DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application and the preliminary amendment filed on 02/18/2021. This application is a continuation application (CON) of the patent US 10,957,170.
Claims 1-12, 14, 19-24, 26-31 and 62-67 are currently pending in this application. Claims 13, 15-18, 25, 32-61 and 68-78 have been cancelled.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/18/2021 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure. The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length.
The abstract is objected because it needs to be on a separate sheet and includes acronyms (e.g., IP, PoE, etc.), which should be spelled out at the first time included in the abstract.
The specification of the disclosure is objected because it includes acronyms (e.g., IP, PTZ, DNS, MAC, etc.), which should be spelled out at the first time included in the specification.    
Appropriate corrections are required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 1-12, 14, 19-24, 26-31 and 62-67 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claims 1 and 19 recite “… isolating an untrusted device from a sensitive network …”, however, it is not clear how to define a network is a sensitive network or not (e.g., an optical network, etc.).
Claims 2-12, 14, 20-24 and 26-31 depend from the claim 1 or 19 and are analyzed and rejected accordingly.

Claim 1 recites “… the communication is an allowed transmission … the communication is an allowed transmission …”, however, it is not clear whether “an allowed transmission” included in two different locations are the same or not.


Claim 19 recites “… emulating the untrusted IP camera by generating safe communications using  the programmed protocol, a set of trusted parameters, and data obtained from the untrusted IP camera …”, however, it is not clear how to define the safe communication (e.g., encrypting the communications, etc.) and using the programmed protocol and a set of trusted parameter (e.g., the trusted/true data of the IP camera does not provide the safe communication) – or omitting necessary step/component which causes the claimed limitations unclear.

Claim 62 recites:
“… distributing extracted power …”, however it is not clear how the power is extracted and distributed (note: the power is not the same as the data/packet of the communications);
“… the network device comprising … for connecting to another network device …”, however, it is not clear whether “another network device” is the same type (e.g., same components and configurations) with the network device or not (note: for the examining purpose they are interpreted as the same type of devices);
 “… a power output circuit for injecting a power into the first network cable for powering another network device … a power input circuit for extracting power from the second network cable for powering the network device … a power distribution circuit for distributing power extracted from the second network cable … to the power output circuit”, however, it is not clear whether the distributed power is related to the injected power or not (e.g., it is not clear to define the boundary of the claimed limitations).
Claims 63-67 depend from the claim 62, and are analyzed and rejected accordingly.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-12, 14, 19-24 and 26-31 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because the claims do not fall within at least one of the four categories of patent eligible subject matter.

The claims (1, 19 and dependent claims) recite “A network sanitizer for isolating … comprising: an isolated network interface … a sensitive network … and a processor …” - see the claim 1; and “A network edge enforcement device for creating … comprising: a sensitive network interface … an external access interface … and a processor …” – see the claim 19.  One of ordinary skill in the art would understand that a processor could be ‘hardware processor,’ which is statutory; however, processor could be a ‘software processor;’ (see “The Authoritative Dictionary of IEEE Standard Terms,” Seven Edition, published on 2000).  Moreover, the network interfaces also could be the software interfaces. Because the claimed device platform or security processor contains only software components (e.g., the processor and interfaces, etc.), the claim is directed to non-statutory subject matter.  The mere recitation of the machine/device in the preamble with an absence of a hardware element in the body of the claim fails to make the claim statutory under 35 USC 101. 
The Examiner respectfully suggests that the claim be further amended to positively recites at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-5, 7, 8, 12, 14, 15 and 23-28 of the Patent US 10,957,170 B2 contain every element of claims 1, 2, 4, 10, 19, 21, 22, 26, 28, 30, 31 and 62-67 of the instant application and as such anticipates claims 1, 2, 4, 10, 19, 21, 22, 26, 28, 30, 31 and 62-67 of the instant application.
A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
Current Application No. 16/068195
Reference Patent No.: US 10,957,170 B2
Claim 1:  A network sanitizer device for isolating an untrusted device from a sensitive network and for enforcing authorized transmissions on the sensitive network, the network sanitizer device comprising:
a. an isolated network interface for connecting to an untrusted device, said isolated network interface being isolated from the sensitive network;




b. a sensitive network interface for connecting to the sensitive network; and










c. a processor in communication with the isolated network interface and the sensitive network interface and configured to:
i. intercept every communication originating from the untrusted device; and
ii. for every intercepted communication: 
1. evaluate the communication to ascertain if the communication is an allowed transmission corresponding to an allowed function of the untrusted device;
2. only if the communication is an allowed transmission, generate a recreated communication using an allowed framework satisfying at least in part a purpose of the allowed transmission; and
3. transmit the recreated communication over the sensitive network using the sensitive network interface, wherein the intercepted communication is not transmitted over the sensitive network.

Claim 12:  A network sanitization device for protecting a sensitive network from an untrusted dedicated-function device, the network sanitization device comprising:
a. a rigid enclosed body having no display or user input interface;
b. an isolated network interface for connecting to the untrusted dedicated-function device comprising: i) a first physical network connector; and ii) a first visual indicia on the rigid enclosed body in proximity to the first physical network connector providing a visual indication that the first physical network connector is for connecting with untrusted equipment; and
c. a sensitive network interface for connecting to the sensitive network comprising: i) a second physical network connector; and ii) a second visual indicia on the rigid enclosed body in proximity to the second physical network connector providing a visual indication that the second physical network connector is for connecting with the sensitive network; and
d. processing logic comprising a processor and a memory …
Claim 14: The network sanitization device of claim 12, wherein said processor is in communication with the isolated network interface and the sensitive network interface adapted to receive data packets from the isolated network interface and configured to:
a. intercept every communication originating from the untrusted device; and
b. for every intercepted communication:
i. evaluate the communication to ascertain if the communication is an allowed transmission;

ii. if the communication is an allowed transmission, generate a recreated communication using an allowed framework satisfying at least in part a purpose of the allowed transmission; and
iii. transmit the recreated communication the over the sensitive network using the sensitive network interface, wherein the intercepted communication is not transmitted over the sensitive network.
Claim 2: The network sanitizer device of claim 1, wherein the communication comprises packet data, wherein intercepting said every communication originating from the untrusted device comprises receiving each packet output by the untrusted device, and wherein each packet output by the untrusted device is not transmitted over the sensitive network.
Claim 14: The network sanitization device of claim 12, wherein said processor is in communication … adapted to receive data packets from the isolated network interface and configured to:
a. intercept every communication originating from the untrusted device; and
…  wherein the intercepted communication is not transmitted over the sensitive network.
Claim 4: The network sanitizer device of claim 1, wherein the processor is further configured to evaluate the communication to determine the purpose of the communication network
Claim 14: The network sanitization device of claim 12, wherein said processor … configured to: … i. evaluate the communication to ascertain if the communication is an allowed transmission; … using an allowed framework satisfying (needs the determination) at least in part a purpose of the allowed transmission; …
Claim 10: The network sanitizer device of claim 1, wherein the allowed framework comprises one or more allowed protocol and one or more allowed parameters.
Claim 15: The network sanitization device of claim 12, wherein … access to the sensitive network, and wherein … generating safe communications using the programmed protocol (equivalent to the allowed protocol), a set of trusted parameters (equivalent to the allowed parameters) …
Claim 19: A network edge enforcement device for creating an enforced edge of a sensitive network and limiting access to the sensitive network, the network edge enforcement device comprising:
a. a sensitive network interface for connecting to, and communicating over, the sensitive network;
b. an external access interface for connecting to an untrusted Internet Protocol (IP) camera outside of the sensitive network; and 
c. a processor in communication with both the external access interface and the sensitive network interface and having a programmed protocol, the processor being configured for emulating the untrusted IP camera by generating safe communications using the programmed protocol, a set of trusted parameters, and data obtained from the untrusted IP camera over the external access interface and transmitting the safe communications onto the sensitive network over the sensitive network interface.
Claim 1: A network edge enforcement device for creating an enforced edge of a sensitive network and limiting access to the sensitive network from beyond the edge comprising:
a. a sensitive network interface for connecting to, and communicating over, the sensitive network;
b. an external access interface for connecting to an untrusted device (see below for the IP camera) outside of the sensitive network; and
c. a processor in communication with both the external access interface and the sensitive network interface and having a programmed protocol, the processor being configured for emulating the functionality of the untrusted device by generating safe communications using the programmed protocol, a set of trusted parameters, and data obtained from the untrusted device over the external access interface and transmitting the safe communications onto the sensitive network over the sensitive network interface, 
wherein … the external access interface is configured to connect to an Internet Protocol (IP) camera … 
Claim 21: The network edge enforcement device of claim 19, wherein the set of trusted parameters comprises a destination address within the sensitive network.
Claim 2: The network edge enforcement device of claim 1, wherein the set of trusted parameters comprises a destination address within the sensitive network
Claim 22: The network edge enforcement device of claim 21, wherein the processor is further configured to establish a tunnel between the processor and a destination network element at the destination address within the sensitive network and to transmit the safe communications to the network element over the tunnel.
Claim 3: The network edge enforcement device of claim 2, wherein the processor is further configured to establish a tunnel between the processor and a destination network element at the destination address within the sensitive network and to transmit the safe communications to the network element over the tunnel.
Claim 26: The network edge enforcement device of claim 19, wherein the sensitive network interface comprises a first physical network connector comprised within a first connector port for connecting to, and communicating over, the sensitive network by a first wire-based networking protocol.
Claim 4: The network edge enforcement device of claim 1, wherein the sensitive network interface comprises a first physical network connector comprised within a first connector port for connecting to, and communicating over, the sensitive network by a first wire-based networking protocol.
Claim 28: The network edge enforcement device of claim 26, wherein the external access interface comprises a second physical network connector comprised within a second connector port for connecting to the untrusted IP camera by a second wire-based networking protocol, and wherein the first physical network connector and the second physical network connector are not in direct communication but are each in communication with the processor which is configured not to pass-through any communications from the second physical network connector to the first physical network connector.
Claim 5: The network edge enforcement device of claim 4, wherein the external access interface comprises a second physical network connector comprised within a second connector port for connecting to the untrusted device(or IP camera) by a second wire-based networking protocol, and wherein the first physical network connector and the second physical network connector are not in direct communication but are each in communication with the processor which is configured not to pass-through any communications from the second physical network connector to the first physical network connector.
Claim 30: The network edge enforcement device of claim 19, 
wherein the external access interface comprises a first WiFi interface for establishing a first WiFi network using a first communication channel and connecting to the untrusted IP camera over the first WiFi network.
Claim 7: A network edge enforcement device (same as the claim 1) … 
wherein the external access interface comprises a first WiFi interface for establishing a first WiFi network using a first communication channel and connecting to the untrusted device over the first WiFi network.
Claim 31: The network edge enforcement device of claim 30, wherein the sensitive network interface comprises a second WiFi interface for establishing a WiFi connection using a second communication channel to the sensitive network, wherein the second communication channel is different from the first communication channel, and wherein the first WiFi interface and the second WiFi interface are not in direct communication but are each in communication with the processor which is configured not to pass-through any communications from the first WiFi interface to the second WiFi interface.
Claim 8: The network edge enforcement device of claim 7, wherein the sensitive network interface comprises a second WiFi interface for establishing a WiFi connection using a second communication channel to the sensitive network, wherein the second communication channel is different from the first communication channel, and wherein the first WiFi interface and the second WiFi interface are not in direct communication but are each in communication with the processor which is configured not to pass-through any communications from the first WiFi interface to the second  WiFi interface.
Claim 62: A network device for distributing extracted power, the network device comprising:
a. a first network interface for connecting to another network device comprising:


i. a first physical network connector for connecting to a first network cable in communication with the another network device;
ii. a first data transfer circuit for transferring data to and from the first network cable; and
iii. a power output circuit for injecting a power into the first network cable for powering the another network device; 

b. a second network interface for connecting to a network comprising:
i. a second physical network connector for connecting to a second network cable from the network;
ii. a second data transfer circuit for transferring data to and from the second network cable; and
iii. a power input circuit for extracting power from the second network cable for powering the network device;
c. processing logic powered by the power extracted from the second network cable, the processing logic being in communication with the first network interface and the second network interface, configured for implementing data transmission between the first network interface and the second network interface; and


d. a power distribution circuit for distributing power extracted from the second network cable by the power input circuit to the processing logic and to the power output circuit.
Claim 23: A network sanitization device for (see the end of the claim for distributing extracted power) protecting …, the network sanitization device comprising:
a. an isolated network interface for connecting to the untrusted dedicated-function device (equivalent to another device) comprising:
i. a first physical network connector for connecting to a first network cable in communication with the untrusted dedicated-function device;
ii. a first data transfer circuit for transferring data to and from the first network cable; and
iii. a power output circuit for injecting a power into the first network cable for powering the untrusted dedicated-function device; 
b. a sensitive (or second) network interface for connecting to the sensitive network comprising:
i. a second physical network connector for connecting to a second network cable from the sensitive network;
ii. a second data transfer circuit for transferring data to and from the second network cable; and
iii. a power input circuit for extracting power from the second network cable for powering the network sanitization device;
c. processing logic powered by the power extracted from the second network cable, the processing logic being in communication with the isolated network interface and the sensitive network interface, configured for implementing network sanitization to prevent unwanted communications (equivalent to the implementing data transmission) from the untrusted dedicated-function device from harming the sensitive network; and
d. a power distribution circuit for distributing power extracted from the second network cable by the power input circuit to the processing logic and to the power output circuit.


Claims 24-28 of the Patent US 10,957,170 B2 contain every element of claims 63-67 of the instant application and as such anticipates claims 63-67 of the instant application.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-7, 10-12, 19, 21, 22 and 26-29 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Strathmeyer et al. (US 2003/0169859 A1).

As per claim 1, Strathmeyer teaches a network sanitizer device for isolating an untrusted device from a sensitive network and for enforcing authorized transmissions on the sensitive network [see figs. 1-3; par. 0045, lines 1-26], the network sanitizer device comprising:
a. an isolated network interface for connecting to an untrusted device, said isolated network interface being isolated from the sensitive network [figs. 1, 2; par. 0026, lines 1-7, 14-18 of Strathmeyer teaches the isolated network interface (e.g., the network interface of the PTT at the boundary and/or firewall) for connecting to an untrusted device (e.g., the untrusted client), said isolated network interface being isolated from the sensitive network (e.g., the trusted network with private/sensitive information)];
b. a sensitive network interface for connecting to the sensitive network [figs. 1, 2; par. 0026, lines 1-7, 14-18; par. 0035, lines 1-6 of Strathmeyer teaches the sensitive network interface (e.g., the network interface of the PTT connected to the trusted client) for connecting to the sensitive network (e.g., the trusted network with private/sensitive information)]; and
c. a processor in communication with the isolated network interface and the sensitive network interface [figs. 2, 3; par. 0032, lines 1-2; par. 0041, lines 1-7 of Strathmeyer teaches the processor (e.g., the controller) in communication with the isolated network interface (e.g., the network interface of the PTT at the boundary and/or firewall) and the sensitive network interface (e.g., the network interface of the PTT connected to the trusted client)] and configured to:
i. intercept every communication originating from the untrusted device [par. 0026, lines 9-12; par. 0035, lines 6-8 of Strathmeyer teaches the component of the PTT intercepts every communication (e.g., the request for the connection) originating from the untrusted device (e.g., the untrusted client)]; and 
ii. for every intercepted communication: 1. evaluate the communication to ascertain if the communication is an allowed transmission corresponding to an allowed function of the untrusted device [par. 0035, lines 8-12 of Strathmeyer teaches for every intercepted communication (e.g., the communication from the untrusted client): 1. the component of the PTT evaluate the communication to ascertain if the communication is an allowed transmission corresponding to an allowed function of the untrusted device (e.g., whether allow or deny the connection request)]; 
2. only if the communication is an allowed transmission, generate a recreated communication using an allowed framework satisfying at least in part a purpose of the allowed transmission [par. 0027, lines 1-17; par. 0035, lines 12-18; par. 0038, lines 3-9 of Strathmeyer teaches that only if the communication is an allowed transmission (e.g., if the request connection is authorized), generate a recreated communication (e.g., communication with translating private and public address and translating the communication protocol of the untrusted client to the selected communication protocol) using an allowed framework satisfying at least in part a purpose of the allowed transmission (e.g., selected as being best suited to the receiving client)]; and 
3. transmit the recreated communication over the sensitive network using the sensitive network interface, wherein the intercepted communication is not transmitted over the sensitive network [par. 0027, lines 1-17; par. 0035, lines 12-18; par. 0036, lines 7-10; par. 0038, lines 3-9 of Strathmeyer teaches the component of the PTT transmits the recreated communication (e.g., communication with translated address and translated communication protocol) over the sensitive network (e.g., the trusted network with private/sensitive information) using the sensitive network interface (e.g., the network interface of the PTT connected to the trusted client), wherein the intercepted communication is not transmitted over the sensitive network (e.g., the intercepted communication is transformed to transmit over the sensitive network)].

As per claim 2, Strathmeyer teaches the network sanitizer device of claim 1. 
Strathmeyer further teaches wherein the communication comprise packet data, wherein intercepting said every communication originating from the untrusted device comprises receiving each packet output by the untrusted device, and wherein each packet output by the untrusted device is not transmitted over the sensitive network [fig. 2; par. 0039, lines 18-24; par. 0041, lines 1-7 of Strathmeyer teaches wherein the communication comprise packet data (e.g., packet telephony stream), wherein intercepting every communication (e.g., the request for the connection) originating from the untrusted device (e.g., the untrusted client) comprises receiving each packet output by the untrusted device (e.g., the untrusted client), and wherein each packet output by the untrusted device is not transmitted over the sensitive network – see the rejections of the claim 1].

As per claim 3, Strathmeyer teaches the network sanitizer device of claim 2. 
Strathmeyer further teaches wherein the packet data comprises at least one application layer packet, and wherein the processor is configured to evaluate the communication at the application layer and to generate the recreated communication at the application layer, wherein the recreated communication comprises at least one new application layer packet [fig. 3; par. 0036, lines 7-14; par. 0041, lines 1-20 of Strathmeyer teaches wherein the packet data (e.g., packet telephony stream) comprises at least one application layer packet (e.g., packet telephony stream or the application layer protocol packet), and wherein the processor is configured to evaluate the communication at the application layer and to generate the recreated communication (e.g., translated packet telephony stream or the translated application layer protocol packet) at the application layer, wherein the recreated communication comprises at least one new application layer packet (e.g., packet telephony stream or the application layer protocol packet of the trusted/receiving client)].

As per claim 4, Strathmeyer teaches the network sanitizer device of claim 1 
Strathmeyer further teaches wherein the processor is further configured to evaluate the communication to determine the purpose of the communication [par. 0035, lines 6-12 of Strathmeyer teaches wherein the processor (e.g., the controller of the PTT) is further configured to evaluate the communication (e.g., the connection request communication) to determine the purpose of the communication (e.g., the connection request)].

As per claim 5, Strathmeyer teaches the network sanitizer device of claim 4. 
Strathmeyer further teaches wherein the processor is further configured to respond to requests of one or more supported request types from the untrusted device, wherein for said every intercepted communication for which the purpose can be determined [par. 0035, lines 6-12; par. 0039, lines 1-7 of Strathmeyer teaches wherein the processor (e.g., the controller of the PTT) is further configured to respond (e.g., allow or deny) to requests of one or more supported request types (e.g., the connection request) from the untrusted device (e.g., the untrusted client), wherein for every intercepted communication (e.g., the connect request communication from the untrusted client) for which the purpose can be determined (e.g., authenticating the user or determining whether allow or deny the connection request)], the processor is further configured to:
a. ascertain whether the communication is a request of a supported request type; and b. if the communication is a request of a supported request type, generate a response to the request and transmit the response to the request to the untrusted device over the isolated network interface [par. 0028, lines 7-12 par. 0038, lines 3-14; par. 0039, lines 1-7; par. 0047, lines 7-11 of Strathmeyer teaches ascertain whether the communication is a request of a supported request type (e.g., authenticating, determining allowable or not, type of the network protocol); and b. if the communication is a request of a supported request type (e.g., type of the network coupled to each side of the PTT), generate a response to the request and transmit the response to the request (e.g., the streams from each other and networks from each other) to the untrusted device (e.g., the untrusted client) over the isolated network interface (e.g., the network interface of the PTT at the boundary and/or firewall)].

As per claim 6, Strathmeyer teaches the network sanitizer device of claim 5. 
Strathmeyer further teaches wherein the one or more supported request types include a request directed towards a destination network element within the sensitive network and wherein generating a response to the request comprises formulating a simulated response without transmitting the request over the sensitive network [par. 0035, lines 1-18; par. 0036, lines 1-14 of Strathmeyer teaches wherein the one or more supported request types include a request directed towards a destination network element within the sensitive network, and wherein generating a response to the request comprises formulating a simulated response without transmitting the request over the sensitive network (e.g., the communication between the untrusted client and the trusted client terminates at the PTT)].

As per claim 7, Strathmeyer teaches the network sanitizer device of claim 5. 
Strathmeyer further teaches wherein generating a response to the request [see the rejections to the claim 5] comprises:
a. generating an auxiliary request and transmitting the auxiliary request directed towards a third network element; b. transmitting the auxiliary request to the third network element [par. 0031, lines 1-6; par. 0039, lines 1-11 of Strathmeyer teaches generating an auxiliary request and transmitting the auxiliary request directed towards a third network element (e.g., the second PTT to which the untrusted client is registered); b. transmitting the auxiliary request to the third network element (e.g., the second or external PTT)];
c. receiving an auxiliary response from the third network element; d. generating the response to the request using content derived from the auxiliary response [par. 0039, lines 11-24 of Strathmeyer teaches receiving an auxiliary response from the third network element (e.g., the connect request is proceed by the external PTT); d. generating the response to the request using content derived from the auxiliary response (e.g., whether allow or reject connect request is proceed by both the PTT and the external PTT)].

As per claim 10, Strathmeyer teaches the network sanitizer device of claim 1. 
Strathmeyer further teaches wherein the allowed framework comprises one or more allowed protocol and one or more allowed parameters [par. 0027, lines 1-20; par. 0035, lines 1-18 of Strathmeyer teaches the allowed framework comprises one or more allowed protocol (e.g., the protocol of the untrusted client or trusted client and one or more allowed parameters (e.g., the public or private address of the trusted client)].

As per claim 11, Strathmeyer teaches the network sanitizer device of claim 10. 
Strathmeyer further teaches wherein the one or more allowed parameter includes a particular destination for the recreated communication within the sensitive network [par. 0027, lines 1-20; par. 0035, lines 1-18 of Strathmeyer teaches wherein the one or more allowed parameter (e.g., the public or private address of the trusted client) includes a particular destination (e.g., the receiver or the trusted client) for the recreated communication within the sensitive network (e.g., the trusted network)].

As per claim 12, Strathmeyer teaches the network sanitizer device of claim 1. 
Strathmeyer further teaches wherein the network sanitizer device comprises a translation table comprising allowed communications, the translation table comprising for each entry at least one corresponding allowed framework under which to generate a recreated communication [figs. 6, 9; par. 0028, lines 1-12; par. 0035, lines 1-18; par. 0062, lines 1-12 of Strathmeyer teaches wherein the network sanitizer (e.g., the component of the PTT including address transformer AT) comprises a translation table (e.g., the table for registration) comprising allowed communications (e.g., the communication for the private address and corresponding clients), the translation table comprising for each entry at least one corresponding allowed framework under which to generate a recreated communication]: and 
the processor is configured to evaluate the communication by looking up the communication in the translation table and determining whether there is a corresponding allowed framework for a recreated communication [par. 0027, lines 1-20; par. 0035, lines 1-18 of Strathmeyer teaches the processor is configured to evaluate the communication by looking up the communication in the translation table and determining whether there is a corresponding allowed framework for a recreated communication (e.g., communication with translating private and public address and translating the communication protocol of the untrusted client to the selected communication protocol)].

As per claim 19, Strathmeyer teaches a network edge enforcement device for creating an enforced edge of a sensitive network and limiting access to the sensitive network [see figs. 1-3; par. 0045, lines 1-26] comprising:
a. a sensitive network interface for connecting to, and communicating over, the sensitive network [figs. 1, 2; par. 0026, lines 1-7, 14-18; par. 0035, lines 1-6 of Strathmeyer teaches the sensitive network interface (e.g., the network interface of the PTT connected to the trusted client) for connecting to, and communication over, the sensitive network (e.g., the trusted network with private/sensitive information)];
b. an external access interface for connecting to an untrusted Internet Protocol (IP) camera outside of the sensitive network [figs. 1, 2; par. 0004, lines 1-20; par. 0026, lines 1-7, 14-18 of Strathmeyer teaches the external access interface (e.g., the network interface of the PTT at the boundary and/or firewall) for connecting to an untrusted IP camera (e.g., the untrusted client sensor providing the telephony stream or IP data packets for telephony service such as real-time audio, video and data communication) outside of the sensitive network (e.g., the trusted network with private/sensitive information)]
c. a processor in communication with both the external access interface and the sensitive network interface and having a programmed protocol [figs. 2, 3 of Strathmeyer teaches a processor (e.g., the controller) in communication with both the external access interface (e.g., the network interface of the PTT at the boundary and/or firewall) and the sensitive network interface (e.g., the network interface of the PTT connected to the trusted client)  and having a programmed protocol], 
the processor being configured for emulating the untrusted IP camera by generating safe communications using the programmed protocol, a set of trusted parameters, and data obtained from the untrusted IP camera over the external access interface and transmitting the safe communications onto the sensitive network over the sensitive network interface [par. 0004; par. 0027, lines 1-17; par. 0035, lines 12-18; par. 0038, lines 3-9 of Strathmeyer teaches the processor (e.g., the controller) being configured for emulating the functionality of the untrusted device (e.g., the untrusted client sensor providing the telephony stream or IP data packets for telephony service such as real-time audio, video and data communication) by generating safe communications (e.g., communication with translating private and public address and translating the communication protocol of the untrusted client to the selected communication protocol) using the programmed protocol (e.g., the selected protocol of the trusted client), a set of trusted parameters (e.g., the public/private address), and data obtained from the untrusted IP camera (e.g., the connection request with the public address of the trusted client sensor) over the external access interface (e.g., the network interface of the PTT at the boundary and/or firewall) and transmitting the safe communications onto the sensitive network over the sensitive network interface (e.g., the network interface of the PTT at the boundary and/or firewall)].
 
As per claim 21, Strathmeyer teaches the network edge enforcement device of claim 19. 
Strathmeyer further teaches wherein the set of trusted parameters comprises a destination address within the sensitive network [par. 0027, lines 1-20; par. 0035, lines 1-18 of Strathmeyer teaches the set of trusted parameters (e.g., the public or private address of the trusted client) comprises a destination address (e.g., the receiver or the trusted client address) within the sensitive network (e.g., the trusted network)].

As per claim 22, Strathmeyer teaches the network edge enforcement device of claim 21. 
Strathmeyer further teaches wherein the processor is further configured to establish a tunnel between the processor and a destination network element at the destination address within the sensitive network and to transmit the safe communications to the network element over the tunnel [fig. 2; par. 0028, lines 15-21; par. 0036, lines 1-14 of Strathmeyer teaches wherein the processor (e.g., the controller or the component of the PTT) is further configured to establish a tunnel (e.g., the second leg of communication) between the processor and a destination network element (e.g., the trusted client) at the destination address (e.g., the trusted client address) within the sensitive network (e.g., the trusted network) and to transmit the safe communications (e.g., communication with translating private and public address and translating the communication protocol of the untrusted client to the selected communication protocol) to the network element over the tunnel (e.g., the second leg of communication)].

As per claim 26, Strathmeyer teaches the network edge enforcement device of claim 19. 
Strathmeyer further teaches wherein the sensitive network interface comprises a first physical network connector comprised within a first connector port for connecting to, and communicating over, the sensitive network by a first wire-based networking protocol [figs. 2, 3; par. 0041, lines 1-13 of Strathmeyer teaches wherein the sensitive network interface (e.g., the network interface of the PTT connected to the trusted client) comprises a first physical network connector (e.g., the Ethernet NIC) comprised within a first connector port (e.g., the network interface) for connecting to, and communicating over, the sensitive network (e.g., the trusted network or second network) by a first wire-based networking protocol (e.g., the H.323 or TCP/IP protocol)].

As per claim 27, Strathmeyer teaches the network edge enforcement device of claim 26. 
Strathmeyer further teaches wherein the first wire-based networking protocol is an Ethernet protocol [see figs. 2, 3; par. 0041, lines 1-13 of Strathmeyer].

As per claim 28, Strathmeyer teaches the network edge enforcement device of claim 26. 
Strathmeyer further teaches wherein the external access interface comprises a second physical network connector comprised within a second connector port for connecting to the untrusted IP camera by a second wire-based networking protocol [figs. 2, 3; par. 0004; par. 0041, lines 1-13 of Strathmeyer teaches wherein the external access interface (e.g., the network interface of the PTT at the boundary and/or firewall or the interface connected to the untrusted client) comprises a second physical network connector (e.g., the Ethernet NIC) comprised within a second connector port (e.g., the network interface) for connecting to the untrusted IP camera (e.g., the untrusted client sensor) by a second wire-based networking protocol (e.g., the H.323 or TCP/IP protocol)], and
wherein the first physical network connector and the second physical network connector are not in direct communication but are each in communication with the processor which is configured not to pass-through any communications from the second physical network connector to the first physical network connector [figs. 2, 3; par. par. 0038, lines 1-9; 0041, lines 1-13 of Strathmeyer teaches wherein the first physical network connector (e.g., the Ethernet NIC connected to the second network) and the second physical network connector (e.g., the Ethernet NIC connected to the first network) are not in direct communication but are each in communication with the processor (e.g., the controller of the PTT) which is configured not to pass-through any communications from the second physical network connector to the first physical network connector (e.g., insulating the networks)].

As per claim 29, Strathmeyer teaches the network edge enforcement device of claim 28. 
Strathmeyer further teaches wherein the second wire-based networking protocol is an Ethernet protocol [see figs. 2, 3; par. 0041, lines 1-13 of Strathmeyer].

Allowable Subject Matter
Claims 8, 9, 14, 20, 23, 24, 30 and 31 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and amended to overcome the 112(b) rejections (if any), the 101 rejections (if any), and the double patenting rejections (if any) stated above.
Claims 62-67 would be allowable if amended to overcome the 112(b) rejections (if any), and the double patenting rejections (if any) stated above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAUNG T LWIN/Primary Examiner, Art Unit 2495