DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application filed on 03/10/2022.
Claims 1-4, 4-10 and 12-14 are currently pending in this application. There are two claims numbered as claim 4 and claim 11 is missing – see also claim objection below.
No information disclosure statement (IDS) has been filed.

Response to Arguments
The previous objections to the drawings have been withdrawn in response to the applicants’ filing of the replacement sheets for the figures 14-17.
Regarding the previous objections to the specification and claim 4, and the 112(b), 101, double patenting and 102 rejections, the applicants do not amend/argue the specification and claims. Therefore, these objections and rejections are maintained.
 
Thus, the applicants’ arguments are not persuasive. Please see rejections below for the current claims. This action is final.

Specification
The disclosure is objected to because of the following informalities: the specification includes acronyms (e.g., ANA, TELoIP, MPLS, CPE-CE, etc.), which should be spelled out at the first time included in the disclosure.
  Appropriate corrections are required.

Claim Objections
Claim 4 is objected to because of the following informalities: there are two claims numbered as claim 4 and claim 11 is missing. 
Appropriate corrections are required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 1-4, 4-10 and 12-14 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claim 1 recites “… each firewall corresponding to said plurality of network components, wherein said firewall provides rules … for the respective network component …”, however, it is not clear (1) how to define “the respective network component” because the firewall correspond (all) the plurality of network components; (2) “the respective network component” has an antecedent basis issue (e.g., there is not “a respective network component”).
Claims 2-7 depend from the claim 1, and are analyzed and rejected accordingly.

Claim 8 recites “… comprising a plurality of network components … providing, by a plurality of firewalls … wherein said firewall is associated with one or more network component …”, however, it is not clear (1) whether “said firewall” and “one or more network component” have any relationship with “a plurality of firewalls” and “a plurality of network components” respectively; (2) “said firewall” has an antecedent basis issue (e.g., there is not “a firewall”).
Claims 9, 10, 4 and 12-14 depend from the claim 8, and are analyzed and rejected accordingly.

Claim 4 recites “… system … comprising an asset alias capacity to assigns a unit alias …”, however, it is not clear how “the asset alias capacity”, which is the information (NOT a component of the system to perform assigning function) can assign the unit alias.
Claim 6 recites “… system … comprising automatic network component discovery”, however, it is not clear how “automatic network component discovery”, which is the function/method (NOT a component of the system to perform discovery function) can comprise in the system (e.g., whether the plurality of firewalls of the system are performing the automatic network component discovery or not).

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
The claim 1, when read in light of the specification, can be interpreted as being directed toward program/software per se.  Applicant is reminded that a program and/or software cannot be patentable.  The claims recite a “system” with elements comprising “a plurality of firewalls”, and “a centralized firewall network controller” or “a plurality of network components”, the claims reciting no other element that is a physical part of a device.  When read in light of the specification, “firewalls”, “network controller” and “network component”, can be reasonably interpreted as program and/or software elements.  When a system/component claim, in at least one possible way, can be implemented by software alone and the claim does not contain any element that is a physical part of a device, the claim must be rejected under 35 U.S.C. §101 as non-statutory since the claim does not fall under one of the four statutory categories of invention (Process, Machine, Manufacture or Composition of Matter).
Dependent claims 2-7 do not recite nor impart any further limitations that would bring the invention in conformance with 35 U.S.C. §101 as patentable subject matter.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-4, 4-14 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 2 and 15-19 of the Patent No. US 10,785,190 B2. 

A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “  ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
Current Application No. 16/994513
Reference Patent No. US 10,785,190 B2
Claim 1: A system for distributed firewall management in a network comprising a plurality of network components associated to one or more client sites, said system comprising:
a plurality of firewalls, each firewall corresponding to said plurality of network components, wherein said firewall provides rules, security controls, or policy controls for the respective network component;




a centralized firewall network controller to manage the rules, security controls, or policy controls for the plurality of firewalls.
Claim 1: A system for distributed firewall management for client sites, the system comprising at least one processor and ... the system to perform operations configured to:
provide, by each firewall of a plurality of firewalls corresponding to a plurality of client site network components, rules, security controls, or policy controls for the respective client site network component, each firewall is integrated with a client site network component, each client site 
manage, by a centralized firewall network controller, the rules, security controls, or policy controls for the plurality of firewalls as a single control pane…
Claim 2: The system of claim 1 wherein the centralized firewall network controller is configured to provide a software defined perimeter defense system.
Claim 15: The system of claim 1 wherein the centralized firewall network controller is configured to provide a software defined perimeter defense system.
Claim 3: The system of claim 1 wherein the centralized firewall network controller is configured to provide five layers of security comprising administrator, network, trusted, public and untrusted.
Claim 16: The system of claim 1 wherein the centralized firewall network controller is configured to provide five layers of security comprising administrator, network, trusted, public and untrusted.
Claim 4: The system of claim 1 further comprising an asset alias capacity to assigns a unit alias to each of a plurality of assets across the plurality of network components.
Claim 17: The system of claim 1 wherein the asset alias capacity assigns a unit alias to each of the plurality of assets across the plurality of client site network components.
Claim 5: The system of claim 1 wherein the plurality of firewalls use processing resources of the plurality of network components.
Claim 18: The system of claim 1 wherein the plurality of firewalls use processing resources of the plurality of client site network components to distributed …
Claim 6: The system of claim 1 further comprising automatic network component discovery.
Claim 2: The system of claim 1 wherein at least one network server component is configured to connect to at least one of the plurality of client site network components 
Claim 7: The system of claim 1 wherein the network component is configured to separate lower-link data traffic and to encapsulate data packets of the lower-link data traffic using a common access protocol.
Claim 19: The system of claim 1 wherein the client site network component is configured to separate lower-link data traffic and encapsulate data packets of the lower-link data traffic using a common access protocol for ...


Claims 8-10, 4 and 12-14 are method claims which have similar limitations with the system claims 1, 2 and 15-19 of US 10,785,190 B2 (see the matching above), which processes the claimed method.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


Claims 1-10, 4 and 12-14 are rejected under 35 U.S.C. 102(a) (2) as being anticipated by Schultz et al. (US 2018/0041470 A1).

As per claim 1, Schultz teaches a network system for distributed firewall management in a network comprising a plurality of network components associated with one or more client sites [figs. 1A, 1B and 2 of Schultz - the network system of fig. 2 for firewall management by the APN network control node NCN for the distributed client site or APN client sites with a plurality of network components of fig. 1B], said system comprising:
a plurality of firewalls, each firewall corresponding to said plurality of network components, wherein said firewall provides rules, security controls, or policy controls for the respective network component [(fig. 1A, 1B, 2; par. 0016, lines 1-5; par. 0050, lines 1-22; par. 0070, lines 1-6 of Schultz teaches a plurality of firewalls (e.g., the integrated firewalls), each firewall corresponding to said plurality of network components, wherein said firewall provides rules, security controls, or policy controls for the respective network component];
a centralized firewall network controller configured to manage the rules, security controls, or policy controls for the plurality of firewalls [fig. 2; par. 0072, lines 1-27 of Schultz teaches a centralized firewall network controller (e.g., the controller of the network control node NCN with the 

As per claim 2, Schultz teaches the system of claim 1. 
Schultz further teaches wherein the centralized firewall network controller is configured to provide a software defined perimeter defense system [par. 0049, lines 1-13; par. 0229, lines 1-2, 18-19 of Schultz – the centralized network controller NCN is configured for security zones to provide a software defined perimeter defense system as the security boundary of each security zone].

As per claim 3, Schultz teaches the system of claim 1. 
Schultz further teaches wherein the centralized firewall network controller is configured to provide five layers of security comprising administrator, network, trusted, public and untrusted [table 16; par. 0072, lines 9-27; par. 262, lines 1-5; par. 264, lines 9-11 of Schultz – the centralized APN configuration of the controller NCN provides network setting for selected site appliances, the security zones with Internet security zone for a trusted interface, untrusted Internet security zone with an untrusted interface, default LAN security zone with not setting a zone or public and administrator specific/assigned security zone].

As per claim 4, Schultz teaches the system of claim 1. 
Schultz further teaches an asset alias capacity to assign a unit alias to each of the plurality of assets across the plurality of network components [figs. 1B, 2; par. 0060, lines 1-19; par. 0229, lines 1-19; table 11 of Schultz – the central configuration provides bandwidth or capacity optimization and the assigned security zone A or B or C to each appliance of the plurality of appliances of the client site network. In other words, the asset alias capacity optimization assigns a unit alias (e.g., security zone A/B/C) to each of the plurality of appliances across the plurality of network components].

As per claim 5, Schultz teaches the system of claim 1. 
Schultz further teaches wherein the plurality of firewalls use processing resources of the plurality of network components [figs. 1B, 2; par. 0049, lines 1-10; par. 0050, lines 1-29; par. 0060, lines 1-19 of Schultz teaches the plurality of firewalls, such as 192, 194, 196, 198, use processing resources of the plurality of network components, such as WAN Ingress/Egress processor modules, etc.].

As per claim 6, Schultz teaches the system of claim 1. 
Schultz further teaches automatic network component discovery [figs. 1B, 2; par. 0076, lines 1-11 of Schultz teaches automatic network component discovery].

As per claim 7
Schultz further teaches wherein the client site network component is configured to separate lower-link data traffic and to encapsulate data packets of the lower-link data traffic using the common access protocol [figs. 1A, 4; par. 0034, lines 1-10; par. 0089, lines 24-34 of Schultz teaches the transport reliable protocol (TRP) processing is begun including checking path id validity and path resequencing. Conduit user data processing is begun including aggregation, phase 1 of header compression, checking IP header of user data, application lookup using an application classification table. Also, a flow and rule lookup in a rules table is accomplished. The conduit flow processing is begun including handling fragmentation, re-sequence flow processing, phase 2 of header compression and strip TRP encapsulation. In other words, the client site network component (e.g., conduit processor module) is configured to separate lower-link data traffic (e.g., the data link layer traffic) and to encapsulate data packets of the lower-link data traffic using the common access protocol (e.g., TRP processing).

Claims 8-10, 4 and 12-14 are method claims that correspond to the system claims 1-7, and are analyzed and rejected accordingly.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 



/MAUNG T LWIN/Primary Examiner, Art Unit 2495