DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 01/20/2022. Claims 1, 8, and 15 are amended. Claims 1-21 are pending in this examination.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
                                  			Examiner Note
Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
    Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  

Applicant's arguments filed 01/20/2022 have been fully considered but they are not persuasive:
Applicants respectfully submits on pages 7-9 of remarks filed on 01/20/2022 that claim 1 is not obvious over the cited references, for at least the reason that the cited references, either alone or in combination, do not teach or suggest all of the required limitations of claim. For instance, Applicant respectfully submits that the cited references, either alone or in combination, do not teach or suggest: applying the firewall rule to the test traffic; 
determining an outcome from applying the firewall rule to the test traffic; 
and performing an action on the firewall rule based on an input from the domain 
owner device responsive to the determined outcome; as recited in amended independent claim 1. Independent claims 8 and 15 have been amended to recite similar claim features as claim 1.


Examiner respectfully disagrees with applicant argument for claim 1 filed on 01/20/2022 on pages 7-9 of remarks. Aaron his application discloses the above limitations as: 
applying the firewall rule to the traffic [¶42, the firewall process 136 receives packets from the network interface 134, 144, each network interface serving to connect the firewall to a different network as was indicated in FIG. 1.  During the time window as indicated above, the firewall packet inspector 314 is directed by the policy modifier 306 to inspect or examine all the received packets associated with that time window's particular user/customer…the packets are sent to the firewall filter 316 for filtering, during which they may either be blocked or allowed to pass…], and  [¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall], and [¶42].
Examiner Note: Examiner states that the mapping above reads on the claim limitation. Examiner maintains his rejection.

 determining an outcome from applying the firewall rule to the test traffic [¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall], and [¶42].
Examiner Note: Examiner states that the mapping above reads on the claim limitation. Examiner maintains his rejection.

and performing an action on the firewall rule based on an input from the domain owner device responsive to the determined outcome [¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall], and  [¶33, If the user utilizes the user processing device 110 to send the notification, the method of notification includes email, web access, or among other notification methods… In a preferred embodiment where web access is used, the FFC 108 includes a web server that is attached to, or communicates with, a separate supporting web server, which the user accesses over the provider network 104], and [¶37, For example, "allowed" or "authorized" application might be designed to communicate periodically, at random intervals, or when triggered by some event not visible to the user].
Examiner Note: As it is mentioned in various paragraphs of Aaron application , a certain time-period (determined outcome )would be given to a user to use a new application, and firewall policy would be modified(performing an action on the firewall rule) to allow to the new application to pass through the firewall. Examiner maintain his rejection.

Dunagan  in his application discloses “test traffic” as: [ $23, FIG. 4 shows a schematic/block diagram of the data paths and how traffic flows in the simulated test environment of FIG. 2.  Referring now to FIG. 4, Test Web Proxy 202 allows access to private domain names on Simulated Internet 208.  Test Publishing Firewall 204 contains rules that allow Test Web Servers 106 to be accessed from Simulated Internet 208.  Test Automation System 104 controls task execution on all test systems on Corporate Network 108 and Simulated Internet 208.  For instance, within Corporate Network 108 a Test Web Server 106 may be named http://server.corp.com).  Then when a Test Client Machine 102 connects to 
Examiner Note: Examiner states that the mapping above reads on the claim limitation. Examiner maintains his rejection.


Claim Rejections - 35 USC § 103

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. 2004/0268150 issued to Aaron and in view of US Patent No. 2008/0172575 issued to Dunagan.
Regarding claims 1, 8, and 15, Aron discloses a method, comprising: receiving, by a control server, configuration data from a domain owner device associated with a domain owner of a resource hosted by an origin server[¶6,  notifying a coordinating entity of a request to modify a firewall policy to incorporate filtering rules to allow communications or packets from a new application to pass through the network-based firewall without being blocked], and [¶¶6, 32-33]; and
generating a firewall rule using the configuration data, the firewall rule for application to requests received by an edge server directed to the resource [¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall], and [¶¶32-33, 35-36, 42]; and
 retrieving traffic relevant to the firewall rule [¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall]; and
 applying the firewall rule to the traffic [¶42, the firewall process 136 receives packets from the network interface 134, 144, each network interface serving to connect the firewall to a different network as was indicated in FIG. 1.  During the time window as indicated above, the firewall packet inspector 314 is directed by the policy modifier 306 to inspect or examine all the received packets associated with that time window's particular user/customer…the packets are sent to the firewall filter 316 for filtering, during which they may either be blocked or allowed to pass…]; and [¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall]; and 
 determining an outcome from applying the firewall rule to the test traffic [¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall], and [¶42]; and
and performing an action on the firewall rule based on an input from the domain owner device[¶6, sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall], and  [¶33, If the user utilizes the user processing device 110 to send the notification, the method of notification includes email, web access, or among other notification methods… In a preferred embodiment where web access is used, the FFC 108 includes a web server that is attached to, or communicates with, a separate supporting web server, which the user accesses over the provider network 104], and [¶37, For example, "allowed" or "authorized" application 
might be designed to communicate periodically, at random intervals, or when triggered by some event not visible to the user.
Aaron does not explicitly discloses test traffic , however, Dunagan discloses[ $23, FIG. 4 shows a schematic/block diagram of the data paths and how traffic flows in the simulated test environment of FIG. 2.  Referring now to FIG. 4, Test Web Proxy 202 allows access to private domain names on Simulated Internet 208.  Test Publishing Firewall 204 contains rules that allow 
	 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Aaron with the teaching of Dunagan in order to impelement A simulated internet is connected to a corporate network to more easily and effectively facilitate testing the impact of internet security devices and settings on internet software [Dunagan, Abstract].
Regarding claims 2, 9, and 16,   Aron discloses  filtering the test traffic associated with the resource based on a specified time period[¶6,  notifying a coordinating entity of a request to modify a firewall policy to incorporate filtering rules to allow communications or packets from a new application to pass through the network-based firewall without being blocked; notifying a policy modifier of the modification request; sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall].
Aaron does not explicitly disclose, however, Dunagan discloses wherein retrieving the test traffic relevant to the firewall rule includes: identifying the test traffic associated with the resource[ $23, FIG. 4 shows a schematic/block diagram of the data paths and how traffic flows in the simulated test environment of FIG. 2.  Referring now to FIG. 4, Test Web Proxy 202 allows access to private domain names on Simulated Internet 208.  Test Publishing Firewall 204 contains rules that allow Test Web Servers 106 to be accessed from Simulated Internet 208.  Test Automation System 104 controls task execution on all test systems on Corporate Network 108 and Simulated Internet 208], and [¶3].  
	 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Aaron with the teaching of Dunagan in order to impelement A simulated internet is connected to a corporate network to more easily and effectively facilitate testing the impact of internet security devices and settings on internet software [Dunagan, Abstract].
Regarding claims 3, 10, and 17, Aaron discloses wherein the test traffic is from previously analyzed requests directed to the resource processed by edge server over the specified time period[¶6,  notifying a coordinating entity of a request to modify a firewall policy to incorporate filtering rules to allow communications or packets from a new application to pass through the network-based firewall without being blocked; notifying a policy modifier of the modification request; sending a user an indication of a time period during which the user can exercise a new application; and examining the user-originated communications or packets traversing the firewall during that time period and modifying the user's policy such that packets associated with the new application are allowed to pass through the firewall].
Regarding claims 4, 11, and 18, Aaron discloses wherein performing the action on the firewall rule based on the input from the domain owner includes: validating the firewall rule for application to live request traffic [¶34, If the user is authenticated as an authorized user, the firewall policy configuration/window generator 210 generates a time window during 
Regarding claims 5, 12, and 19, Aaron discloses wherein the method further comprises: receiving, by the edge server, a request packet from a client device including a request for an action to be performed on the resource; analyzing the request to identify one or more properties of the request; generating a data structure storing the one or more properties of the request; applying the firewall rule to the one or more properties of the request, the firewall rule including a filter and a firewall action; determining that at least one of the one or more properties of the request matches the filter; and  Atty. Docket No.: 8906P09518 Patent ApplicationAtty. Docket No.: 8906P095 performing the firewall action on the request packet in response to determining that the at least one of the one or more properties of the request matches the filter [Abstract, ¶¶3, 33-34, 42].
Regarding claims 6, 13, and 20, Aaron discloses wherein performing the firewall action on the request packet includes: logging the determination that the at least one of the one or more properties of the request matches the filter [¶34, If the user is authenticated as an authorized user, the firewall policy configuration/window generator 210 generates a time window during which the user can exercise (run) the "new" application.  Optionally, additional information in the notification or request and/or the user database 208 may be consulted to determine the best time window to offer the user]. 
Regarding claims 7, 14, and 21, Aaron discloses wherein performing the firewall action on the request packet includes: presenting a challenge to the client device; validating a challenge response to the challenge received from the client device; and sending the request packet to the origin server hosting the resource in response to validating the challenge response to the challenge [46, Referring to FIG. 5B, the FFC acknowledges the user.  In an example, the acknowledgement informs the user regarding the time window, for instance indicating that the time window has successfully been granted and scheduled.  When the time window is granted by the PMA for a particular user and a particular "new" application, at 512, the user runs (exercises) the new application during the time window. When the time window is granted by the PMA for a particular user and a particular "new" application, at 512, the user runs (exercises) the new application during the time window.  At 514, the PMA causes the firewall's packet inspection component to watch for packets from/to that user's processing device during the time window.  Rather than applying normal filtering during the window, all such packets are identified and classified as needed so that the firewall can generate new filtering rules which, when added to the user's policy rule-set, would allow those packets to traverse the firewall instead of being blocked, as would otherwise be the case, for packets sent outside of the time window traversing the firewall with an unmodified rule-set], and [¶2, Firewalls are the cornerstone of security for communications networks and resources attached to those networks], and [¶33].
                                                              Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Ormazabal (US8046828)[ security management system for monitoring firewall operation].
Khan(US2019/0222558) [SYMBOLIC EXECUTION FOR WEB APPLICATION FIREWALL PERFORMANCE].
Hill(US10771372)[Transmitting Test Traffic On A Communication Link].
EP2200249A1[Network analysis].
El Defrawy(US20180054418)[ FIREWALL FILTER RULES GENERATION].
Nistor (US2016/0174178) [¶24, in some embodiments, computing platforms 100 and/or 104 may include a traffic generator and may emulate one or more network nodes.  For test traffic (e.g., messages and/or packets) associated with these nodes].
Murthy(US2018/0097789)[ Abstract, time-based network authentication challenges includes monitoring a session at a firewall].
RENPENNING (US2019/0166097) [¶¶14, Abstract].
Schneider (US7685271) [Abstract, ¶6].

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.                                                                                                                                                                           
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496