DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, filed 11/17/2021, have been fully considered and are persuasive; however, Examiner maintains the prior art, Essinger, regarding the limitation, “wherein the input/output device is configured to display, via the user interface, a notification of the received network packet”. Applicant argues that the prior art, Essinger, never states that the LCD panel displays notifications. Examiner disagrees and maintains that the prior art, Essinger, discloses this limitation in Para. 0288, where the network monitoring and control device enters information into the device by way of touch-screen data input operations enabling display of information on the LCD panel and the entering of information into the device by way of touch-screen data input operations.  It is obvious that the LCD panel, which displays information, such as notification, from the network monitoring and control device.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 6-7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Essinger (US 20100177660) in view of An (US 20140348170).
As per claim 1, Essinger discloses an appliance, comprising: 
Essinger, Para. 0178, a housing made of plastic or other suitable material; a multi-layer PCB contained in the housing; an electrical wall plug integrated with the housing and having electrical prongs for plugging into a standard electrical wall socket; LED indicators integrated with the housing, for indicating the status of operation of the network coordinator device;);
 a network security device deployed within the housing, coupled to a first network and a second network (Essinger, Fig. 1, A2 discloses 2 different network are connected through wireless communication; Also, Para. 0288, the network monitoring and control device comprises: a controller chipset including a microprocessor, flash memory for monitoring device firmware storage, program memory, and a GPIO submodule interfaced via a system bus; a RF module, including an IEEE 802.15.4 modem transceiver, and an impedance matching network connected to an RF antenna structure; an Ethernet interface module having a connector integrated with the housing; a WIFI module including an antenna structure mounted within the housing); and 
an input/output device deployed on a surface of the housing, the input/output device providing a user interface of the network security device (Essinger, Para. 0087, microprocessor in the remote network management computer system is capable of (i) receiving and transmitting data packets over the wireless free-space communication medium (between the RF antennas 24A, 25B of network interface; Also, Para. 0288, an Ethernet interface module having a connector integrated with the housing; a WIFI module including an antenna structure mounted within the housing; a keyboard input device integrated with the housing, or the touch-screen LCD panel; a magnetic strip-reader integrated with the housing);
Essinger, Para. 0288, a keyboard input device integrated with the housing, or the touch-screen LCD panel; a magnetic strip-reader integrated with the housing. Examiner interprets that the keyboard and the touch screen LCD panel is able to disclose the notification of the received packets and any other information displayed on the screen); and
Essinger does not disclose; however, An discloses wherein the network security device is configured, responsive to receipt of a network packet from an unrecognized device, to store the network packet in a memory of the network security device (An, Fig 5. Para. 0046-0048, receiving a packet and obtaining a source address and/or a destination address from the packet. If the source address is not known, then process 500 may include storing the unknown source address...). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and An in receiving traffic and determining that the traffic includes source addressed and/or destination addresses that are not stored by the nodes.
As per claim 2, Essinger does not disclose; however, An discloses the appliance of claim 1, wherein the network security device is configured to transmit a notification to a computing device, responsive to receipt of the network packet from the unrecognized device (An, Para. 0024, Node 110 may perform a destination address learning operation by retrieving an indication(notification), from another hub node 110 (e.g., hub node 110-N), that the unknown destination address is stored by the other hub node 110. The unknown destination address may be obtained from a packet received from host; Also, Para. 0072, process 700 may include communicating with the tandem node to establish the tunnel (block 730) and/or transmitting the packet to the tandem node via the tunnel (block 735). For example, node 110-1 may send a notification, to tandem node 110, that indicates that an overview condition exists with respect to node 110-1 and that a tunnel is to be established, based on a predetermined protocol (e.g., such as Ethernet-over-IP, GRE, and/or some other protocol), via which node 110-1 may publish the unknown source address and/or the unknown destination address. ). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and An in receiving traffic and determining that the traffic includes source addressed and/or destination addresses that are not stored by the nodes.
As per claim 6, Essinger discloses the appliance of claim 1, wherein the input/output device is a multi-touch screen display (Essinger, Para. 0288, touch-screen LCD panel, for enabling display of information on the LCD panel and the entering of information into the device by way of touch-screen data input operations). 
As per claim 7, Essinger discloses the appliance of claim 1, further comprising a first network interface coupled to the first network and a second network interface coupled to the second network (Essinger, Para. 0288, hard/soft keypad input/selection buttons integrated with the housing, for entering commands and specific kinds of data into the device; Para. 0296, an Ethernet module interfaced to the second GPIO module and output Ethernet connector). 
As per claim 15, Essinger discloses the appliance of claim 1, further comprising: 
a processor (Essinger, Para. 0288, microprocessor);
Essinger, Para. 0288, memory); and 
a network interface (Essinger, Para. 0288). 
Claims 3-4 are rejected under 35 U.S.C. 103 as being unpatentable over Essinger (US 20100177660) in view of An (US 20140348170) in view of Mitomo (US 20050091513). Essinger and Mitomo are cited in the IDS filed 5/1/2020.
As per claim 3, Essinger and An do not disclose; however, Mitomo discloses the appliance of claim 1, wherein the input/output device is configured to detect an interaction with the user interface indicating to authorize the unrecognized device (Mitomo, Para. 0053, in such an unauthorized access detection device, when a packet is sent over the network, the key data extractor obtains this packet and extracts key data. Then the ongoing scenario detector retrieves an ongoing scenario from the ongoing scenario memory with the key data, which is extracted by the key data extractor, as search keys. Then the check unit checks whether the execution of the process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detector follows an unauthorized access scenario being stored in the unauthorized access scenario memory). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and An with Mitomo in order to determine whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit.
As per claim 4, Essinger and An do not disclose; however, Mitomo discloses the appliance of claim 3, wherein the network security device is configured, responsive to detection of the interaction, to retrieve the network packet from the memory of the network (Mitomo, Para. 0053, in such an unauthorized access detection device, when a packet is sent over the network, the key data extractor obtains this packet and extracts key data. Then the ongoing scenario detector retrieves an ongoing scenario from the ongoing scenario memory with the key data, which is extracted by the key data extractor, as search keys. Then the check unit checks whether the execution of the process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detector follows an unauthorized access scenario being stored in the unauthorized access scenario memory. When the check result of the check unit shows that the execution follows the unauthorized access scenario, the ongoing scenario update unit if updates the ongoing scenario being stored in the ongoing scenario memory. In addition, the report output unit outputs an unauthorized access report indicating the progress of processes executed based on the unauthorized access scenario, depending on the check result of the check unit). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and An with Mitomo in order to determine whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit.
Claim 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Essinger (US 20100177660) in view of An (US 20140348170) in view of Lee (US 6,493,752). 
As per claim 5, Essinger and An do not disclose; however, Lee discloses the appliance of claim 2, wherein the network security device is configured, responsive to an absence of a detection of an interaction with the user interface, to discard the network (Lee, Col. 6, lines 25-30, the software program can be configured to operate the security device and the screen according to the some of the following illustrative parameters and instructions. For example, a policy for the security device regarding a default disposition of packets (sometimes referred to as a "stance") is set. The stance protects against attacks based on new, unfamiliar, or obscure transmissions/receptions. The stance dictates what the security device 100 will do with any given packet in the absence of explicit instructions. A common stance is to discard or refuse to pass all packets that are not explicitly allowed, often stated as "that which is not explicitly allowed is denied." A less-secure stance that can also be implemented is stated as "what is not denied is allowed."). 
Therefore it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and An and Lee in order to provide a display screen for a network security device. The screen includes representations of a source and a destination having respective source and destination indicators, such as LEDs. The source indicator is operable to indicate whether the source is authorized or unauthorized. The destination indicator is also operable to indicate whether the destination is authorized or unauthorized to receive the packet.
As per claim 14, Essinger and An do not disclose; however, Lee discloses appliance of claim 8, wherein the predetermined filter comprises one or more of a source address, destination address, protocol, payload size, or frequency of packet reception (Lee, Col. 7, lines 55-67; Col. 8, lines 13-30, If a packet is received by the security device, the software program and/or the microprocessor analyzes the packet using packet filtering methods to determine if the packet is coming from an authorized source. For instance, the software program checks if an IP address of the packet is that of a remote user in the external network that has been placed on the blocked site list. Another determination that can be made is whether the packet itself is authorized, as determined by an application-level proxy program that examines the content of the packet. If the source and/or the packet are not authorized, then the software program causes to be illuminated in red a source indicator (e.g., the indicator associated with the "EXTERNAL" label). The source indicator can stay illuminated for a period of time, such as from four to five seconds, to indicate that the packet is being denied at the port corresponding to the external network). 
Therefore it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and An and Lee in order to indicate whether the destination is authorized or unauthorized to receive the packet.
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Essinger (US 20100177660) in view of An (US 20140348170) in view of Lee (US 6,493,752) in view of Mitomo (US 20050091513). 
As per claim 11, Essinger, An and Lee do not disclose; however, Mitomo discloses the appliance of claim 8, wherein the network security device is further configured to transmit a notification to a second device, responsive to receipt of the network packet matching the predetermined filter (Mitomo, Para. 0052, The report output unit outputs an authorized access report indicating the progress of processes executed based on the unauthorized access scenario, based on the check result of the check unit). 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger, An and Lee with Mitomo in order to determine whether the execution of the process indicated by the packet .
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Essinger (US 2010/0177660) in view of Lee (US 6,493,752).
As per claim 16, Essinger discloses a method, comprising: 
displaying a notification of receipt of the first packet, by an input/output device deployed on a surface of the housing, the input/output device providing a user interface of the network security device, responsive to the first packet matching a predetermined filter (Essinger, Para. 0288, a keyboard input device integrated with the housing, or the touch-screen LCD panel; a magnetic strip-reader integrated with the housing. Examiner interprets that the keyboard and the touch screen LCD panel is able to disclose the notification of the received packets and any other information displayed on the screen); and
Essinger does not disclose; however, Lee discloses receiving, by a network security device deployed within a housing of an appliance, a first packet (Lee, Col. 6, lines 40-48, The security device can use traditional packet filtering or traditional proxies (both described above) to control access to and from the trusted network, external network, and optional network. The security device can also use other types of filtering mechanisms. Examples include stateful dynamic packet filtering methods that build rules dynamically depending on the conditions of the network, and transparent proxies that work at the application level to ensure that ports/protocols necessary to pass packets are opened and closed dynamically).
.
Claim 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Essinger (US 2010/0177660) in view of Lee (US 6,493,752) in view of Mitomo (US 20050091513).
As per claim 17, Essinger and Lee do not disclose; however, Mitomo discloses the method of claim 16, further comprising storing the first packet in a memory of the appliance, by the network security device, responsive to the first packet matching a predetermined filter (Mitomo, Para. 0053, Then the ongoing scenario detector retrieves an ongoing scenario from the ongoing scenario memory with the key data, which is extracted by the key data extractor, as search keys. Then the check unit checks whether the execution of the process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detector follows an unauthorized access scenario being stored in the unauthorized access scenario memory. 
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and Lee and Mitomo in order to determine whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit.
As per claim 18, Essinger and Mitomo do not disclose; however, Lee discloses the method of claim 17, further comprising reserving a predetermined amount of memory of the network security device for the user interface provided by the input/output device, responsive to the first packet matching a predetermined filter (Lee, Col. 8, lines 13-49 Next at step, the security device determines whether a destination of the packet is authorized to receive the packet. Again, this can be done by the software program by using packet filtering methods to determine whether the destination (e.g., the trusted network) is authorized to receive traffic from a particular source (e.g., the Internet), or by using a proxy to determine if the destination is authorized to receive the type of packet (e.g., an e-mail message from the public server of the optional network). If the destination is not authorized to receive the packet, then a destination indicator is illuminated red). 
Therefore it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and Mitomo and Lee in order to indicate whether the destination is authorized or unauthorized to receive the packet.
As per claim 19, Essinger and Mitomo do not disclose; however, Lee discloses the method of claim 17, further comprising detecting an interaction with the user interface indicating a source of the first packet is an authorized device (Lee, Col. 8, lines 13-49 Next at step, the security device determines whether a destination of the packet is authorized to receive the packet. Again, this can be done by the software program by using packet filtering methods to determine whether the destination (e.g., the trusted network) is authorized to receive traffic from a particular source (e.g., the Internet), or by using a proxy to determine if the destination is authorized to receive the type of packet (e.g., an e-mail message from the public server of the optional network). If the destination is not authorized to receive the packet, then a destination indicator is illuminated red). 
Therefore it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and Mitomo and Lee 
As per claim 20, Essinger and Lee do not disclose; however, Mitomo discloses the method of claim 19, further comprising retrieving the first packet from the memory of the appliance, and forwarding the first packet to a destination identified in the first packet, responsive to the detected interaction with the user interface (Mitomo, Para. 0053, Then the ongoing scenario detector retrieves an ongoing scenario from the ongoing scenario memory with the key data, which is extracted by the key data extractor, as search keys. Then the check unit checks whether the execution of the process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detector follows an unauthorized access scenario being stored in the unauthorized access scenario memory. When the check result of the check unit shows that the execution follows the unauthorized access scenario, the ongoing scenario update unit if updates the ongoing scenario being stored in the ongoing scenario memory. In addition, the report output unit outputs an unauthorized access report indicating the progress of processes executed based on the unauthorized access scenario, depending on the check result of the check unit.).
Therefore, it would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Essinger and Lee and Mitomo in order to determine whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit.
Allowable Subject Matter
Claims 8-10 and 12-13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Sasaki (US 20060193341): A communication method in a third communication apparatus of a first node located between a first communication apparatus of the first node and a second communication apparatus of a second node, the first communication apparatus and the second communication apparatus performing data communication based on PPP.
Werb (US 20080040509):  A method and apparatus for communication in a wireless sensor network. In one embodiment, one or more routers in a network may be available for communication with one or more star nodes at a randomized time and/or frequency. A connectivity assessment, which may be performed at several different frequencies and/or times, may be performed to evaluate the quality of communications between devices in the network. Primary and secondary communication relationships may be formed between devices to provide for system redundancy. Node activity may be monitored, e.g., based on heartbeats sent from a node, to help ensure that nodes remain active. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANGELA R HOLMES/Examiner, Art Unit 2498                                                                                                                                                                                                        
/THANHNGA B TRUONG/Primary Examiner, Art Unit 2498