DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This is in response to the amendment filed on 23 May 2022.
2.  Claims 1, 3, 4, 6 and 8-12 are pending in the application.
3.  Claims 1, 3, 4, 6 and 8-12 have been rejected.
4.  Claims 2, 5 and 7 have been cancelled.
Response to Arguments
5.  Applicant’s arguments with respect to claim(s) 1, 3, 4, 6 and 8-12 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
6.  Claims 1, 3, 4, 6, 8 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright) in view of Ogura et al US 2008/0155657 A1 (hereinafter Ogura) and Shimbo et al U.S. Patent No. 6,092,191 (hereinafter Shimbo).
As to claim 1, Bright discloses a network security interface component comprising: 
a first network interface (i.e. user interface) [0027]; 
a second network interface separate from the first network interface (i.e. host interface) [0030]; 
a unidirectional connection connecting the first network interface to the second network interface (i.e. initiating a unidirectional connection) [0017]; and 
wherein the unidirectional connection is configured to allow data transfer from the first network interface to the second network interface via the unidirectional connection (i.e. through an initiated unidirectional connection) [0060] and to prevent data transfer from the second network interface to the first network interface via the unidirectional connection (i.e. suspended threads and ports) [0061]. 
Bright does not teach an authentication circuitry connected between the first network interface and the unidirectional connection.  Bright does not teach that the authentication circuitry is configured to individual packets add authentication data to data received at the first network interface by which the individual packets of data received at the first network interface can be authenticated.  Bright does not teach that the authentication circuitry is further configured to determine whether or not a particular data packet received at the first network interface includes the authentication data, and when determining that the particular data packet does not include the authentication data, add the authentication data to the particular data packet.
Ogura teaches an authentication circuitry connected between the first network interface and the unidirectional connection (i.e. a home gateway that creates authentication data from authentication information) [abstract].  Ogura teaches that the authentication circuitry is configured to add authentication data to individual packets of data received at the first network interface by which the individual packets of data received at the first network interface can be authenticated (i.e. home gateway adds the authentication data to an IP packet received from a terminal) [abstract].
Shimbo teaches that the authentication circuitry is further configured to determine whether or not a particular data packet received at the first network interface includes the authentication data (i.e. determining that signature information is absent from the packet) [column 5, lines 13-29], and when determining that the particular data packet does not include the authentication data, add the authentication data to the particular data packet (i.e. attaching the signature information of the packet processing device to the packet) [column 5, lines 13-29].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright so that there would have been an authentication circuitry connected between the first network interface and the unidirectional connection.  The authentication circuitry would have been further configured to add authentication data to individual data packets of data received at the first network interface by which the individual packets of data received at the first network interface could be authenticated.  The authentication circuitry would have been further configured to determine whether or not a particular data packet received at the first network interface included the authentication data, and when determining that the particular data packet did not include the authentication data, add the authentication data to the particular data packet.
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright by the teaching of Ogura because it helps detect false source addresses [0008].  It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright by the teaching of Shimbo because it helps safely protect the network of each hierarchical level [column 3, lines 24-28].
As to claim 3, Ogura teaches the network security interface component of claim 1, wherein the authentication circuitry is further configured to, when determining that the particular data packet does not include the authentication data, allow the particular data packet to be transmitted via the unidirectional connection to the second network interface without adding authentication data (i.e. determining if authentication information is present in option field and allowing data to pass) [0072].  
As to claim 4, Bright discloses a method of transmitting data, performed at a network security interface component comprising a first network interface (i.e. user interface) [0027], a second network interface separate from the first network interface (i.e. host interface) [0030], a unidirectional connection connecting the first network interface to the second network interface (i.e. initiating a unidirectional connection) [0017], wherein the unidirectional connection is configured to allow data transfer from the first network interface to the second network interface via the unidirectional connection (i.e. through an initiated unidirectional connection) [0060] and to prevent data transfer from the second network interface to the first network interface via the unidirectional connection (i.e. suspended threads and ports) [0061], the method comprising the steps of: 
receiving individual packets of data at the first network interface (i.e. data sent between servers) [0048]; 
transmitting the individual packets of data received at the first network interface and the authentication data to the second network interface via the unidirectional connection (i.e. transmitting data through unidirectional connection) [0049].  
Bright does not teach an authentication module connected between the first network interface and the unidirectional connection.  Bright does not teach determining whether or not a particular data packet of the received individual packets of data received at the first network interface includes authentication data by which the particular data packet can be authenticated.  Bright does not teach when determining that the particular data packet does not include the authentication data, adding the authentication data to the particular data packet.
Ogura teaches an authentication module connected between the first network interface and the unidirectional connection (i.e. a home gateway that creates authentication data from authentication information) [abstract].  Ogura teaches that the authentication module is configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated (i.e. home gateway adds the authentication data to an IP packet received from a terminal) [abstract].
Shimbo teaches determining whether or not a particular data packet of the received individual packets of data received at the first network interface includes authentication data by which the particular data packet can be authenticated (i.e. determining that signature information is absent from the packet) [column 5, lines 13-29].  Shimbo teaches when determining that the particular data packet does not include the authentication data, adding the authentication data to the particular data packet (i.e. attaching the signature information of the packet processing device to the packet) [column 5, lines 13-29].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright so that there would have been an authentication module connected between the first network interface and the unidirectional connection.  The authentication module would have been configured to add authentication data to data received at the first network interface by which the data received at the first network interface can be authenticated.  It would have been determined whether or not a particular data packet of the received individual packets of data received at the first network interface included authentication data by which the particular data packet could be authenticated.  When determining that the particular data packet did not include the authentication data, adding the authentication data to the particular data packet.
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright by the teaching of Ogura because it helps detect false source addresses [0008].  It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Bright by the teaching of Shimbo because it helps safely protect the network of each hierarchical level [column 3, lines 24-28].
As to claim 6, Ogura teaches the method of claim 4, further comprising:
when determining that the particular data packet does include the authentication data (i.e. determining if authentication information is present in option field and allowing data to pass) [0072],
allowing the particular data packet to be transmitted via the unidirectional connection to the second network interface without adding the authentication data (i.e. determining if authentication information is present in option field and allowing data to pass) [0072].  
As to claim 8, Bright teaches the network security interface component of claim 1, wherein the network security interface component further comprises an integrated circuit, and the unidirectional connection and the authentication circuitry are provided on the integrated circuit (i.e. devices implemented on integrated circuit) [0030].  
As to claim 11, Bright teaches the network security interface component of claim 1, wherein the first network interface and the second network interface each comprise processing circuitry (i.e. devices implemented with a central processing unit) [0026].
7.  Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright), Ogura et al US 2008/0155657 A1 (hereinafter Ogura) and Shimbo et al U.S. Patent No. 6,092,191 (hereinafter Shimbo) as applied to claim 1 above, and further in view of Gersten U.S. Patent No. 9,806,888.
As to claim 9, the Bright-Ogura-Shimbo combination does not teach the network security interface component of claim 1, wherein the individual packets of data received at the first network interface comprises sensor data produced by one or more sensors.  
Gersten teaches that the data received at the first network interface comprises sensor data produced by one or more sensors (i.e. encrypted sensor data received via the network interface circuit from one or more sensor devices) [column 10 line 57 to column 11 line 9].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura-Shimbo combination so that the individual packets of data received at the first network interface would have comprised sensor data produced by one or more sensors.
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura-Shimbo combination by the teaching of Gersten because it helps avoid repetitive use of the same encryption key [column 1, lines 44-50].
8.  Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright), Ogura et al US 2008/0155657 A1 (hereinafter Ogura) and Shimbo et al U.S. Patent No. 6,092,191 (hereinafter Shimbo) as applied to claim 1 above, and further in view of Kim et al US 2016/0080033 A1 (hereinafter Kim).
As to claim 10, the Bright-Ogura-Shimbo combination does not teach the network security interface component of claim 1, wherein unidirectional connection comprises a data diode.  
Kim teaches that unidirectional connection comprises a data diode [0032 and figure 3].  
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura-Shimbo combination so that the unidirectional connection would have comprised a data diode.  
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura-Shimbo combination by the teaching of Kim because it helps guarantee the reliability of data transmission in a unidirectional section [0009].
9.  Claim 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bright et al US 2017/0201601 A1 (hereinafter Bright), Ogura et al US 2008/0155657 A1 (hereinafter Ogura), Shimbo et al U.S. Patent No. 6,092,191 (hereinafter Shimbo) and Kim et al US 2016/0080033 A1 (hereinafter Kim) as applied to claim 10 above, and further in view of Schuberth et al US 2013/0235923 A1 (hereinafter Schuberth).
As to claim 12, the Bright-Ogura-Shimbo-Kim combination does not teach the network security component of claim 10, wherein the data diode is an optical data diode.
Schuberth teaches that the data diode is an optical data diode (i.e. light emitting diode for optical data transmission) [0052].
Therefore, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura-Shimbo-Kim combination so that the data diode would have been an optical data diode.
It would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Bright-Ogura-Shimbo-Kim combination by the teaching of Schuberth because it prevents the limitations of suffering from bandwidth limitation and can be easily integrated on the chip level [0003].
Relevant Prior Art
10.  The following references have been considered relevant by the examiner:
A.  Choi et al US 2017/0237680 A1 directed to a file reconstruction apparatus and method and, more particularly, to an apparatus and method for extracting and reconstructing, in real time, a data file from packets that are transmitted over a broadband network [0003].
B.  Wang et al US 2018/0007551 A1 directed to a method and a device for wireless access authentication [abstract].
C.  Godas-Lopez US 2017/0255781 A1 directed to packet based validation of control flow transfers for hardware control-flow enforcement [abstract].
Conclusion
11.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793. The examiner can normally be reached M-F 5:00-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ARAVIND K MOORTHY/Primary Examiner, Art Unit 2492