DETAILED ACTION 
The instant application having Application No. 16/651898 filed on March 27, 2020, having a preliminary amendment, is presented for examination by the examiner. 
The preliminary amendment has claim 8 canceled and claims 1-7 and 9-10 pending.  
Claims 1-7 and 9-10 are examined.  
 
Notice of Pre-AIA  or AIA  Status 
3. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
Oath/Declaration 
4. 	The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63. 
 
Information Disclosure Statement 
As required by M.P.E.P. 609(C), the applicant’s submission of the Information Disclosure Statements submitted on 03/27/2020 is acknowledged by the examiner and the cited references have been considered in the examination of the claims now pending. As required by M.P.E.P. 609(C), a copy of the PTOL-1449 initialed and dated by the examiner is attached to the instant office action. 
 
Drawings 
The drawings submitted on 03/27/2020 are acceptable for examination purposes. 
 
Specification 
The Specification submitted on 03/27/2020 is acceptable for examination purposes. 
 
Claim Objections 
Claim 5 is objected to because of the following informalities:   
The claim 5 is dependent to claim 3 and recites “… or the operation manual”. However, claim 3 does not recite any “operational manual”.  Instead, claim 4 is the one that recites the term, “an operational manual.  There is a lack of proper antecedent basis with the limitation.  
Appropriate correction is required. 
 
Claim 6 is objected to because of the following informalities:   
The claim 6 is dependent to claim 1 and recites “the element that can cause data movement to occur”.  However, claim 1 does not recite any “element”.  Instead, claim 5 is the one that recites the term, “an element”.  There is a lack of proper antecedent basis with the limitation.  Appropriate correction is required. 
 
Claim 7 is objected to because of the following informalities:   
The claim 7 is dependent to claim 1 and recites “the element that can cause data movement to occur”. However, claim 1 does not recite any “element”.  Instead, claim 5 is the one that recites the term, “an element”.  There is a lack of proper antecedent basis with the limitation.  Appropriate correction is required. 
 
Claim Interpretation 
The following is a quotation of 35 U.S.C. 112(f): 
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.  
 
The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
 
11. 	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “a system configuration detector”, “an air gap path detector”, and “a security assessment unit” in claim 1. 
Because this/these claim limitations are being interpreted under 35 U.S.C. 112(f) or preAIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
If applicant does not intend to have this/these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitations to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. 
 
Claim Rejections - 35 USC § 112 
12. 	The following is a quotation of 35 U.S.C. 112(b): 
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 
 
 
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: 
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 
 
Claim limitations “a system configuration detector”, “an air gap path detector”, and “a security assessment unit” of claim 1 invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
Applicant may: 
Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph;  
Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or  
Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)). 
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:  
Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or  
Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181. 
Claims 2-7 are dependent to the independent claim 1, and therefore, are also rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Claim Rejections - 35 USC § 103 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 
 
Claims 1-3 and 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Chaskar et al. (US 2013/0007848), hereinafter referred to as Chaskar, and in view of Young et al. (US 2011/0197280), hereinafter referred to as Young. 
As per claim 1, Chaskar teaches an information processing apparatus comprising: a system configuration detector that detects at least two hosts included in a system and a communication link between the at least two hosts (Chaskar, Fig. 1 and Parag. [0040]; “Conventionally, LANs with Wi-Fi extensions are vulnerable to additional security threats such as unauthorized APs (119) which can be connected to the LAN to provide unauthorized Wi-Fi extension (also called as rogue APs), mis-configurions of authorized APs (113A, 113B, 116 A), APs (121) in wireless neighborhood which may attract stations in the LAN to form unauthorized wireless connections (also called as honeypot APs) and like. Security monitoring systems are thus desirable to protect from security threats emerging from these vulnerabilities.” … Parag. [0041]; “The security monitoring system (often called as wireless intrusion detection/prevention system) can include one or more RF sensor/detection devices (e.g., sensor devices 122A and 122B, each generically referenced herein as a sniffer 122) disposed within or in a vicinity of a selected geographic region comprising LAN. In an embodiment (shown in FIG. 1), sniffer 122 can be connected to LAN via a connection port (e.g., connection port 123 A/123B). In alternative embodiment, sniffer 122 can be connected to the LAN using a wireless connection.” … Parag. [0042]; “A sniffer 122 is able to monitor wireless activity in a subset of the selected geographic region. Wireless activity can include any transmission of control, management, or data packets between an AP and one or more wireless stations, or among one or more wireless stations. Wireless activity can even include communication for establishing a wireless connection between an AP and a wireless station (called "association").” … Parag. [0052]; “Sniffer 122 can also advantageously receive configuration information from server 124. This configuration information can include, for example, the operating system software code, the operation parameters (e.g. frequency spectrum and radio channels to be scanned), the types of wireless activities to be detected, and the identity information associated with any authorized wireless device.”); and a security assessment unit that performs security assessment using a detection result by said system configuration detector [and a detection result by said air gap path detector] (Chaskar, Parag. [0005]; “The one or more sniffers being in communication with a security monitoring server over a computer network.” … Parag. [0051]; “A security monitoring system server 124 can be coupled to the LAN using a connection port 125. Alternatively, the server can be hosted in the Internet (hosted in the cloud). In an embodiment, each sniffer 122 can convey its information about detected wireless activity to server 124 (i.e., over one or more computer networks). Server 124 can then analyze that information, store the results of that analysis, and process the results.”). 	 However, Chaskar does not expressly teach following limitations: 
an air gap path detector that detects, among the at least two hosts, a pair of hosts between which there is no communication link but data movement can occur; and 
… detection result by said air gap path detector. 
But, Young teaches an air gap path detector that detects, among the at least two hosts, a pair of hosts between which there is no communication link but data movement can occur (Young, Parag. [0003]; “When an air gap separates two computer networks, any data transfer between the computer networks requires a manual step in which a user transfers files from the first computer network onto a portable storage media (e.g., a USB thumb drive, a read/writable CD or DVD, etc.).  The portable storage media is then physical disconnected/removed from the first computer network, and physically connected to the second computer network to upload the transferred files. Thus, no direct communication link exists at any time between the computer networks, and all of the transferred data will reside on the portable media for a period of time during the transfer.” … Fig. 3A and Parag [0023]; “The network managed antivirus appliances 100 within the network 200, and the computers within the secure computer networks 210 and 220, may be configured to interact with the other devices in their respective networks. However, in certain embodiments, the networks 200, 210, and 220 may be isolated from one another and may have no digital communication links (e.g., all three networks may be separated by an `air gap`).”  … Parag. [0042]; “… In these examples, the appliance 100 may receive the files to be scanned from one of the secure networks via an electronic file transfer in step 420, without needing to use to a portable media to receive the files.”  Examiner submits the antivirus appliances 100 is an air gap path detector, and the appliances 100 is located in between networks 210 and 220, wherein there is no digital communication links yet data transfer is feasible); 
… detection result by said air gap path detector (Young, Parag. [0042]; “… In these examples, the appliance 100 may receive the files to be scanned from one of the secure networks via an electronic file transfer in step 420, without needing to use to a portable media to receive the files.” … Parag. [0043]; “the antivirus appliance 100 may also collect data and statistics regarding the media scanned (e.g., the total size of the media, the number and types of files on the media.” … Parag. [0046]; “In step 450, the files scanned and/or scan results and statistics may be transmitted to one or more servers in the management network 200.”). 
Chaskar and Young are from a similar field of technology, respectively related to: (i) protecting systems or networks from malware and viruses; (ii) assessing security measurement for the connections between hosts and networks. Chaskar teaches a sniffer could detect the wireless configurations which are connected to the networks. Young teaches data can be transferred between systems even with there is no connection to the network.  
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Young into the system and method of Chaskar to improve security in data movement between systems physically separated with an air gap, assuring that any virus within the data can only corrupt the standalone computer and will not spread to any larger network. 
 
As per claim 2, the combination of Chaskar and Young teach the information processing apparatus according to claim 1. Young further teaches wherein said air gap path detector includes an interface for inputting, by a user, information [concerning the pair of hosts] detected by said air gap path detector (Young, par 50, The second option 433b allows the user at the antivirus appliance 100 to select users and/or user groups that correspond to valid users on the destination network). 
Young does not expressly teach the information concerning the pair of hosts. 
However, Chaskar further teaches information concerning the pair of hosts (Chaskar, Fig. 1 and par 34, A subnet is typically identified by a network number (e.g., IP number and subnet mask) and the plurality of subnets are interconnected using router device(s). Notably, the plurality of the subnets of the LAN can be geographically distributed (e.g., in offices of a company in different geographic locations).  Chaskar, par 52, … the types of wireless activities to be detected, and the identity information associated with any authorized wireless device.  Chaskar, par 54, present invention facilitates detecting the smart mobile devices connecting into the enterprise network (e.g., over Wi-Fi) and enforcing the specified usage policy). 
 
As per claim 3, the combination of Chaskar and Young teach the information processing apparatus according to claim 1. Chaskar further teaches wherein [said air gap path detector] detects the pair of hosts detected [by said air gap path detector], based on information of a document concerning specifications of the system (Chaskar, par 89, the policy also can also facilitate specifying the types of the smart mobile devices for which the specific policies are to be applied. For example, by adding the type of the device from the panel 1208 into the boxes 1202, 1204 or 1206, the corresponding policy can be enforced on the selected device type ... As merely an example, the BlackBerry devices may be allowed to connect to the corporate Wi-Fi network (e.g., by adding BlackBerry type into box 1202), while iPhones and iPads may be disallowed to connect to the corporate Wi-Fi network but allowed to connect to the corporate guest network). 
In addition, 
Young further teaches said air gap path detector (Young, par 3, When an air gap separates two computer networks, any data transfer between the computer networks requires a manual step in which a user transfers files from the first computer network onto a portable storage media (e.g., a USB thumb drive, a read/writable CD or DVD, etc.).  The portable storage media is then physical disconnected/removed from the first computer network, and physically connected to the second computer network to upload the transferred files. Thus, no direct communication link exists at any time between the computer networks, and all of the transferred data will reside on the portable media for a period of time during the transfer. Young, Fig. 3A and par 23, The network managed antivirus appliances 100 within the network 200, and the computers within the secure computer networks 210 and 220, may be configured to interact with the other devices in their respective networks. However, in certain embodiments, the networks 200, 210, and 220 may be isolated from one another and may have no digital communication links (e.g., all three networks may be separated by an `air gap`).  Young, par 42, … In these examples, the appliance 100 may receive the files to be scanned from one of the secure networks via an electronic file transfer in step 420, without needing to use to a portable media to receive the files). 
 
As per claim 9, it is a method claim that encompasses limitations that are similar to those of the apparatus claim 1. Therefore, claim 9 is rejected with the motivation and rational as applied against claim 1 above. 
 
As per claim 10, it is a non-transitory computer readable medium claim that encompasses limitations that are similar to those of the apparatus claim 1. Therefore, claim 10 is rejected with the motivation and rational as applied against claim 1 above. 
 
 
15. 	Claims 4-6 are rejected under 35 U.S.C. 103 as being unpatentable over Chaskar et al. 
(US 2013/0007848), hereinafter referred to as Chaskar, and in view of Young et al. (US 2011/0197280), hereinafter referred to as Young as applied to claim 1, and in further view of Nenov (US 9,692,784). 
As per claim 4, the combination of Chaskar and Young teaches the information processing apparatus according to claim 1.   
However, the combination of Chaskar and Young does not expressly teach: 
wherein said air gap path detector detects the pair of hosts detected by said air gap path detector, based on information of an operation manual of the system. 
But, Nenov teach: 
wherein said air gap path detector detects the pair of hosts detected by said air gap path detector, based on information of an operation manual of the system (Nenov, Col. 4 lines 5-12; “FIG. 1B, illustrated is an embodiment of mapping a packet (e.g. packet 114) to a region (e.g. filter region 116) for geoprocessing-based packet processing and network security. The filter region may represent a range of parameters, such as source IP addresses from a first value IP(1) to a second value IP(2), Such as ip from and ip to discussed above. A two-dimensional MBR may be defined with diagonally opposite corners based on the ip from and ip to values, e.g. from (-1, IP(1)) to (1, IP(2)) as shown. This makes it possible to search for an IP address in a spatial domain (e.g. a point at (0, source IP)), using geoprocessing based algorithms.” … “In some implementations, a security device 100 may maintain a log 220. Log 220 may comprise a database, flat file, or other type and form of data structure for recording packet parameters and applied filter actions. In some implementations, security device 100 may record actions with timestamps, device identifiers, or other distinguishing information.” … Col. 13, lines 44-50; “At step 318, the security device may send a notification. As discussed above in connection with step 312, sending a notification may comprise transmitting a notification to a computing device of an administrator on the local or external network (e.g. a smart phone, a desktop computer, a management service, etc.); recording a notification in a log of the security device” … Col. 14 lines 29-36; “The user or administrator may take steps to mitigate any attack, Such as creating a specific filter to match the attack parameters (e.g. payload type, contents, size, etc.; destination IP address and/or port; source address or addresses; etc.) and applying a blocking rule; or moving a filtering rule up in priority within a rule set so that it is processed and applied earlier.” Examiner submits that the administrator could use a log (document of events) to identify the pair of hosts sending packets by means of the IP address or port number.). 
Chaskar, Young and Nenov are from a similar field of technology, respectively related to: (i) protecting systems or networks from malware and viruses; (ii) assessing security measurement for the connections between hosts and networks. Chaskar teaches a sniffer could detect the wireless configurations which are connected to the networks. Young teaches data can be transferred between systems even with there is no connection to the network.  
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Nenov into the system and method of Chaskar-Young to improve methods for security management system by the use of a security appliance to monitor any network change in order to address attacks  
(Nenov, Abstract). 
 
As per claim 5, the combination of Chaskar and Young teaches the information processing apparatus according to claim 3. 
Chaskar and Young does not expressly teach further comprising an interface for inputting an interpretation rule of a word or a text to extract, from the document or the operation manual, information of an element that can cause data movement to occur. 
However, Nenov teaches further comprising an interface for inputting an interpretation rule of a word or a text to extract, from the document or the operation manual, information of an element that can cause data movement to occur (Nenov, Col. 6, lines 37-50; “FIG. 1E is an illustration of an embodiment of a rules database for distributed rule sets for network security appliances. Rules database 105 may be any type and form of database, including a flat file, array, relational database, or any other type of data format. In some implementations, rules database 105 may be a SQL database. As shown in FIG. 1D, in some implementations, rules database 105 may be stored on a storage device separate from a management server 105. Such as a storage array, network attached storage device, database server, storage server, or any other type and form of storage device or as part of a computing device. In other implementations, rules database 105 may be stored in storage of management device 105. Such as on a hard drive or drives, tape drive, flash drive, etc.” … Col. 6, lines 56-66; “For example, a set of rule identifiers 120 may be associated with a device identifier for a security device, indicating the rule set distributed to said security device. In another example, upon detection of an attempted attack that matches a rule, a security device may store a rule identifier 120 to a log and/or transmit an identification of the rule identifier 120 to the management server 105 to indicate that an attempted attack has been detected and potentially stopped. Each rule 122 may comprise one or more actions, one or more conditions, and one or more parameters.”). 
Chaskar, Young and Nenov are from a similar field of technology, respectively related to: (i) protecting systems or networks from malware and viruses; (ii) assessing security measurement for the connections between hosts and networks. Chaskar teaches a sniffer could detect the wireless configurations which are connected to the networks. Young teaches data can be transferred between systems even with there is no connection to the network.  
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Nenov into the system and method of Chaskar-Young to improve methods for security management system by the use of a security appliance to monitor any network change in order to address attacks  
(Nenov, Abstract). 
 
As per claim 6, the combination of Chaskar and Young teaches the information processing apparatus according to claim 1.  
The combination of Chaskar and Young does not expressly teach: 
wherein information concerning a type of the element that can cause data movement to occur between the pair of hosts detected by said air gap path detector is collected. 
However, Nenov teaches: 
 wherein information concerning a type of the element that can cause data movement to occur between the pair of hosts detected by said air gap path detector is collected (Nenov, Col. 2, lines 63-65; “Security device 100 may comprise a gate way, firewall, Switch, hub, access point, modem, or any other Such device.” ... Col. 3, lines 5-16; “Additional devices not illustrated may be deployed on networks 106, including switches, gateways, routers, firewalls, or other such devices. Computing devices 102, 104 may comprise any type and form of computing device, including desktop computers, laptop computers, tablet computers, smart phones, smart televisions, game consoles, wearable computers, networked devices or appliances such as Internet of Things (IoT) devices, server computers, workstations, or any other type and form of networked computing device, and may be variously referred to as servers, clients, hosts, remote devices, local devices, or by any other such name.” … Col. 11, lines 7-16; “The new device may connect to the local network (e.g. via a WiFi connection) and may begin transmitting network packets (e.g. containing status information or requests for commands or other such data). The security device 100 may detect the new packets as being transmitted from an unknown device and may buffer the packets or block transmission of the packets to other devices on the local network and/or to servers or devices via the external network.” See Fig 1E that shows the type of devices that are identified and the action/rule applied based on the analysis of packet/data transmission.). 
Chaskar, Young and Nenov are from a similar field of technology, respectively related to: (i) protecting systems or networks from malware and viruses; (ii) assessing security measurement for the connections between hosts and networks. Chaskar teaches a sniffer could detect the wireless configurations which are connected to the networks. Young teaches data can be transferred between systems even with there is no connection to the network.  
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Nenov into the system and method of Chaskar-Young to improve methods for security management system by the use of a security appliance to monitor any network change in order to address attacks  (Nenov, Abstract). 
 
As per claim 7, the combination of Chaskar and Young teach the information processing apparatus according to claim 1. Young teaches wherein information concerning a [frequency or a connection time] at which or during which the element that can cause data movement to occur between the pair of hosts detected by said air gap path detector is connected to the host or [information concerning both the frequency and the connection time is collected] (Young, Parag. [0003]; “When an air gap separates two computer networks, any data transfer between the computer networks requires a manual step in which a user transfers files from the first computer network onto a portable storage media (e.g., a USB thumb drive, a read/writable CD or DVD, etc.).  The portable storage media is then physical disconnected/removed from the first computer network, and physically connected to the second computer network to upload the transferred files. Thus, no direct communication link exists at any time between the computer networks, and all of the transferred data will reside on the portable media for a period of time during the transfer.” … Fig. 3A and Parag [0023]; “The network managed antivirus appliances 100 within the network 200, and the computers within the secure computer networks 210 and 220, may be configured to interact with the other devices in their respective networks. However, in certain embodiments, the networks 200, 210, and 220 may be isolated from one another and may have no digital communication links (e.g., all three networks may be separated by an `air gap`).”). 
However, the combination of Chaskar and Young does not expressly teach: 
… a frequency or a connection time … or information concerning both the frequency and the connection time is collected. 
But Nenov teach: 
… a frequency or a connection time … or information concerning both the frequency and the connection time is collected (Nenov, Col. 12, lines 42-47; “At step 304, the security device may determine if the packet is part of an attack attempt or represents an attack attempt. In some implementations, packets may be identified as an attack attempt based on a rate of reception exceeding a predetermined threshold, indicating a potential denial of service or distributed denial of service attack.” ... Col. 12, lines 53-59; “Accordingly, the security device may determine if a packet is part of an attack or represents an attack attempt based on matching to one or more rules in a rules database, based on any information about the packet, including source, destination, protocol, type, QoS requirement, metadata, payload contents, payload size, frequency of reception, or any other such data” Examiner submits that the frequency of reception of packets represents the data movement or data transmission that is performed by a pair of devices.). 
Chaskar, Young and Nenov are from a similar field of technology, respectively related to: (i) protecting systems or networks from malware and viruses; (ii) assessing security measurement for the connections between hosts and networks. Chaskar teaches a sniffer could detect the wireless configurations which are connected to the networks. Young teaches data can be transferred between systems even with there is no connection to the network.  
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Nenov into the system and method of Chaskar-Young to improve methods for security management system by the use of a security appliance to monitor any network change in order to address attacks (Nenov, Abstract). 
 
Conclusion 
16. 	The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure includes: 
Huang (US Pub 2018/0359799) – teaches air gapped environments among systems. 
Crouyger (US Pub 2016/0011921) – teaches protecting first network from the security risks of the second network with air gap. 
	 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.D.C./Examiner, Art Unit 2498          

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498