Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are pending. Claims 1, 10 and 16 are independent. Claims 2-9, 11-15, and 1-20 are dependent.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/13/2021 was in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about Terminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 4-15,17-18, and 20-27 of U.S. Patent No. 11115385 (hereinafter 385 patent). Although the claims at issue are not identical, they are not patentably distinct from each other because they are substantially similar in scope and they use the same limitations, using varying terminology. Please see further explanation below. Differences are bolded and omissions are underlined in following comparison tables. 
Current application claim 1
‘385 patent claim 1
1.   A method comprising: obtaining a first packet of a packet flow at a classifying device; providing the first packet to a firewall device; obtaining, at the classifying device, an indication from the firewall device that non- control packets of the packet flow are to obtaining a control packet of the packet flow at the classifying device; and providing the control packet of the packet flow to the firewall device.
receiving a packet of the packet flow at the classifying network device indicating a possible change in a flow state of the packet flow; determining that the packet belongs to the packet flow by comparing data contained in the packet to the data stored at the classifying network device; determining that the packet of the packet flow is a type that is to be forwarded to the firewall network device; and directing the packet of the packet flow to the firewall network device, in response to the determining the packet of the packet flow is of the type that is to be forwarded to the firewall network device, to maintain the flow state of the packet flow at the firewall network device; receiving, at the classifying network device in response to predetermined criteria evaluated by the firewall network device, an indication from the firewall network device that the packet flow should no longer be directed to the processing entity, wherein the predetermined criteria comprise a pattern of bytes from one or more control packets of the packet flow, a reputation change of a source device of the packet flow, a posture change of the source device of the packet flow, and timing of receipt of the packet flow; receiving a non-control packet of the packet flow at the classifying ; and directing the non-control packet of the packet flow to the firewall network device.


The difference between claim 1 of the current application and claim 1 of '385 patent is that the current application is “obtaining a control packet of the packet flow at the classifying device; and providing the control packet of the packet flow to the firewall device.” and the '385 patent is a “receiving a packet of the packet flow at the classifying network device indicating a possible change in a flow state of the packet flow; determining that the packet belongs to the packet flow by comparing data contained in the packet to the data stored at the classifying network device; determining that the packet of the packet flow is a type that is to be forwarded to the firewall network device; and directing the packet of the packet flow to the firewall network device, in response to the determining the packet of the packet flow is of the type that is to be forwarded to the firewall network device, to maintain the flow state of the packet flow at the firewall network device; receiving, at the classifying network device in response to predetermined criteria evaluated by the firewall network device, an indication from the firewall network device that the packet flow should no longer be directed to the processing entity, wherein the predetermined criteria comprise a pattern of bytes from one or more control packets of the packet flow, a reputation change of a source device of the packet flow, a posture change of the source device of the packet flow, and timing of receipt of the packet flow; and directing the non-control packet of the packet flow to the firewall network device.” Both the current application and '385 patent have the same functionalities.
              It would have been obvious to one of ordinary skill in the art at the time the invention was made to substitute “obtaining a control packet of the packet flow at the classifying device; ” with “receiving a packet of the packet flow at the classifying network device indicating a possible change in a flow state of the packet flow; determining that the packet belongs to the packet flow by comparing data contained in the packet to the data stored at the classifying network device; determining that the packet of the packet flow is a type that is to be forwarded to the firewall network device; and directing the packet of the packet flow to the firewall network device, in response to the determining the packet of the packet flow is of the type that is to be forwarded to the firewall network device, to maintain the flow state of the packet flow at the firewall network device; receiving, at the classifying network device in response to predetermined criteria evaluated by the firewall network device, an indication from the firewall network device that the packet flow should no longer be directed to the processing entity, wherein the predetermined criteria comprise a pattern of bytes from one or more control packets of the packet flow, a reputation change of a source device of the packet flow, a posture change of the source device of the packet flow, and timing of receipt of the packet flow; and directing the non-control packet of the packet flow to the firewall network device” because the remaining elements would have performed the same function. Such substitution would not interference with the functionality of the remaining elements.              It would have been obvious to one of ordinary skill in the art at the time the invention was made to delete the underlined elements because the remaining elements would have performed the same function as before. Such addition would not interfere with the functionality of the remaining elements.
            Since claims 2-20 incorporate the deficiencies of claims 1, they are likewise rejected.
This is a non-provisional nonstatutory double patenting rejection because the patentably indistinct claims have been patented.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Johnson et al. (US 20080271134) hereinafter Johnson in view of Mihelich et al. (US 2014/0325636) hereinafter Mihelich.   
Regarding claim 1, Johnson teaches a method comprising: obtaining a first packet of a packet flow at a classifying device (i.e. a packet is received in a NIC (Step 401). The packet is received over a network connection from another device on the network, such as a host, [0053]); providing the first packet to a firewall device (i.e. The packets received by the NI are forwarded to other components on the NIC (105) for processing, [0024] and a firewall may be used by the NIC (105) to permit, deny, and/or proxy network connections between the NIC (105) and other devices on the network [0031]); storing, at the classifying device, data that indicates that the non-control packets of the packet flow are to be provided to the processing entity (i.e. firewall rules and NAT parameters associated with the packet filter may be stored in the SPD and accessed by the policy engine to enforce a network layer firewall on the NIC, [0049]); obtaining one or more non-control packets of the packet flow at the classifying device (i.e. packets from a network are received by the NIC, [0040]); determining, by comparing data contained in the one or more non-control packets of the packet flow to the data stored at classifying device, that the one or more non-control packets of the packet flow are to be provided to the processing entity (i.e. Packets received by the receiving system (via a NIC 
However, Johnson does not explicitly disclose obtaining, at the classifying device, an indication from the firewall device that non- control packets of the packet flow are to be provided to a processing entity and control packets of the packet flow are to be provided to the firewall device; providing the one or more non-control packets of the packet flow to the processing entity in response to the determining; obtaining a control packet of the packet flow at the classifying device; and providing the control packet of the packet flow to the firewall device.
However, Mihelich teaches obtaining, at the classifying device, an indication from the firewall device that non- control packets of the packet flow are to be provided to a processing entity (i.e. a data packet arrives at the FPGA port. The FPGA port determines at decision block 1206 whether the data packet is an IP packet (a TCP or UDP packet), [0176]), and control packets of the packet flow are to be provided to the firewall device (i.e. data packet at issue is not an IP packet, therefore the data packet is forwarded to a master firewall security device, [0177]); providing the one or more non-control packets of the packet flow to the processing entity in response to the determining (i.e. the FPGA has determined that the data packet at issue is an IP packet, then the data packet is redirected to the switch, [0179]-[0178]); obtaining a control packet of the packet flow at the classifying device (i.e. non-TCP/UDP traffic may be sent to the master firewall device, [0125]); and providing the control packet of the packet flow to the firewall device (i.e. the FPGA has determined that the data packet at issue is not an IP packet, therefore the data packet is forwarded to a master firewall security device, [0177]).
Based on Johnson in view of Mihelich it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Mihelich to the system of Johnson in order to increase performance of packets offloading of Johnson system. 


However, Mihelich teaches providing the control packet of the packet flow to the firewall device comprises providing the control packet of the packet flow to the firewall device to maintain a flow state of the packet flow at the firewall device (i.e. for data packets like TCP SYN, TCP RST and TCP FIN packets, switch 400 may also redirect these packets to the respective ingress port of the return packet, [0107] and Flow state manager 314 provides per flow processing functions, by which a flow state is looked up, added, updated, and aged so that the same VLAN tag is used for forwarding the flow packets to their destination, [0094]). Therefore, the limitations of claim 2 are rejected in the analysis of claim 1, and the claim is rejected on that basis. The rationale to combine as discussed in claim 1, applies here as well.

Regarding claim 3, Johnson does not explicitly disclose storing data maintaining the flow state of the packet flow at the firewall device.
However, Mihelich teaches storing data maintaining the flow state of the packet flow at the firewall device (i.e. Flow states are kept in a flow state table, [0094]). Therefore, the limitations of claim 3 are rejected in the analysis of claim 1, and the claim is rejected on that basis. The rationale to combine as discussed in claim 1, applies here as well.

Regarding claim 4, Johnson does not explicitly disclose providing, to the firewall device from the classifying device, data updating the flow state of the packet flow       
However, Mihelich teaches providing, to the firewall device from the classifying device, data updating the flow state of the packet flow (i.e. flow state manager 314 provides per flow processing functions, by which a flow state is looked up, added, updated, and aged so that the same VLAN tag is used for forwarding the flow packets to their destination, [0094]). Therefore, 

Regarding claim 5, Johnson teaches obtaining at the classifying device an indication from the firewall device that non-control packets of the packet flow should no longer be provided to the processing entity (i.e. the SP(s) and/or firewall rule(s) may block all packets that are not from a local area network (LAN) associated with the NIC (105). Blocked packets may then be handled according to the SP(s) and/or firewall rule(s). For example, the blocked packets may be dropped, or the blocked packets may be stored for future reference and/or analysis, [0040]); obtaining a non-control packet of the packet flow at the classifying device (i.e. a packet is received in a NIC (Step 401). The packet is received over a network connection from another device on the network, such as a host, [0053]); and providing the non-control packet of the packet flow to the firewall device (i.e. a TCP offload engine (TOE) is used as the transport protocol offload engine (215) to process packets in accordance with transport layer protocols and/or network layer protocols, [0039]).

Regarding claim 6, Johnson teaches the indication from the firewall device that the non- control packets of the packet flow should no longer be provided to the processing entity is obtained at the classifying device in response to predetermined criteria evaluated by the firewall device, wherein the predetermined criteria comprise one or more of a reputation change of a source device of the packet flow, a posture change of the source device of the packet flow, and/or timing of receipt of the packet flow (i.e. A determination is made, based on the firewall rules and/or SPs, about whether the packet is admitted into the system (Step 411). For example, the packet may be blocked or admitted based on source and/or destination IP address, packet contents, [0054]).


Regarding claim 8, Johnson teaches the hardware of the processing entity executes packet rewrite instructions (i.e. transport layer processing includes TCP and UDP processing of packets. In one or more embodiments of the invention, network layer processing includes IP processing of packets. In other words, network stack functionality may be provided by the transport protocol offload engine (215) in lieu of a software module on the host connected to the NIC, [0039]).

Regarding claim 9, Johnson teaches obtaining a non-control packet of the packet flow at the classifying device (i.e. a packet is received in a NIC (Step 401). The packet is received over a network connection from another device on the network, such as a host, [0053]); determining at the classifying device that an amount of data contained in the non-control packet exceeds a predetermined threshold (i.e. the filter DB may store firewall rules and NAT parameters for incoming and outgoing packets. Further, the filter DB may be populated with rules and/or parameters using a filter utility on the host, [0050]); and providing the non-control packet to the firewall device in response to determining that the amount of data contained in the non-control packet exceeds the predetermined threshold (i.e. a TCP offload engine (TOE) is used as the 

Regarding claims 10-20, the limitation of claims 10-20, are similar to the limitations of claim 1-2, 4-6, and 9 above. Johnson further teaches an apparatus (i.e. device, [0053]) comprising: one or more memories (i.e. memory, [0032]; one or more network interfaces configured to enable network communications (i.e. a network interface connection, [0061]); and one or more processors (i.e. a processor, [0032]), one or more tangible non-transitory computer readable mediums containing instructions, (i.e. a computer readable medium, [0062]). Therefore, the limitations are rejected in the analysis of their similar limitations, and the claims are rejected on that basis.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Pham et al. (US 20170195255), A packet is received at an input port of the SDN switch. The switch includes a first and second set of flow processing units (FPUs). The packet is forwarded to a first FPU of the first set. Based on a flow table associated with the first FPU, it is determined whether the packet is to be forwarded to a network device or an output port.
Roberson et al. (US 20150341314), A security device for processing network flows includes one or more packet processors configured to receive incoming data packets associated with one or more network flows where a packet processor is assigned as an owner of one or more network flows and each packet processor processes data packets associated with flows for which it is the assigned owner.

Dalal et al. (US 9286472), a plurality of offload processors connected to a memory bus and configured to provide security related services on packets prior to redirection to the main processor.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYELE F WOLDEMARIAM whose telephone number is (571)270-5196. The examiner can normally be reached M_F 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon H Hwang can be reached on 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.













/A F W/
AYELE F. WOLDEMARIAM
Examiner
Art Unit 2447
3/8/2022

/CHEIKH T NDIAYE/Primary Examiner, Art Unit 2447