DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action.
The prior office actions are incorporated herein by reference. In particular, the observations with respect to claim language, and response to previously presented arguments.	
Claims 12-31, now renumbered as claims 1-20, have been examined. 

Allowable Subject Matter
Claims 12-31 are allowed over prior art of record.

Response to Arguments
Applicant’s arguments, see Remarks filed on 05/24/2022, have been fully considered. 

Examiner's Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
Independent claims 12, 25 and 28 are allowed in view of reasons presented by the applicant in the Remarks. Claims 13-24, 26-27 and 29-31 depend on one of the above independent claims and are therefore, allowed by virtue of their dependency.
Prior art of record Dierickx teaches: An integrated security system is disposed within a single system element of an information system. The security system comprises of an intrusion prevention system (IDS) and/or an intrusion detection system (IPS), a wireless fidelity (Wi-Fi) device and a hardware security module (HSM). The Wi-Fi device receives and inspects inbound wireless data traffic for denial of service attacks, data snooping and other security risks. The Wi-Fi device blocks any unwanted data and provides wanted inbound data traffic to the IPS/IDS for further inspection. The IPS/IDS filters traffic based on data signatures and rules and blocks any unwanted data from being transmitted to the information system. The HSM is an integrated circuit device and stores sensitive information using hardware encryption. The HSM manages digital keys and provides strong authentication to access critical keys. Prior art of record Meriac teaches: A node device connects a transmitter device to a receiver device. The node device comprises of a whitelist of data packets that the transmitter device is permitted to send and the receiver device is permitted to receive. The node device compares received data packets against the whitelist to determine if the packets are permitted. 
However, Dierickx and Meriac fail to teach: “a system-on-a-chip and an intrusion detection unit configured as a third hardware component on the system-on-a-chip, wherein the intrusion detection unit is further configured to: connect with the filter device and/or the secure element via a signal connection”, i.e., the prior arts Dierickx and Meriac teach an integrated security system implemented on a single element of an information system comprising an intrusion detection/prevention system connected to a Wi-Fi device (filter device) but fail to teach a system-on-a-chip comprising a intrusion detection unit configured as a hardware component on the system-on-a-chip.
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
KR20070011736A to Ryu et al: A hardware-based intrusion prevention device, and a system and method thereof are provided to realize an intrusion detection process in SoC(System on Chip) type, thereby remarkably improving a processing speed while magnifying intrusion prevention effect by performing bandwidth management as well as pattern matching. It is detected whether an abnormal session is formed through packets incoming from an external network or an internal network(S301,S303). It is detected whether the packets incoming from the external network refer to harmful traffic(S305). If not, a predetermined preprocessing procedure for pattern matching is carried out with regards to the packets incoming from the external network(S307). The pattern matching is executed to decide whether an intrusion upon the packets which pass through the preprocessing process occurs. Predetermined intrusion prevention measures corresponding to each packet decided as being intruded by the abnormal session detection, harmful traffic detection, or pattern matching are taken(S309,S317).
KR100750377B1 to Kim et al: A network security system based on SoC(System on Chip) and a method thereof is provided to make a security platform by using an SoC-based technology, thereby making a network security product according to each application and performing traffic test without deteriorating the performance in a gigabit network environment. A network security system based on SoC(System on Chip) comprises the followings: a hardware security module(21) based on SoC for passing/blocking a packet in hardware manner based on the SoC according to configuration setup and security policy of an application and reporting the performed result to the application; and an application security module(22) for deciding security policy and packet control, transmitting the decided result to the hardware security module and generating test and report data.
NETWORK INTRUSION DETECTION SYSTEMS ON FPGAS WITH ON-CHIP NETWORK INTERFACES by Clark et al: Network intrusion detection systems (NIDS) are critical network security tools that help protect distributed computer installations from malicious users. Traditional software-based NIDS architectures are becoming strained as network data rates increase and attacks intensify in volume and complexity. In recent years, researchers have proposed using FPGAs to perform the computationally-intensive components of a NIDS. In this work, we present the next logical step in NIDS architecture: the integration of network interface hardware and packet analysis hardware into a single FPGA chip. This integration allows for better customization of the NIDS as well as a more flexible foundation for network security operations. To demonstrate the benefits of this technique, we have implemented a complete and functional NIDS in a Xilinx Virtex II/Pro FPGA that performs in-line packet filtering on multiple Gigabit Ethernet links using rules from the Snort attack database.
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438