DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
2.	This action is in response to the following communication: Amendment to application No. 16/326,421 filed on 12/21/2021.
3.	Claims 1-15 were previously cancelled.
Claims 16, 19, 22, 23, 28, 29 and 30 have been amended.
Claims 16-33 now remain pending.
Claims 16 and 28 are independent claims.
Claim Objections
4.	Prior objection is circumvented by claim amendments.
Drawings
5.	Prior objection is overcome by corrections.
Response to Arguments
6.	Applicant’s arguments with respect to newly amended independent claims 16 and 28 and claims 17-27 and 29-33 on pages 13-21 of the response have been fully considered but they are not persuasive and are moot in view of the new ground(s) of rejection - see Roddy (Art of record) as applied below, as they further teach such use. 
Claim Rejections - 35 USC § 103

7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences 

8.	Claims 16-23 and 27- 30 are rejected under 35 U.S.C. 103 as being unpatentable over Forstreuter, EP 0909692A2, in view of Roddy et al., US 20050091515 (hereinafter Roddy). 
   In regards to claim 16, Forstreuter teaches: 
A configuration, comprising: a technical system; a controller for controlling said technical system and can change a technical state of said technical system by use of control commands (Abstract, see the method involves securing data processor arrangements against unintentional and inadmissible influence from other data networks, with which the data processors are connected over communication services… A filter function is used, to delete all messages, which are recognized as ambiguous with respect to their safety. The data messages delivered over the communication services are filtered in at least two independent observation units connected in series with each other, and preceding the security-related data processor), (p. 5, 5th para., to isolate the data network to be protected from the safety-relevant ones. A data processing system serves a so-called security translator system ST between the data network to be protected and the public data network… they can also be used in security technology be realized as they are specifically for the control safety-related processes in railway signaling is used), (p. 4, 13th para., see the drawing shows a schematic Operations control center BLZ for controlling rail traffic in a section of a railway network. The operations control center is connected to via an internal th para., see the object of the present invention is to implement a method specify the preamble of claim 1, which in the It is able to influence all external influences protective internal data network of a data processing system to prevent the security implications of could have process events to be controlled there) and (p. 6, 2nd para., see the filter function of security translators PC2 would fail, that of the security translators PC1 cover this error because they do the analysis of the telegrams to be evaluated first has been. The error that occurred was then not recognized and one in the filter function of the security translator PC1 errors that would occur later would remain possibly undetected. This would give the opportunity that actually dangerous commands from the outside on the Protected data network of the security-relevant data processing system could get) (emphasis added). 
an external remote query device; and an interface device connected to said controller and forming an external interface for connection to said external remote query device (p. 1, 2nd para., see process for partitioning security-related data processing systems against unwanted and inadmissible interference from other data networks with which the data processing system is connected via communication services by using a filter function) and (Abstract, see the method involves securing data processor arrangements against unintentional and inadmissible influence from other data networks, with which the data processors are connected over communication services… A filter function is used, to delete 
Forstreuter doesn’t explicitly teach:
said interface device having a checking device configured such that said checking device checks a remote query signal received for a presence of a query command stored in said interface device as permissible and in an event of permissibility only allows the query command contained in the remote query signal to pass through to said controller.
However, Roddy teaches such use: (Fig. 2, Client 202, 210 Mediating firewall, switch 218, internal system #1, internal system #2, internal system #3), (Fig. 4, External interface 404, Processing engine 406, Internal interface 408), (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, Yes, prepare and send a request to internal system 512), (p. 3, [0029], see FIG. 2 is a schematic diagram of a system used in one embodiment to provide security for external access to an internal computer system) and (p. 5, [0043-0045], see the external interface 404 is configured to perform initial processing on incoming requests, such as by normalizing incoming messages into a common format and, in some cases, performing security-related tasks such as decryption, authentication, and integrity checking, to the extent required by the preferences established by the system administrator and/or to the extent necessary to implement other policy rules. Once initial processing of an incoming request is performed by the external interface, the request is passed in a common format to a 
blocks a passing through of the remote query signal to said controller and all other control commands which are not query commands stored as permissible.
However, Roddy teaches such use: (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, N, Respond per exception handling rules 510), (p. 6, [0050], see if it is determined in step 508 that the request is not authorized, the process proceeds to step 510 in which event the mediating firewall responds to the request in accordance with the exception handling rules designated by the system administrator. In one embodiment, the firewall may be configured to respond to an unauthorized request by ignoring the request. In one embodiment, the mediating firewall may be configured to respond to an unauthorized request by sending a message to the requesting party indicating that the request is not authorized) and (p. 9, [0073], see in one embodiment a blocked request may be ignored. In one embodiment, the system administrator may specify that an error message be sent to the requesting party in the case of a blocked request) (emphasis added). 

Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter  and Roddy before him or her, to modify the system of Forstreuter  to include the teachings of Roddy, as a system for secured external access to a protected computer network, and accordingly it would enhance the system of Forstreuter  , which is focused on security related data processing, because that would provide Forstreuter  with the ability to filter request, as suggested by Roddy (p. 5, [0043-0045], p. 12, [0084]).      

   In regards to claim 17, Forstreuter teaches: 
said technical system is a safety-related railway system (p. 5, 5th para., to isolate the data network to be protected from the safety-relevant ones A data processing system serves a so-called security translator system ST between the data network to be protected and the public data network… they can also be used in security technology be realized as they are specifically for the control safety-related processes in railway signaling is used).
the control commands which would change the technical state of said safety-related railway system are those which would change an operating state of said safety-related railway system (Abstract, see the method involves securing data processor arrangements against unintentional and inadmissible influence from other data networks, with which the data processors are connected over communication services), (p. 5, 5th para., to isolate the data network to be th para., see the drawing shows a schematic Operations control center BLZ for controlling rail traffic in a section of a railway network. The operations control center is connected to via an internal data network ID electronic signal boxes ESTW, which are used by operators e.g. can be controlled from the operations control center).

   In regards to claim 18, Forstreuter teaches: 
said interface device is a two-stage or multi-stage interface device and has at least two interface modules which are connected in series in a cascaded manner, wherein between said at least two interface modules a signal transmission takes place with another transmission standard or on a basis of a packet protocol other than communication between said interface device and said external remote query device (p. 1, 3rd para., see the data telegrams delivered via the communication services (D3) are filtered in at least two independent viewing units (PC1, PC2) connected upstream and connected in series to the security-relevant data processing system (BLZ)), (Fig. 1, PC1, PC2, In, ISDN),  (p. 1, 2nd para., see the telegrams are encrypted (V) in a first viewing unit (PC1) and decrypted again in the second viewing unit (PC2) following in the data transfer direction) and (p. 4, 7th para., see for redundancy reasons, according to the teaching of claim 7 doubled units for serial treatment of incoming Telegrams may be 

   In regards to claim 19, Forstreuter teaches: 
said at least two interface modules include a first interface module connected in the cascaded manner, which is connected to said external remote query device (Fig. 1, PC1, PC) and (p. 1, 3rd para., see the data telegrams delivered via the communication services (D3) are filtered in at least two independent viewing units (PC1, PC2) connected upstream and connected in series to the security-relevant data processing system (BLZ).
said first interface module only passes through the query command to a next interface module connected in the cascaded manner, namely by means of the packet protocol change or on a basis of a packet-free signal transmission (p. 1, 4th para., see the telegrams are encrypted (V) in a first viewing unit (PC1) and decrypted again in the second viewing unit (PC2) following in the data transfer direction).  
Forstreuter doesn’t explicitly teach:
is configured in such a way that, in a presence of the remote query signal which contains the query command recognized as permissible.
However, Roddy teaches such use: (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, Yes, prepare and send a request to internal system 512). 
Forstreuter and Roddy are analogous art because they are from the same field of endeavor, control systems.


   In regards to claim 20, Forstreuter teaches: 
said interface device has an internal interface module and an external interface module which each have an internal interface and an external interface; said internal interface module is connected by means of said internal interface, hereinafter referred to as a first interface, to said controller and by means of said external interface, hereinafter referred to as a second interface, to said external interface module disposed upstream of said internal interface module, said external interface module and said internal interface module are connected in a cascaded manner; said external interface module is connected by means of said internal interface, hereinafter referred to as a third interface, to said second interface of said internal interface module; said external interface module is connected by means of said external interface, hereinafter referred to as a fourth interface, to said external remote query device; and said checking device is contained in said external interface module (Fig. 1, PC1, PC2, In, ISDN), (p. 1, 3rd para., see the data telegrams delivered via the communication services (D3) are filtered in at least two independent viewing units (PC1, PC2) connected upstream and 

   In regards to claim 21, Forstreuter teaches: 
said fourth interface is a packet-oriented interface which performs protocol- based communication with said external remote query device on a basis of a predetermined external packet protocol; and a data transmission between said second interface and said third interface is based on an internal packet-free signal transmission or is based on an internal packet protocol which differs from the predetermined external packet protocol (p. 1, 3rd para., see the telegrams are encrypted (V) in a first viewing unit (PC1) and decrypted again in the second viewing unit (PC2) following in the data transfer direction), (p. 1, 3rd para., see the data telegrams delivered via the communication services (D3) are filtered in at least two independent viewing units (PC1, PC2) connected upstream and connected in series to the security-relevant data processing system (BLZ)) and (p. 4, 7th para., see for redundancy reasons, according to the teaching of claim 7 doubled units for serial treatment of incoming Telegrams may be provided, these systems … have separate interface modules, which may still have different transmission protocols can be adapted). 

   In regards to claim 22,
said internal interface module is configured such that it passing through the query command to said first interface and thus to said controller when the query command is present at said second interface, namely on a basis of a packet-free signal transmission which differs from the internal packet-free signal transmission or on a basis of at least one feature selected from the group consisting of a third packet protocol which differs from the internal packet protocol, and a third packet protocol which differs from the predetermined external packet protocol.
However, Roddy teaches such use: (p. 5, [0042], see FIG. 4 is a schematic diagram illustrating further detail of the mediating firewall 210 used in one embodiment. The mediating firewall 210 comprises a set of external ports 402, each configured to communicate via an external connection, such as external connection 211 of FIG. 2. Each port of the plurality of ports 402 may be configured to process communications using a specified protocol, such as the hyper text transfer protocol (HTTP); the secure hyper text transfer protocol (HTTPS); the simplified mail transport protocol (SMTP); the file transfer protocol (FTP); any message queue (MQ) protocol, such as Tibco.TM., IBM MQ Series.TM., etc.; TELNET; or any suitable application layer protocol. While certain exemplary protocols are shown in FIG. 4, any protocol suitable for communication via a network, such as the Internet, may be used) and (p. 5, [0044] , see once initial processing of an incoming request is performed by the external interface, the request is passed in a common format to a processing engine… However, in other embodiments, more, fewer, or different protocols may be associated with the plurality of internal ports 410 than with the plurality of external ports 402. In addition, in certain embodiments, the mediating firewall may be configured to receive a request associated with a particular 
Forstreuter and Roddy are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter and Roddy before him or her, to modify the system of Forstreuter to include the teachings of Roddy, as a system for secured external access to a protected computer network, and accordingly it would enhance the system of Forstreuter, which is focused on security related data processing, because that would provide Forstreuter with the ability to filter request, as suggested by Roddy (p. 5, [0043-0045], p. 12, [0084]).      
   
   In regards to claim 23, Forstreuter doesn’t explicitly teach:   
said controller is configured to transmit requested data to said external remote query device via said interface device when said interface allows the query command contained in the remote query signal to pass through to said controller.
However, Roddy teaches such use: (Fig. 2, Client 202, 210 Mediating firewall, switch 218, internal system #1, internal system #2, internal system #3), (Fig. 4, External interface 404, Processing engine 406, Internal interface 408), (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, Yes, prepare and send a request to internal system 512), (p. 3, [0029], see FIG. 2 is a schematic diagram of a system 
Forstreuter and Roddy are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter and Roddy before him or her, to modify the system of Forstreuter to include the teachings of Roddy, as a system for secured external access to a protected computer network, and 

   In regards to claim 27, Forstreuter teaches: 
said technical system is a safety-related system (p. 5, 5th para., to isolate the data network to be protected from the safety-relevant ones. A data processing system serves a so-called security translator system ST between the data network to be protected and the public data network… they can also be used in security technology be realized as they are specifically for the control safety-related processes in railway signaling is used).
 
   In regards to claim 28, Forstreuter teaches: 
A method for operating a configuration having a technical system and a controller controlling the technical system and can change a technical state of the technical system by means of control commands, which comprises the steps of (Abstract, see the method involves securing data processor arrangements against unintentional and inadmissible influence from other data networks, with which the data processors are connected over communication services… A filter function is used, to delete all messages, which are recognized as ambiguous with respect to their safety. The data messages delivered over the communication services are filtered in at least two independent observation units connected in series with each other, and preceding the security-related data processor), (p. 5, 5th para., to th para., see the drawing shows a schematic Operations control center BLZ for controlling rail traffic in a section of a railway network. The operations control center is connected to via an internal data network ID electronic signal boxes ESTW, which are used by operators e.g. can be controlled from the operations control center), (p. 3, Description, 5th para., see the object of the present invention is to implement a method specify the preamble of claim 1, which in the It is able to influence all external influences protective internal data network of a data processing system to prevent the security implications of could have process events to be controlled there) and (p. 6, 2nd para., see the filter function of security translators PC2 would fail, that of the security translators PC1 cover this error because they do the analysis of the telegrams to be evaluated first has been. The error that occurred was then not recognized and one in the filter function of the security translator PC1 errors that would occur later would remain possibly undetected. This would give the opportunity that actually dangerous commands from the outside on the Protected data network of the security-relevant data processing system could get) (emphasis added).
sending a remote query signal) to an interface device upstream of the controller by means of an external remote query device (p. 5, 5th para., to isolate the data 
Forstreuter doesn’t explicitly teach:
checking, via the interface device, whether the remote query signal) contains a query command for querying system data stored as permissible in the interface device; passing through the query command contained in the remote query signal to the controller if the query command stored as permissible is contained in the external remote query signal.
However, Roddy teaches such use: (Fig. 2, Client 202, 210 Mediating firewall, switch 218, internal system #1, internal system #2, internal system #3), (Fig. 4, External interface 404, Processing engine 406, Internal interface 408), (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, Yes, prepare and send a request to internal system 512), (p. 3, [0029], see FIG. 2 is a schematic diagram of a system used in one embodiment to provide security for external access to an internal computer system) and (p. 5, [0043-0045], see the external interface 404 is configured to perform initial processing on incoming requests, such as by normalizing incoming messages into a common format and, in some cases, performing security-related tasks such as decryption, authentication, and integrity checking, to the extent required by the 
otherwise passing through of the query commend is omitted.
However, Roddy teaches such use: : (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, N, Respond per exception handling rules 510), (p. 6, [0050], see if it is determined in step 508 that the request is not authorized, the process proceeds to step 510 in which event the mediating firewall responds to the request in accordance with the exception handling rules designated by the system administrator. In one embodiment, the firewall may be configured to respond to an unauthorized request by ignoring the request. In one embodiment, the mediating firewall may be configured to respond to an unauthorized request by sending a message to the requesting party indicating that the request is not authorized) and (p. 9, [0073], see in one embodiment a blocked request may be ignored. In one embodiment, the system 
transmitting requested data to the external remote query device in a case of a permissible query command. 
However, Roddy teaches such use: (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, Yes, prepare and send a request to internal system 512, receive response from internal system 514, prepare and send responsive message to requesting party 516).
Forstreuter and Roddy are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter and Roddy before him or her, to modify the system of Forstreuter to include the teachings of Roddy, as a system for secured external access to a protected computer network, and accordingly it would enhance the system of Forstreuter, which is focused on security related data processing, because that would provide Forstreuter with the ability to filter request, as suggested by Roddy (p. 5, [0043-0045], p. 12, [0084]).      
   In regards to claim 29, Forstreuter teaches:
before passes through the query command to the controller, first transmitting the query command from an external interface module of the interface device to an internal interface module of the interface device, namely by means of a packet protocol change or on a basis of a packet-free signal transmission (p. 1, 4th para., 
Forstreuter doesn’t explicitly teach:
passes through the query command from the internal interface module of the interface device to the controller.
However, Roddy teaches such use: (Fig. 2, Client 202, 210 Mediating firewall, switch 218, internal system #1, internal system #2, internal system #3), (Fig. 4, External interface 404, Processing engine 406, Internal interface 408), (Fig. 5, Receive request 504, analyze request 506, Request Authorized? 508, Yes, prepare and send a request to internal system 512), (p. 3, [0029], see FIG. 2 is a schematic diagram of a system used in one embodiment to provide security for external access to an internal computer system) and (p. 5, [0043-0045], see the external interface 404 is configured to perform initial processing on incoming requests, such as by normalizing incoming messages into a common format and, in some cases, performing security-related tasks such as decryption, authentication, and integrity checking, to the extent required by the preferences established by the system administrator and/or to the extent necessary to implement other policy rules. Once initial processing of an incoming request is performed by the external interface, the request is passed in a common format to a processing engine 406, in which the decision tree developed based on the policies and preferences indicated by the system administrator is employed to determine the proper action to take in response to the request. If it is determined that the request should be processed and the requested information or service obtained for delivery to the requesting party, the processing engine passes the request to the internal 
Forstreuter and Roddy are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter and Roddy before him or her, to modify the system of Forstreuter to include the teachings of Roddy, as a system for secured external access to a protected computer network, and accordingly it would enhance the system of Forstreuter, which is focused on security related data processing, because that would provide Forstreuter with the ability to filter request, as suggested by Roddy (p. 5, [0043-0045], p. 12, [0084]).      
   In regards to claim 30, Forstreuter doesn’t explicitly teach:   
the internal interface module passing through the query command to the controller on a basis of a packet-free signal transmission which differs from the internal packet-free signal transmission or on a basis of at least one feature selected from the group consisting of a third packet protocol which differs from the internal packet protocol, and a third packet protocol which differs from and/or an external packet protocol.
However, Roddy teaches such use: (Fig. 2, Client 202, 210 Mediating firewall, switch 218, internal system #1, internal system #2, internal system #3), (Fig. 4, External interface 404, Processing engine 406, Internal interface 408), (Fig. 5, Receive request 
Forstreuter and Roddy are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter and .      

9.	Claims 24, 26, 31 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Forstreuter in view of Roddy in view of Marty et al., US 2015/0188985 (hereinafter Marty). 
In regards to claims 16 and 28 the rejections above are incorporated respectively.
   In regards to claim 24, Forstreuter and Roddy, in particular Forstreuter doesn’t explicitly teach:
further comprising a data diode connected in parallel to at least a last interface module of said at least two interface modules in the cascaded manner, as seen from said external remote query device, that is to say, to an interface module which is connected to said controller; and wherein in a presence of the query command, said controller transmits requested data via said data diode, and thus past said interface module connected to said controller, to said external remote query device. 
However, Marty teaches such use: (p. 7, 1st column, lines 33-35, see sending the data to be transmitted on N (N&gt;=2) transmission pathways in parallel, each protected by a physical data diode;  and receiving of data in N buffer memories by the receiver desk) nd column, lines 23-33, see the file block to a File Transfer Protocol (FTP) server and to a transmission agent in charge of parallel transmission of the file block on transmission pathways to the receiver desk through each physical data diode;  extracting the file blocks that have arrived from the buffer memories corresponding to the parallel transmission through each physical data diode by the receiver desk;  and processing the file block recognized as being correct and eliminating file block not recognized as being correct). 
Forstreuter, Roddy and Marty are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter, Roddy and Marty before him or her, to modify the system of Forstreuter and Roddy, in particular Forstreuter to include the teachings of Marty, as a system for directional data transfer, and accordingly it would enhance the system of Forstreuter, which is focused on security related data processing, because that would provide Forstreuter with the ability to utilize a data diode, as suggested by Marty (p. 7, 1st column, lines 33-35, p. 1, [0004]).      
   In regards to claim 26, Forstreuter and Roddy, in particular Forstreuter doesn’t explicitly teach:   
further comprising a data diode connected in parallel to said interface device as a whole; and wherein in a presence of the query command, said controller transmits requested data via said data diode and thus past said interface device as a whole to said external remote query device.
st column, lines 33-35, see sending the data to be transmitted on N (N&gt;=2) transmission pathways in parallel, each protected by a physical data diode;  and receiving of data in N buffer memories by the receiver desk) and (p. 7, 2nd column, lines 23-33, see the file block to a File Transfer Protocol (FTP) server and to a transmission agent in charge of parallel transmission of the file block on transmission pathways to the receiver desk through each physical data diode;  extracting the file blocks that have arrived from the buffer memories corresponding to the parallel transmission through each physical data diode by the receiver desk;  and processing the file block recognized as being correct and eliminating file block not recognized as being correct). 
Forstreuter, Roddy and Marty are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter, Roddy and Marty before him or her, to modify the system of Forstreuter and Roddy, in particular Forstreuter to include the teachings of Marty, as a system for directional data transfer, and accordingly it would enhance the system of Forstreuter, which is focused on security related data processing, because that would provide Forstreuter with the ability to utilize a data diode, as suggested by Marty (p. 7, 1st column, lines 33-35, p. 1, [0004]).      

   In regards to claim 31
a data diode is connected in parallel to at least a last interface module of the interface device disposed in a cascaded configuration of interface modules of the interface device, seen from said external remote query device, that is to say, an interface module which is connected to the controller; the data diode is polarized in such a way that the requested data can be sent in a direction of the external remote query device; and in a presence of the query command, the requested data is transmitted via the data diode, and thus past the last interface module connected to the controller, to the external remote query device. 
However, Marty teaches such use: (p. 7, 1st column, lines 33-35, see sending the data to be transmitted on N (N&gt;=2) transmission pathways in parallel, each protected by a physical data diode;  and receiving of data in N buffer memories by the receiver desk) and (p. 7, 2nd column, lines 23-33, see the file block to a File Transfer Protocol (FTP) server and to a transmission agent in charge of parallel transmission of the file block on transmission pathways to the receiver desk through each physical data diode;  extracting the file blocks that have arrived from the buffer memories corresponding to the parallel transmission through each physical data diode by the receiver desk;  and processing the file block recognized as being correct and eliminating file block not recognized as being correct). 
Forstreuter, Roddy and Marty are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter, Roddy and Marty before him or her, to modify the system of Forstreuter and Roddy, in st column, lines 33-35, p. 1, [0004]).      

   In regards to claim 33, Forstreuter and Roddy, in particular Forstreuter doesn’t explicitly teach: 
a data diode is connected in parallel to the interface device as a whole; the data diode is polarized in such a way that the requested data can be sent in a direction of the external remote query device; and in a presence of the query command, the requested data is transmitted via the data diode, and thus past the interface device as a whole, to the external remote query device. 
However, Marty teaches such use: (p. 7, 1st column, lines 33-35, see sending the data to be transmitted on N (N&gt;=2) transmission pathways in parallel, each protected by a physical data diode;  and receiving of data in N buffer memories by the receiver desk) and (p. 7, 2nd column, lines 23-33, see the file block to a File Transfer Protocol (FTP) server and to a transmission agent in charge of parallel transmission of the file block on transmission pathways to the receiver desk through each physical data diode;  extracting the file blocks that have arrived from the buffer memories corresponding to the parallel transmission through each physical data diode by the receiver desk;  and processing the file block recognized as being correct and eliminating file block not recognized as being correct). 

Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter, Roddy and Marty before him or her, to modify the system of Forstreuter and Roddy, in particular Forstreuter to include the teachings of Marty, as a system for directional data transfer, and accordingly it would enhance the system of Forstreuter, which is focused on security related data processing, because that would provide Forstreuter with the ability to utilize a data diode, as suggested by Marty (p. 7, 1st column, lines 33-35, p. 1, [0004]).      

10.	Claims 25 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Forstreuter in view of Roddy in view of Braband, EP 0997807A2.
In regards to claims 16 and 28 the rejections above are incorporated respectively.
   In regards to claim 25, Forstreuter and Roddy, in particular Forstreuter doesn’t explicitly teach: 
said interface device has a signature memory to store at least one signature considered valid.
However, Braband teaches such use: (p. 2, 6th para., see the present invention relates to a method for online update safety-critical software in railway signaling and serves in particular the introduction of product software in target computers of plants), (p. 1, Claim 1, see process for the online update of safety-critical software in the railway signaling 
said interface device is configured in such a way that said interface device checks a software update received at said external interface for a presence of at least one signature stored as valid.
However, Braband teaches such use: (p. 1, Claim 1, see process for the online update of safety-critical software in the railway signaling technology with the participation of several participants and using cryptographic methods and in digitized form of available encrypted data sets… the product software is inserted into the target computer together with a linked signature list and the list of key certificates of the participants as well as the list of examiners and then checked) and (p. 2, Claim 6-7, see that that in addition to an implementation of the cryptographic functions, the public key of the certification authority is available in the target computer… that the target computer checks the digital signatures of the participants and the authorization of the participants
in a case of successful signature verification, said interfaced device performs a software update and in a case of unsuccessful signature verification, omits a performance of the software update. 
th para., see the invention has for its object a method for Online update of safety-critical software in railway signaling to create which with simple means an effective cooperation of several participants in the development and testing of product software as well as a safe Introducing this product software into the target computers), (p. 2, Description, 5th para., see the product software is digitally signed by the examiners and via an open network is brought into the safety-critical system. The target computer automatically checks the signatures Authenticity and admissibility) and (p. 3, 7th para., see the secure computer checks when a new software version is received the digital signatures of the examiners for this software version belong, as well as the authorization if the examination is successful). 
Forstreuter, Roddy and Braband are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter, Roddy and Braband before him or her, to modify the system of Forstreuter and Roddy, in particular Forstreuter to include the teachings of Braband, as a system for  updating safety critical software, and accordingly it would enhance the system of Forstreuter  , which is focused on security related data processing, because that would provide Forstreuter  with the ability to perform an update, as suggested by Braband (p. 2, 6th para., p. 2, description, 11th para.).      

   In regards to claim 32,
to perform a software update, a software update file is signed, namely on a basis of at least one signature stored as valid in the interface device, a signed software update file is transferred to the interface device.
However, Braband teaches such use: (p. 2, 6th para., see the present invention relates to a method for online update safety-critical software in railway signaling and serves in particular the introduction of product software in target computers of plants), (p. 1, Claim 1, see process for the online update of safety-critical software in the railway signaling technology with the participation of several participants and using cryptographic methods and in digitized form of available encrypted data sets… the product software is inserted into the target computer together with a linked signature list and the list of key certificates of the participants as well as the list of examiners and then checked) and (p. 2, Claim 6-7, see that in addition to an implementation of the cryptographic functions, the public key of the certification authority is available in the target computer… that the target computer checks the digital signatures of the participants and the authorization of the participants). 
the interface device checks the signed software update file for a presence of the at least one signature stored as valid.
However, Braband teaches such use: (p. 1, Claim 1, see process for the online update of safety-critical software in the railway signaling technology with the participation of several participants and using cryptographic methods and in digitized form of available encrypted data sets… the product software is inserted into the target computer together with a linked signature list and the list of key certificates of the participants as well as the list of examiners and then checked) and (p. 2, Claim 6-7, see that that in addition to 
in a case of successful signature verification, performs the software update contained in the software update file and in the case of unsuccessful signature verification, omits a performance of the software update. 
However, Braband teaches such use: (p. 2, Description, 9th para., see the invention has for its object a method for Online update of safety-critical software in railway signaling to create which with simple means an effective cooperation of several participants in the development and testing of product software as well as a safe Introducing this product software into the target computers), (p. 2, Description, 5th para., see the product software is digitally signed by the examiners and via an open network is brought into the safety-critical system. The target computer automatically checks the signatures Authenticity and admissibility) and (p. 3, 7th para., see the secure computer checks when a new software version is received the digital signatures of the examiners for this software version belong, as well as the authorization if the examination is successful). 
Forstreuter, Roddy and Braband are analogous art because they are from the same field of endeavor, control systems.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Forstreuter, Roddy and Braband before him or her, to modify the system of Forstreuter and Roddy, in particular Forstreuter to include the teachings of Braband, as a system for  updating safety critical software, and accordingly it would enhance the system of Forstreuter  , th para., p. 2, description, 11th para.).      

Conclusion
11.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Patent Application Publications

Felsher et al., US9419951      System for secure three-party communications

Addepalli et al., US8705527    Internal networking data optimization   
12.	Examiner, in light of the above submission maintains the previous rejections, and any new ground(s) of rejection is necessitated by Applicant’s amendment.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

13.	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Correspondence Information

14.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Evral Bodden whose telephone number is 571-272-3455.  The examiner can normally be reached on Monday to Friday, 8:30 to 5:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EVRAL E BODDEN/Primary Examiner, Art Unit 2193