Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
DETAILED ACTION
1.	This office action is in response to the communication filed on May 23, 2022.
2.	Claims 1-40 are cancelled, new claims 41-56 are pending. 
3.	The present application is being examined under the pre-AIA  first to invent provisions with respect to 35 U.S.C. 102, 35 U.S.C. 103, and 35 U.S.C. 112. Because the instant application is a reissue application filed on or after September 16, 2012, all references to 35 U.S.C. 251 and 37 CFR 1.172, 1.175, and 3.73 are to the current provisions.

4.	Applicant is reminded of the continuing obligation under 37 CFR 1.178(b), to timely apprise the Office of any prior or concurrent proceed-ing in which Patent No. 8,533,822 is or was involved. These proceedings would include interferences, reissues, reexaminations, and litigation. 
Applicant is further reminded of the continuing obligation under 37 CFR 1.56, to timely apprise the Office of any information which is mate-rial to patentability of the claims under consideration in this reissue appli-cation.
These obligations rest with each individual associated with the filing and prosecution of this application for reissue. See also MPEP §§ 1404, 1442.01 and 1442.04.

5.	Applicant is notified that any subsequent amendment to the specification and/or claims must comply with 37 CFR 1.173(b).
Applicant is reminded that the maximum term of the original patent is fixed at the time the patent is granted. While the term may be subsequently shortened, e.g., through the filing of a terminal disclaimer, it cannot be extended through the filing of a reissue. Accordingly, a deletion in a reissue application of an earlier-obtained benefit claim under 35 U.S.C. 120 will not operate to lengthen the term of the patent to be reissued (see MPEP 1405).

Response to Amendment/Arguments
6.	a)	The 112, 2nd rejection has been withdrawn based on the claim amendments on 5/23/2022.
	b)	 In regards to the 112, 1st rejection on the lack of support for “creating,…, zones with filters based on weights depending upon a characteristic of a source of the network traffic”, the Applicant stated that “user-specified zones” are examples of zones, and the specification is not limited to “user-specified zones”.
	The Examiner disagree, the specification does not provide any support of zones or weights indicating that “user-specified zones” or “user-specified weights” or any types of zones or weights as an example. The only support shows that the Multi-Host A record can be used to create user-specified zones with filters based on user-specified weights for the character to the sources (‘822 Patent: 6:55-65). 
	Therefore, the 112, 1st rejection has been maintained. 

c)	Regarding double patenting rejection, the Applicant argued that the current claim amendments render the rejections moot. The Examiner disagree, the current claim amendments (i.e., “creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being based on a single multi-host address mapping record”) (emphasis added) is broader than limitation ““creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being specified by a user based on a single multi-host address mapping record” of RE48,159. Although the claims at issue are not identical, they are not patentably distinct from each other because they are directed to the same invention of implementing and propagating network security policy.
Therefore, the double patenting rejection of claims 41-56 is maintained. 
d)	Regarding Applicant’s remarks about current amendments of claims 41 and 49 render the 251 improper recapture rejections moot, it is not persuasive.
As addressed in the previous office action, the surrendered subject matter has been entirely eliminated from independent claims 41 and 49 in this reissue application. The amended claims 41 and 49 (i.e., the zones and the weights being based on a single multi-host address mapping record) are not materially narrowed in related aspects), the zones and the weights are not elements specified by a user, hence there is still recapture.
e)	Applicant’s arguments with respect to claim(s) 41 and 49 (i.e., “creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being based on a single multi-host address mapping record”) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
	
Claim Objections
7.	The claims amendment filed on 5/23/2022 is objected to because it is not compliant with 37 CFR 1.173(b)(d) (i.e. all amendments must be made relative to the patent specification, including the claims, and drawings, which are in effect as of the date of filing of the reissue application. The amendments must include proper markings, matter to be omitted must be enclosed in brackets, no strikethrough, matter to be added must be underlined. The underlined matters should include the claim numbers and claim identifiers.) See MPEP § 1453.
Appropriate correction is required for new claims 41-56. 

Claim Rejections - 35 USC § 112
	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same,  and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
8.	Claims 41-56 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 41 and 49 recite “creating…zones with filters based on weights, …, the zones and the weights being based on a single multi-host address mapping record”. The specification discloses zones containing name and IP address information (‘822 Patent, 6:44-46), the disclosure is to only define zones and there is an explicit teaching of "creating …user-specified zones with filters based on user-specified weights”,  (paragraph [0030] on page 9). There is no embodiment or support for just “creating…zones with filters based on weights depending upon a characteristic of a source of network traffic” as recited in claims 41 and 49. 
	Further, the single multi-A record lookup for all hosts can be used to create “user-specified zones with filters based on user-specified weights for the character of the sources (‘822 Patent: 6:55-65). There is no support for regular “[the]zones and [the]weights being based on a single multi-host address mapping record” as claimed. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
9.	Claims 41-56 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 41-56 of RE48,159.
Although the claims at issue are not identical, they are not patentably distinct from each other because they are directed to the same invention of implementing and propagating network security policy.
The rejected claims 41-48 in the present application is mapped to claims 41-48 of RE48,159 Reissue Patent regarding the method for implementing network security.
The rejected claims 49-56 in the present application is mapped to claims 49-56 of RE48,159 Reissue Patent regarding the system for propagating network security.

35 U.S.C. 251
10.	a)	Claims 41-56 are rejected under 35 U.S.C. 251 as being an improper recapture of broadened claimed subject matter surrendered in the application for the patent upon which the present reissue is based. See Greenliant Systems, Inc. et al v. Xicor LLC, 692 F.3d 1261, 103 USPQ2d 1951 (Fed. Cir. 2012); In re Shahram Mostafazadeh and Joseph O. Smith, 643 F.3d 1353, 98 USPQ2d 1639 (Fed. Cir. 2011); North American Container, Inc. v. Plastipak Packaging, Inc., 415 F.3d 1335, 75 USPQ2d 1545 (Fed. Cir. 2005); Pannu v. Storz Instruments' Inc., 258 F.3d 1366, 59 USPQ2d 1597 (Fed. Cir. 2001); Hester Industries, Inc. v. Stein, Inc., 142 F.3d 1472, 46 USPQ2d 1641 (Fed. Cir. 1998); In re Clement, 131 F.3d 1464, 45 USPQ2d 1161 (Fed. Cir. 1997); Ball Corp. v. United States, 729 F.2d 1429, 1436, 221 USPQ 289, 295 (Fed. Cir. 1984). A broadening aspect is present in the reissue which was not present in the application for patent. The record of the application for the patent shows that the broadening aspect (in the reissue) relates to claimed subject matter that applicant previously surrendered during the prosecution of the application. Accordingly, the narrow scope of the claims in the patent was not an error within the meaning of 35 U.S.C. 251, and the broader scope of claim subject matter surrendered in the application for the patent cannot be recaptured by the filing of the present reissue application.It is noted that the following is the three step test for determining recapture in reissue applications (see: MPEP 1412.02(I)):"(1) first, we determine whether, and in what respect, the reissue claims are broader in scope than the original patent claims;(2) next, we determine whether the broader aspects of the reissue claims relate to subject matter surrendered in the original prosecution; and(3) finally, we determine whether the reissue claims were materially narrowed in other respects, so that the claims may not have been enlarged, and hence avoid the recapture rule."(Step 1: MPEP 1412.02(A)): In the instant case and by way of the preliminary amendment, Applicant seeks to broaden independent claims 41, 49 in this reissue at least by deleting/omitting the patents claim language requiring “creating, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic” as required in independent claims 41 and 49. 
(Step 2: MPEP 1412.02(B)): The record of the prior 11/844,264 application prosecution indicates that claims 1, 9 (“creating, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic”) were amended in the Examiner’s Amendment section of the Notice of Allowability dated 6/24/2013. This limitation is also one of the reasons for allowance. 
Therefore, in the instant case the claimed limitations of (“creating, using the plurality of IP values, user-specified zones with filters based on user-specified weights depending upon a characteristic of a source of network traffic”) are surrendered subject matter and some of the broadening of the reissue claims, as noted above, are clearly in the area of the surrendered subject matter.

(Step 3: MPEP 1412.02(C)): It is noted that the surrendered subject matter has been entirely eliminated from independent claims 41 and 49 in the reissue application. As such, the claims may have been enlarged, and hence not avoid the recapture rule. The amended claims 41 and 49 (i.e., the zones and the weights being based on a single multi-host address mapping record) were not materially narrowed in related aspects), the zones and the weights are not elements specified by a user, hence there is recapture.

Therefore improper recapture of broadened claimed subject matter surrendered in the application is clearly present in the instant reissue application (i.e., claims 41, 49).
Claims 42-48, 50-56 are similarly rejected based on their dependency from independent claims 41, 49 respectively. 
b)	Claims 41-56 are rejected under 35 U.S.C. 251 as being based upon new matter added to the patent for which reissue is sought.  The added material which is not supported by the prior patent is described above in paragraph 8. 

Claim Rejections - 35 USC § 103
	The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

11.	Claims 41, 43, 47-49, 51-52, 56 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Cooper et al. (US Patent 7,917,647) in view of Stolorz et al.  (US 2003/0065762) and further in view of Goodman et al. (US Patent 7,464,264).
As to claims 41 and 49, Cooper discloses a method for implementing network security comprising:
creating a network security policy to apply to network traffic, wherein a plurality of IP values are elements of the network security policy (i.e., policy generator and/or policy wizard simplify the process of creating an initial policy based on gross characteristics of a network at the IP level, such as policy domains, communities of hosts, servers, subnets, firewalls wherein the communities consist of set of IP addresses, Cooper, 12:63-13:12; 10:45; 14:5-26); 
configuring a domain name system (DNS) server to resolve a DNS query to the network security policy based on the zones (i.e., performing forward and reverse DNS lookups (using the current DNS configuration), rule and disposition descriptions as defined by the user in the user’s policy, resolved DNS names for IP-addresses, and TCP and UDP service names, Cooper, 17:12-13; 85:61-63: Figs. 6-9)
receiving a name-to-IP value mapping request from a network device, wherein a name of the network security policy is a name for which name-to-IP value mapping is requested (i.e., a query tool is used to examine the data that was placed in the database wherein the query tool allows the following functions to be performed: examining network events, examining IP Connectivity for execution runs in the database, editing and making user defined SQL queries to the database, performing forward and reverse DNS lookups (using the current DNS configuration), Cooper, 17:1-13).
Cooper does not teach resolving the network security policy name to the plurality of IP values at the DNS server; propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device.
Stolorz discloses resolving the network security policy name to the plurality of IP values at the DNS server (i.e., DNS name server 118-1 returns IP addresses of servers based on various policies, Stolorz: [0047-0048; 0062, 0080, 0082]; Fig. 1) and propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device (i.e., the policies are propagated to relevant name servers Stolorz: [0082, 0085]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to employ the use of resolving the network security policy name to the plurality of IP values at the DNS server and propagating the network security policy to the network device by transmitting the plurality of IP values to the network device in response to the name-to-IP value mapping request, thereby allowing the network device to utilize one or more of the plurality of IP values when applying network security to network traffic at the network device in the system of Cooper, as Stolorz teaches, so as to allow load balancing among servers and to serve the client with a high performance (Stolorz: [0013]).
The combination of Cooper and Stolorz does not disclose creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being based on a single multi-host address mapping record. 
Goodman discloses creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being based on a single multi-host address mapping record (i.e., the IP addresses being used to indicates where the messages coming from, those can be in the internal group or external group or known IP group or unknown IP group. Weight/score is assigned for each IP address, and those information can be looked up from a record, Woodman: 12:19-56)   
It would have been obvious to one of ordinary skill in the art at the time of the invention to employ the use of creating, using the plurality of IP values, zones with filters based on weights depending upon a characteristic of a source of network traffic, the zones and the weights being based on a single multi-host address mapping record, in the system of Cooper and Stolorz, as Woodman discloses so as to effectively filter content.
As to claims 43, 52, the combination of Cooper, Stolorz and Goodman discloses configuring the network security policy at the DNS server with a record time to live, the record time to live functioning as a time period of validity for the network security policy (i.e., policies that govern static servers are not changing often over time, whereas the policies that control dynamic servers are expected to change frequently, Stolorz: [0121]).
As to claims 47, 56, the combination of Cooper, Stolorz and Goodman discloses wherein the network security policy involves inspecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is inspected (Cooper, 39:29-42).
As to claims 48, 51, the combination of Cooper, Stolorz and Goodman discloses acquiring at least one of the plurality of IP values from a network security source on a network (i.e., Cooper, 17:1-13).

12.	Claims 42, 44, 50, 53 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Cooper et al. (US Patent 7,917,647) in view of Stolorz et al.  (US 2003/0065762) in view of Goodman et al. (US Patent 7,464,264) and further in view of Cirasole et al. (US Patent 5,987,606).

As to claims 42, 50, the combination of Cooper, Stolorz, Goodman does not disclose, however Cirasole discloses configuring an allow list or a deny list of the plurality of IP values, wherein the allow list contains IP values indicative of network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of network traffic that should be denied under the network security policy (i.e., “white listing” and “black listing”, Cirasole, 1:44-48).
It would have been obvious to one of ordinary skill in the art at the time of the invention to employ the use of configuring an allow list or a deny list of the plurality of IP values, wherein the allow list contains IP values indicative of network traffic that should be allowed under the network security policy, and wherein the deny list contains IP values indicative of network traffic that should be denied under the network security policy, in the system of Cooper, Stolorz and Goodman, as Cirasole discloses so as to effectively control the network resources.
As to claims 44, 53, the combination of Cooper, Stolorz, Goodman and Cirasole discloses the network security policy involves blocking network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is blocked (i.e., blocking access to some web sites for certain end-users, Cirasole, 1:30-31).

13.	Claims 45-46, 54-55 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Cooper et al. (US Patent 7,917,647) in view of Stolorz et al.  (US 2003/0065762) in view of Woodman et al. (US Patent 7,464,264) and further in view of Le et al. (US 2006/0242313).
As to claims 45, 54, the combination of Cooper, Stolorz and Woodman does not disclose wherein the network security policy involves prioritizing network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic. Le discloses wherein the network security policy involves prioritizing network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic (i.e., performing traffic prioritization, Le: [36, 48-49]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to employ the use of the network security policy that involves prioritizing network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is prioritized over other network traffic in the system of Cooper, Stolorz and Woodman, as Le teaches to effectively control network resources.
As to claims 46, 55, the combination of Cooper, Stolorz and Woodman does not discloses wherein the network security policy involves redirecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected. Le discloses the network security policy involves redirecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected (i.e. redirecting traffic depends on the characteristics of the source or destination IP value, Le: [19, 47]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to employ the use of the network security policy that involves redirecting network traffic, and wherein network traffic having a source IP value or a destination IP value that references the one or more of the plurality of IP values is redirected in the system of Cooper, Stolorz and Woodman, as Le teaches to effectively control network resources.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Minh Dieu Nguyen whose telephone number is (571) 272-3873. The examiner can normally be reached on 8:30am-5:00pm, M-F.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mike Fuelling can be reached at (571) 270-1367.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
Signed:
/MINH DIEU NGUYEN/
Primary Examiner, Art Unit 3992

Conferees:
/Ovidio Escalante/
Primary Examiner, Art Unit 3992

/MICHAEL FUELLING/Supervisory Patent Examiner, Art Unit 3992