unit 2443