DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
In response to 35 USC 103, filed 04/06/2022, regarding independent claims 14, 21, 22, 25, and 26 along with their respective dependent claims, applicant argues that one of ordinary skill in the art would not be motivated to modify the combined teaching of Albrecht-Dargis-McAlister in further view of Arregoces or the combined teaching of Albrecht-Gerlach-Dargis-McAlister in further view of Arregoces.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, making the transmission device as a transparent virtual firewall to have no ip address. This advantage is that firewall is unreachable and invisible to the outside world. Even the document filed by the applicant representative titled “Transparent Firewall” on 04/06/2022. Shows that they are more stealthy and undetectable by attackers, a major security advantage because it means the network is less susceptible to hacker attacks that use network probes or DoS attacks. Allowing non-IP traffic through.

In response to 35 USC 103, filed 04/06/2022, applicant argues that the transmission device which is not, and cannot be considered analogous to, a routing device.
In response to applicant's argument that Arregoces is nonanalogous art, it has been held that a prior art reference must either be in the field of applicant’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the applicant was concerned, in order to be relied upon as a basis for rejection of the claimed invention.  See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992).  In this case, Arregoces is an analogous art. The references discloses a router, a transparent firewall and switches all on a common chassis, please see paragraphs 18-25. Arregoces indicates that the firewall controls access to certain portions of the data centers and it is preferred that firewall does not perform any routing functions, meaning it is not limited and that it can. That the firewall can be taken form the route mode into transparent mode. That the transparent firewall has no ip address so it is unreachable and invisible to the outside world.
Furthermore, the specification in paragraph [0012]recites “Particularly preferably the transmission device in the method has no IP address. The transmission device is hence non visible from the external network. The transmission device then represents preferably a transparent firewall”. The specification indicates a transmission device may be a transparent firewall that has no ip address. The claim language does not limit the transmission device as just a routing device.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 14-17, 20, 21, and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Albrecht et al. (US 20150215232 hereinafter as Albrecht), Dargis (US 20110154468), McAlister (US 20080016550) and in further view of Arregoces et al. (US 20060095960 hereinafter as Arregoces).

Re. claim 14, Albrecht discloses a method for forwarding data packets from an external network by means of a transmission device to a device to be secured, the transmission device including a first interface for connecting to the external network and a second interface for connecting to the device to be secured, the method comprising: receiving  data packets from the external network via the first interface (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]); filtering the received data packs by a packet filter of the transmission device (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence on one or more pre-specified rules of the packet filter (Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property (Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]), 
Although Albrecht discloses forwarding data, Albrecht does not explicitly teach but Dargis teaches wherein the received data packers are forwarded or are not forwarded to the second interface (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] the packets are allowed (forward) or block (not forward)), and Wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25] identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.). More selective access authorization information may be provided, such as information identifying particular ports or ranges of ports (Interpreted as the useful data unit of the network access, by the port being the recognition information) [0030]); wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver (Dargis teaches packets containing source and destination address [25]); checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]. The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25]); and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include wherein the received data packers are forwarded or are not forwarded to the second interface, and Wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer; wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver; checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model; and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Although Albrecht-Dargis teach protocol data frame and useful data unit, Albrecht-Dargis do not explicitly teach but McAlister teaches wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer (McAlister teaches the outer header, can use the original IP source and destination address [42]. IPsec hides the port and IP address on the original packet and does not provide a port on the outer header [23]), and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet (McAlister teaches if the SGW is behind the NAT device, IPsec hides the port and IP address on the original packet and does not provide a port on the outer header. The NAPT protocol is broken without a port to modify [23]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Dargis to include wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer; and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet as disclosed by McAlister. One of ordinary skill in the art would have been motivated for the purpose of to allow private traffic to be sent in a secure manner and prevent false identity (McAlister [7]).
Although Albrecht discloses transmittion device and IP protocol, the combination of the combination of Albrecht-Dargis-McAlister do not expressly teach but Arregoces teaches wherein the transmission device has no IP address (Arregoces teaches another key advantage of the transparent virtual firewall is that has no IP addresses [0025]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Dargis-McAlisterto include wherein the transmission device has no IP address as disclosed by Arregoces. One of ordinary skill in the art would have been motivated for the purpose of so it is unreachable and invisible to the outside world (Arregoces [0025]).

Re. claim 15, the combination of Albrecht-Dargis-McAlister-Arregoces teach the method according to claim 14. Dargis furthermore teaches in which data packets are received, independently of the therein contained information with respect to the Network Access Layer of the model TCP/IP (Dargis teaches identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.) [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include which data packets are received, independently of the therein contained information with respect to the Network Access Layer of the model TCP/IP as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).

Re. claim 16, the combination of Albrecht-Dargis-McAlister-Arregoces teach the method according to claim 14, Dargis furthermore teaches in which the data packets forwarded to the second interface remain unchanged (Dargis teaches allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (by allowing the packets is being broadly interpreted as the packets are unchanged). a device protecting a network may maintain a "whitelist" of internet addresses that are allowed to access the server [0003]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include which the data packets forwarded to the second interface remain unchanged as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).

Re. claim 17, the combination of Albrecht-Dargis-McAlister-Arregoces teach the method according to claim 14. Dargis furthermore teaches in which the data packets are TCP or UDP packets and the pre-specified recognition information item in the Transport Layer comprises a port address (Dargis teaches information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.). In still further embodiments, more selective access authorization information may be provided, such as information identifying particular ports or ranges of ports (interpreted as port address) [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include which the data packets are TCP or UDP packets and the pre-specified recognition information item in the Transport Layer comprises a port address as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).

Re. claim 20, the combination of Albrecht-Dargis-McAlister-Arregoces teach the method according to claim 14, Dargis further teaches in which the useful data stored or forwarded to the process are employed for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include which the useful data stored or forwarded to the process are employed for changing the transmission device as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).

Re. claim 21, Albrecht discloses a method for changing a transmission device for forwarding data packets from an external network to a device to be secured, wherein a first interface of the transmission device is connected to the external network (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), in which at least one management data packet is generated (Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]. The converter unit 112 is correspondingly configured to replace the communication network address of the replaced communication device in address-based message filter rules by the communication network address of the replacement communication device when a change message is received [0026]), The method comprising: receiving data packets from the external network via the first interface (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]); filtering the received data packs by a packet filter of the transmission device (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence on one or more pre-specified rules relate to the at least one property (Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022])
Although Albrecht discloses forwarding data, Albrecht does not explicitly teach but Dargis teaches which contains in a useful data unit of the Internet Layer of the TCP/IP model pre-specified recognition information and change data for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]), the data packet is transferred to the first interface and is processed there (Dargis teaches allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (by allowing the packets is being broadly interpreted as the packets are unchanged). A device protecting a network may maintain a "whitelist" of internet addresses that are allowed to access the server [0003]), wherein the receive data packets are forwarded or are not forwarded to the second interface (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] the packets are allowed (forward) or block (not forward)), wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25] identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.). More selective access authorization information may be provided, such as information identifying particular ports or ranges of ports (Interpreted as the useful data unit of the network access, by the port being the recognition information) [0030]), and wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver (Dargis teaches packets containing source and destination address [25]), checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]. The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25]); and storing or forwarding useful data of the data packet to a process for changing the transmission device only in a case that an incoming data ack containing the pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include wherein the received data packers are forwarded or are not forwarded to the second interface, and Wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer; wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver; checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model; and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Although Albrecht-Dargis teach protocol data frame and useful data unit, Albrecht-Dargis do not explicitly teach but McAlister teaches wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an Internet layer and a useful data unit of the Internet layer (McAlister teaches the outer header, can use the original IP source and destination address [42]. IPsec hides the port and IP address on the original packet and does not provide a port on the outer header [23]); and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet (McAlister teaches if the SGW is behind the NAT device, IPsec hides the port and IP address on the original packet and does not provide a port on the outer header. The NAPT protocol is broken without a port to modify [23])
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Dargis to include wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer; and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet as disclosed by McAlister. One of ordinary skill in the art would have been motivated for the purpose of to allow private traffic to be sent in a secure manner and prevent false identity (McAlister [7]).
Although Albrecht discloses transmittion device and IP protocol, the combination of the combination of Albrecht-Dargis-McAlister do not expressly teach but Arregoces teaches wherein the transmission device has no IP address (Arregoces teaches another key advantage of the transparent virtual firewall is that has no IP addresses [0025]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Dargis-McAlisterto include wherein the transmission device has no IP address as disclosed by Arregoces. One of ordinary skill in the art would have been motivated for the purpose of so it is unreachable and invisible to the outside world (Arregoces [0025]).

Re. claim 25. Albrecht discloses one or more non-transitory computer-readable media having stored thereon executable instructions that when executed by a processor of a transmission device configure the transmission device to performing the following steps to forward data packets from an external network to a device to be secured, the transmission device including a first interface for connecting to the external network and a second interface for connecting to the device to be secured (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network, and a store-programmable control unit 130, connected to the communication device 120, for a machine or a robot 140 [0020]), the steps including receive data packets from the external network via the first interface (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]); filter the received data packs by a packet filter of the transmission device (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence on one or more pre-specified rules of the packet filter (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]).
Although Albrecht discloses forwarding data, Albrecht does not explicitly teach but Dargis teaches wherein the received data packers are forwarded or are not forwarded to the second interface (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] the packets are allowed (forward) or block (not forward)), and wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25] identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.). More selective access authorization information may be provided, such as information identifying particular ports or ranges of ports (Interpreted as the useful data unit of the network access, by the port being the recognition information) [0030]); wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver (Dargis teaches packets containing source and destination address [25]); checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]. The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25]); and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include wherein the received data packers are forwarded or are not forwarded to the second interface, and Wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer; wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver; checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model; and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Although the combination of Albrecht-Dargis discloses protocol data frame and useful data unit, the combination of Albrecht-Dargis do not explicitly teach but McAlister teaches wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer (McAlister teaches the outer header, can use the original IP source and destination address [42]. IPsec hides the port and IP address on the original packet and does not provide a port on the outer header [23]), and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet (McAlister teaches if the SGW is behind the NAT device, IPsec hides the port and IP address on the original packet and does not provide a port on the outer header. The NAPT protocol is broken without a port to modify [23]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by McAlister into the invention of Albrecht-Dargis for the purpose of to allow private traffic to be sent in a secure manner and prevent false identity (McAlister [7]).
Although Albrecht discloses transmittion device and IP protocol, the combination of the combination of Albrecht-Dargis-McAlister do not expressly teach but Arregoces teaches wherein the transmission device has no IP address (Arregoces teaches another key advantage of the transparent virtual firewall is that has no IP addresses [0025]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Dargis-McAlisterto include wherein the transmission device has no IP address as disclosed by Arregoces. One of ordinary skill in the art would have been motivated for the purpose of so it is unreachable and invisible to the outside world (Arregoces [0025]).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Albrecht et al. (US 20150215232 hereinafter as Albrecht), Dargis (US 20110154468), McAlister (US 20080016550), Arregoces et al. (US 20060095960 hereinafter as Arregoces), and in further view of Izatt et al. (US 20050289647 hereinafter as Izatt).

Re. claim 19, the combination of Albrecht-Dargis-McAlister-Arregoces teach the method according to claim 14. the combination of Albrecht-Dargis-McAlister-Arregoces do not expressly teach but Izatt teaches in which the useful data of the packet are cryptographically secured (is encrypted and/or signed) (Izatt teaches the firewall may provide an additional network security measure by randomizing and/or encrypting other fields in its packets [0044]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Dargis-McAlisterto-Arregoces include which the useful data of the packet are cryptographically secured (is encrypted and/or signed) as disclosed by Izatt. One of ordinary skill in the art would have been motivated for the purpose of provide an additional network security measure (Izatt [0044]).

Claims 22-23 and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Albrecht et al. (US 20150215232 hereinafter as Albrecht), Gerlach et al. (US 20120260305 hereinafter Gerlach), Dargis (US 20110154468), McAlister (US 20080016550), Arregoces et al. (US 20060095960 hereinafter as Arregoces).

Re. claim 22, Albrecht discloses a transmission device for forwarding data packets from an external network to at least one device to be secured, the transmission device comprising: a first interface for connecting to the external network, a second interface for connecting to the device to be secured (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), receive data packets from the external network via the first interface (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]); filter the received data packs by a packet filter of the transmission device (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence onApplication No.: 16/064,597 Art Unit: 2436Attorney No.: 22154.16/19one or more pre-specified rules of the packet filter (Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property(Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]).
Although Albrecht discloses forwarding data, Albrecht does not explicitly teach but teaches a processor which is connected to the first interface and second interface (Gerlach teaches a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports [abstract]. The processor device may comprise one or more processors, for example, which execute program instructions. The processor device is configured to read the at least first and second rules, to process the at least first and second rules and to receive and forward data via the network ports. The network ports can thus be used by the access protection accessory to receive data from the automation network and/or from the automation installation and also to forward data from the access protection accessory to the automation network [0017]), a storage in which instructions of a computer program are stored upon whose execution by the processor the transmission device performs the following steps are carried out when the first interface is connected to the external network (Gerlach teaches a digital storage medium configured to store at least first and second rules, and a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports [abstract]), wherein the received data packers are forwarded or are not forwarded to the second interface (Gerlach teaches depending on the decision from the rule processing, the data packets 112 to be filtered is sent or else not sent on the output side via network port 113 (interpreted as second interface). The rules thus define whether a signal is forwarded or blocked [0049]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include processor which is connected to the first interface and second interface, a storage in which instructions of a computer program are stored upon whose execution by the processor the transmission device performs the following steps are carried out when the first interface is connected to the external network, wherein the received data packers are forwarded or are not forwarded to the second interface as disclosed by Gerlach. One of ordinary skill in the art would have been motivated for the purpose of to protect delimitable areas of the device and have a secure transmission of data (Gerlach [0004] [0007]).
Although the combination of Albrecht-Gerlach teaches forwarding data, Albrecht-Gerlach do not explicitly teach but Dargis teaches wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25] identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.). More selective access authorization information may be provided, such as information identifying particular ports or ranges of ports (Interpreted as the useful data unit of the network access, by the port being the recognition information) [0030]); wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver (Dargis teaches packets containing source and destination address [25]); checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]. The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25]); and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include wherein the received data packers are forwarded or are not forwarded to the second interface, and Wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer; wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver; checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model; and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Although the combination of Albrecht-Gerlach-Dargis discloses protocol data frame and useful data unit, the combination of Albrecht-Gerlach-Dargis do not explicitly teach but McAlister teaches wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer (McAlister teaches the outer header, can use the original IP source and destination address [42]. IPsec hides the port and IP address on the original packet and does not provide a port on the outer header [23]), and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet (McAlister teaches if the SGW is behind the NAT device, IPsec hides the port and IP address on the original packet and does not provide a port on the outer header. The NAPT protocol is broken without a port to modify [23]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Gerlach-Dargis to include wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer; and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet as disclosed by McAlister. One of ordinary skill in the art would have been motivated for the purpose of to allow private traffic to be sent in a secure manner and prevent false identity (McAlister [7]).
Although Albrecht discloses transmittion device and IP protocol, the combination of the combination of Albrecht-Gerlach-Dargis-McAlister do not expressly teach but Arregoces teaches wherein the transmission device has no IP address (Arregoces teaches another key advantage of the transparent virtual firewall is that has no IP addresses [0025]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Gerlach-Dargis-McAlister to include wherein the transmission device has no IP address as disclosed by Arregoces. One of ordinary skill in the art would have been motivated for the purpose of so it is unreachable and invisible to the outside world (Arregoces [0025]).

Re. claim 23, the combination of Albrecht-Gerlach-Dargis-McAlister-Arregoces teach the transmission device according to claim 22, Gerlach further discloses in which the instructions of the computer program are given such that upon their execution the instructions of the computer program are changed (Gerlach teaches the processor device is furthermore configured to receive at least one signal. The at least one signal may comprise advice of a change in the state of the automation process. For example, a change of state may have arisen when the automation process is no longer being executed as planned [0019]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include which the instructions of the computer program are given such that upon their execution the instructions of the computer program are changed as disclosed by Gerlach. One of ordinary skill in the art would have been motivated for the purpose of to protect delimitable areas of the device and have a secure transmission of data (Gerlach [0004] [0007]).
Re. claim 26, Albrecht discloses a system comprising: a device to be secured, a transmission device, and a management entity, in which the device to be secured is connected to the second interface of the transmission device and the management entity to the first interface of the transmission device via an external network (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), and in which the management entity is configured for generating management data packets (Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110. The converter unit 112 converting the symbolically defined message filter rules into address-based message filter rules and making them available (i.e, in a converted form) to the packet filter unit 111 [0022]), wherein the transmission device is configured to forward data packets from an external network to at least one device to be secured, and the transmission device includes a first interface for connecting to the external network, a second interface for connecting to the device to be secured, (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network, and a store-programmable control unit 130, connected to the communication device 120, for a machine or a robot 140 [0020]), a storage in which instructions are stored upon whose execution by the processor the following steps are carried out when the first interface is connected to the external network receive data packets from the external network via the first interface (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]), filter the received data packs by a packet filter of the transmission device (Albrecht discloses a first unsecured partial network 101 a firewall system 110 connected thereto, a communication device 120 which is connected to the firewall system via a second secured partial network [0020]. The communication device 120 is assigned at least one address-based message filter rule that is applied by a packet filter unit ill of the firewall system 100 [0021]), wherein the received data packets are filtered in dependence on at least one property of each of the received data packet and in dependence on one or more pre-specified rules of the packet filter (Albrecht discloses Message filter rules are firstly defined symbolically based on device descriptions and stored accordingly in a rule database 113 of the firewall system 110 [0022]), wherein the one or more pre-specified rules relate to the at least one property (Albrecht teaches Message filter rules are firstly defined symbolically based on device descriptions (Interpreted as property) and stored accordingly in a rule database 113 of the firewall system 110 [0022]).
Although Albrecht teaches forwarding data, Albrecht does not explicitly teach but Gerlach teaches which contain in a useful data unit of the Internet Layer of the TCP/IP model pre-specified recognition information and change data for changing the transmission device (Gerlach teaches TCP protocols were the access operations are permitted or disabled [0056 and 0058]. If the state of the automation process changes, a signal is output to the access protection accessory. The signal comprises advice of the state change [0066]. If the state of the automation process changes, the processor device in the access protection accessory receive at least one signal which comprises advice of the state change in the automation process (Interpreted as changing the transmission device). In this case, the processor device reads second rules from the storage medium and apply these rules. The second rules define which received data are forwarded and which received data are not forwarded. The second rules thus also define access rights [0036]. Following reception of the signal. The second rules define which data are forwarded and which data are not intended to be forwarded [0067] (Please see 35 USC 112 above)), and to send these via the external network to the device to be secured (Gerlach teaches Data which are sent from the first automation network part 100 to the network accessories in the second automation network part 103 are sent through the access protection accessory 104, which forwards the data or blocks forwarding thereof by applying rules. Data which are sent from the second automation network part 103 to the first automation network part 100 are sent through the access protection accessory 104 [0047]), a processor which is connected to the first interface and the second interface (Gerlach teaches a processor configured to read the at least first and second rules, process the rules and receive and forward data via the network ports [abstract]. The processor device may comprise one or more processors, for example, which execute program instructions. The processor device is configured to read the at least first and second rules, to process the at least first and second rules and to receive and forward data via the network ports. The network ports can thus be used by the access protection accessory to receive data from the automation network and/or from the automation installation and also to forward data from the access protection accessory to the automation network [0017]), wherein the received data packers are forwarded or are not forwarded to the second interface (Gerlach teaches depending on the decision from the rule processing, the data packets 112 to be filtered is sent or else not sent on the output side via network port 113 (interpreted as second interface). The rules thus define whether a signal is forwarded or blocked [0049]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include processor which is connected to the first interface and second interface, a storage in which instructions of a computer program are stored upon whose execution by the processor the transmission device performs the following steps are carried out when the first interface is connected to the external network, wherein the received data packers are forwarded or are not forwarded to the second interface as disclosed by Gerlach. One of ordinary skill in the art would have been motivated for the purpose of to protect delimitable areas of the device and have a secure transmission of data (Gerlach [0004] [0007]).
Although the combination of Albrecht-Gerlach teaches forwarding data, Albrecht-Gerlach do not explicitly teach but Dargis teaches wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer (Dargis teaches The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25] identify IP addresses for messages that are to be allowed to pass through the transparent firewall (Please also see paragraph 4). the access authorization messages may provide additional screening information, for example, information specifying the types of message traffic to be allowed, such as traffic conforming to selected protocols (TCP, UDP, ICMP, ESP, etc.). More selective access authorization information may be provided, such as information identifying particular ports or ranges of ports (Interpreted as the useful data unit of the network access, by the port being the recognition information) [0030]); wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver (Dargis teaches packets containing source and destination address [25]); checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model (Dargis teaches the transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [0025] (controls traffic by checking if the address is in the list of approved addresses). The authenticator circuit 134 may, for example, examine identification information (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model) in the received access request messages and may responsively generate access authorization messages that are transmitted to the blocking device 140' via the communications interface circuit 132 [0031]. The transparent firewall 145 generally controls traffic between the private network 150 and a public internet 120 based on access criteria that may, for example, allow only packets from authorized network (e.g., IP) addresses to pass to the network 150 from the internet 120 [25]); and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device (Dargis teaches The access authorization message may be received over the first network. The access authorization message may identify an authorized source address (interpreted as the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model), and modifying access criteria of the transparent firewall (Interpreted as changing the transmission device) may include modifying the access criteria to allow passage of messages from and/or to the authorized source address [0007]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Albrecht to include wherein the received data packers are forwarded or are not forwarded to the second interface, and Wherein the data packets are structured according to a TCP/IP model, wherein the data packets comprise a protocol data frame of a Network Access Layer and a useful data unit of the Network Access Layer; wherein the protocol data frame of the Internet layer contains the IP addresses of a packet transmitter and a packet receiver; checking every data packet incoming via the first interface and determining whether each data packet incoming via the first interface contains pre-specified recognition information in the useful data unit of the Internet layer of the TCP/IP model; and storing or forwarding useful data of the data packet to a process for changing theApplication No.: 16/064,597Art Unit: 2436 Attorney No.: 22154.14/19transmission device only in a case that an incoming data pack containing the pre-specified recognition information in the useful data unit of the Internet laver of the TCP/IP model is determined to be for changing the transmission device as disclosed by Dargis. One of ordinary skill in the art would have been motivated for the purpose of preventing or reducing attacks that might compromise confidential information or consume server resources (Dargis [0002] [0025]).
Although the combination of Albrecht-Gerlach-Dargis discloses protocol data frame and useful data unit, the combination of Albrecht-Gerlach-Dargis do not explicitly teach but McAlister teaches wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer (McAlister teaches the outer header, can use the original IP source and destination address [42]. IPsec hides the port and IP address on the original packet and does not provide a port on the outer header [23]), and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet (McAlister teaches if the SGW is behind the NAT device, IPsec hides the port and IP address on the original packet and does not provide a port on the outer header. The NAPT protocol is broken without a port to modify [23]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Gerlach-Dargis to include wherein the useful data unit of the Network Access Layer only comprises a protocol data frame of an internet Layer and a useful data unit of the Internet layer; and wherein the useful data unit of the Internet Layer comprises a pre-specified recognition information in order to hide the pre-specified recognition within the data packet as disclosed by McAlister. One of ordinary skill in the art would have been motivated for the purpose of to allow private traffic to be sent in a secure manner and prevent false identity (McAlister [7]).
Although Albrecht discloses transmittion device and IP protocol, the combination of the combination of Albrecht-Gerlach-Dargis-McAlister do not expressly teach but Arregoces teaches wherein the transmission device has no IP address (Arregoces teaches another key advantage of the transparent virtual firewall is that has no IP addresses [0025]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Albrecht-Gerlach-Dargis-McAlister to include wherein the transmission device has no IP address as disclosed by Arregoces. One of ordinary skill in the art would have been motivated for the purpose of so it is unreachable and invisible to the outside world (Arregoces [0025]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Klotsche et al. (US 20140328204) discloses the first packet inspection a source or destination address may be masked from the data packet header. The address may then be used as entry key or input value for a look-up table.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                  

/HARESH N PATEL/Primary Examiner, Art Unit 2496