DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on April 12, 2022 in response to the first office action on merit.

Remarks
Pending claims for reconsideration are claims 1, 3-8, 12-21. Applicant has
Amended claims 1, 3-8, 12, and 16-19. 
Canceled claims 2, 9-11 and 22-25. 

Response to Arguments
Applicant’s arguments filed on April 12, 2022 with respect to amended claims have been considered but they are deemed moot in view of the new grounds of rejection (see 103 rejection below).

Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, and 16 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  
For claims 1, and 16 recite a similar statement as this: “based on the MAC address, identifying an IPSEC] (IP Security) policy for securing the communication…”.  Examiner finds the closest support that probably can be attributed to the above limitations in applicant provided specification which explains that “…apply security policies based on interface -specific addresses (e.g., media access control (MAC) addresses at the layer 2 level” [Specification, Para 0003].  The applicant provided specification details that IPSEC polices are associated with the dynamic IP addresses at layer 3, while security polices can be related to MAC addresses at layer 2. Furthermore, applicant provided specification failed provided any details which states that “IPSEC policies” and the “security policies” are interchangeable; therefore, current amendment to claims which seeks that “based on the MAC address, identifying an IPSEC] (IP Security) policy for securing the communication…” is not supported by the applicant provided specification. For the examining purpose office assumes the following and amends the claims such “based on the MAC address, identifying a set of security policies for securing the communication…”.
Claims 3 and 17-21 inherit the deficiencies of the base claims 1, and 16 respectively and therefore are rejected under 35 USC § 112 by virtue of their dependency. Appropriate correction is requested.

Double Patenting 
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1, 3, 5-8, and 12-21 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1, 3-7, 9-12, and 15-20 of U.S. Patent No. 10,505,891. Although the conflicting claims are not identical, they are not patentably distinct from each other because all the limitations of claims 1, 3, 5-8, and 12-21 of this instant application are found in claims 1, 3-7, 9-12, and 15-20 of the patent No. 10,505,891. Therefore, claims 1, 3, 5-8, and 12-21 of this instant application are anticipated by claims 1, 3-7, 9-12, and 15-20 of Patent 10,505,891, because all the limitation of broader genus claims of this instant application are contained in the narrower species claims of Patent 10,505,891.

Application No.16/684376
Patent No. 10,505,891
1. A method for securing communication of data messages of a particular machine comprising a dynamic first level address, the method comprising: 






identifying a fixed second level address for a particular data message, wherein the fixed second level address is associated with an interface of the particular machine; 

based on the fixed second level address, identifying a set of security policies for securing the communication of the particular data message; and 
applying the set of security policies to the particular data message.
1. A method for securing communication of data messages of a particular machine in a network, the particular machine comprising a dynamic first level address, the method comprising:
 based on the dynamic first level address, determining whether an encryption method and encryption key are identifiable for a particular data message; when no encryption method and encryption key are identifiable based on the dynamic first level address,
identifying a static second level address for the 
particular data message, wherein the static second level address is associated with an interface of the particular machine;
 based on the static second level address, identifying an encryption method and encryption key for securing the communication of the particular data message; and applying the encryption method and encryption key to the particular data message.


3. The method of claim 2, wherein identifying the fixed second level address comprises routing the particular data message based on a destination IP address of the particular data message., wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
3. The method of claim 2, wherein identifying the static second level address comprises routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
4. The method of claim 1, wherein the set of security policies comprises an encryption method and a shared key.

5. The method of claim 4, wherein applying the set of security policies comprises encrypting at least a portion of the particular data message based on the encryption method and the shared key.
4. The method of claim 1, wherein applying the encryption method and encryption key comprises encrypting at least a portion of the particular data message based on the encryption method and the encryption key.
6. The method of claim 4, wherein applying the set of security policies comprises decrypting at least a portion of the particular data message based on the encryption method and the shared key.
5. The method of claim 1, wherein applying the encryption method and encryption key comprises decrypting at least a portion of the particular data message based on the encryption method and the encryption key.
7. The method of claim 1 further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network.
6. The method of claim 1 further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network
8. The method of claim 1 further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network.
7. The method of claim 1 further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network.
12. The method of claim 1, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a fixed second level address, wherein identifying the set of security policies comprises using the fixed second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different sets of security policies for the fixed second level addresses of the plurality of interfaces.
9. The method of claim 1, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a static second level address, wherein identifying the encryption method and encryption key based on the static second level address comprises using the static second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different encryption methods and encryption keys for the static second level addresses of the plurality of interfaces.
13. The method of claim 12, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.
10. The method of claim 9, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.
14. The method of claim 1, wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC).
11. The method of claim 1, wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC).
15. The method of claim 1, wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram.
12. The method of claim 1, wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram.
16. A non-transitory machine readable medium storing a program which when executed by at least one processing unit secures communication of data messages of a particular machine comprising a dynamic first level address, the program comprising sets of instructions for: 







identifying a fixed second level address for a particular data message, wherein the fixed second level address is associated with an interface of the particular machine; 

based on the fixed second level address, identifying a set of security policies for securing the communication of the particular data message; and 
applying the set of security policies to the particular data message.
15. A non-transitory machine readable medium storing a program which when executed by at least one processing unit secures communication of data messages of a particular machine in a network, the particular machine comprising a dynamic first level address, the program comprising sets of instructions for: 
based on the dynamic first level address, determining whether an encryption method and encryption key are identifiable for a particular data message; when no encryption method and encryption key are identifiable based on the dynamic first level address, 

identifying a static second level address for the particular data message, wherein the static second level address is associated with an interface of the particular machine; 
based on the static second level address, identifying an encryption method and encryption key for securing the communication of the particular data message; and applying the encryption method and encryption key to the particular data message.
17. The non-transitory machine readable medium of claim 16, wherein the dynamic first level address is an Internet Protocol (IP) address and the fixed second level address is a Media Access Control (MAC) address, wherein the set of instructions for identifying the fixed second level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
16. The non-transitory machine readable medium of claim 15, wherein the dynamic first level address is an Internet Protocol (IP) address and the static second level address is a Media Access Control (MAC) address, wherein the set of instructions for identifying the static second level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
18. The non-transitory machine readable medium of claim 16, wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption method and the shared key.
17. The non-transitory machine readable medium of claim 15, wherein the set of instructions for applying the encryption method and encryption key comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption method and the encryption key.

19. The non-transitory machine readable medium of claim 16, wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption method and the shared key.
18. The non-transitory machine readable medium of claim 15, wherein the set of instructions for applying the encryption method and encryption key comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption method and the encryption key.

20. The non-transitory machine readable medium of claim 16, wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network.
19. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network.
21. The non-transitory machine readable medium of claim 16, wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network.
20. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network.
25. The non-transitory machine readable medium of claim 16, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a fixed second level address, wherein the set of instructions for identifying the set of security policies comprises a set of instructions for using the fixed second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different sets of security policies for the fixed second level addresses of the plurality of interfaces, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.
22. The non-transitory machine readable medium of claim 15, wherein the particular machine comprises a plurality of interfaces and each interface of the plurality of interfaces is associated with a static second level address, wherein the set of instructions for identifying the encryption method and encryption key based on the static second level address comprises a set of instructions for using the static second level address of the particular data message to perform a lookup on a set of security tables, the set of security tables comprising different encryption methods and encryption keys for the static second level addresses of the plurality of interfaces, wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network.


Claims 1, 3-7, 9-12, and 15-20 of Patent No. 10,505,891 contain every element of claims 1, 3, 5-8, and 12-21 of the instant application and thus anticipate the claims of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later application/patent claim is not patentably distinct from an earlier claim if the later claim anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
 Accordingly, absent a terminal disclaimer, claims 1, 3, 5-8, and 12-21 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-8, and 12-21 are rejected under AIA  35 U.S.C. 103(a) 35 U.S.C. 103 as being obvious over Saraiya et al. (U.S. Patent Application Publication No.: US 2011/0299537 A1 / or “Saraiya” hereinafter and in view of Tanizawa et al. (U.S. Patent Application Publication No.: US 2005/0135625 A1 / or “Tanizawa” hereinafter [both references are provided by the applicant]).

[Based on 112(a)] Regarding claim 1, Saraiya discloses “A method for securing communication of data messages of a particular machine comprising a dynamic IP (Internet Protocol) address, the method comprising” (Abstract: method, system and articulate of manufacture is disclosed; and Fig. 1: Host 102; and Para 0021: Host 102 with IP address):
“at a host computer on which the particular machine executes” (Fig. 1: Host 102 with Virtual Machine 108 i.e., a “particular machine”):
“identifying, for a particular data message to or from the particular machine, a fixed MAC (media access control) address associated with an interface of the particular machine” (Fig. 1: Host 102 with Network subsystem 104; and Para 0022, Network subsystem has Ethernet Interfaces);
“based on the MAC address, identifying a set of [security policies] for securing the communication of the particular data message” (Para 0027:30-41, discloses applying ACL rules to filter data packets, where the ACL rules make use of MAC and IP address information);
“and applying the set of [security policies] to the particular data message” (Para 0029: applies ACL rules to data packets).
	But, Saraiya fails to specially discloses identify a set of security policies based on MAC address in data communication.
However, Tanizawa discloses use of a set of security polices in data communication (Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device.  Note: applicant provided specification explains the set of security policies comprises an encryption method and a shared key for encrypting [see Specification, Para 0009]).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of identify a set of security policies based on MAC address in data communication to the system of Saraiya to encrypt data message  for transmission to a client terminal (Tanizawa, Para 0103) and the ordinary person skilled in the art would have been motivated to combine to access and apply proper decryption key used in encrypting the data message  (Tanizawa, Para 0110).

Regarding claim 3, in view of claim 1, Saraiya discloses “wherein identifying the MAC address comprises routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server” (Para 0017:30-41, discloses applying ACL rules to filter data packets, where the ACL rules make use of MAC and IP address information).

Regarding claim 4, Saraiya discloses “A method for encrypting data messages associated with a particular machine and forwarded in a network, the method comprising” (Abstract: method, system and articulate of manufacture is disclosed; and Fig. 1: Host 102; and Para 0021: Host 102 with IP address): 
“N166.C1-- 2 --at a computer on which the particular machine executes” (Fig. 1: Host 102 with Virtual Machine 108 i.e., a “particular machine”):
 “receiving a particular data message to or from the particular machine, the particular data message comprising a dynamic first level address that is assigned to an interface associated with the particular machine” (Para 0021: Host 102 with IP address); 
“identifying a static second level address associated with the interface associated with the particular machine” (Fig. 1: Host 102 with Network subsystem 104; and Para 0022, Network subsystem has Ethernet Interfaces); 
“based on the static second level address, identifying an encryption method and an encryption key for securing the communication of the particular data message” (Para 0027:30-41, discloses applying ACL rules to filter data packets, where the ACL rules make use of MAC and IP address information);
“[and applying the encryption method and encryption key to the particular data message]”.
	But, Saraiya fails to specially discloses identify a set of security policies based on MAC address in data communication.
However, Tanizawa discloses “and applying the encryption method and encryption key to the particular data message” (Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device.  Note: applicant provided specification explains the set of security policies comprises an encryption method and a shared key for encrypting [see Specification, Para 0009]).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of identify a set of security policies based on MAC address in data communication to the system of Saraiya to encrypt data message  for transmission to a client terminal (Tanizawa, Para 0103) and the ordinary person skilled in the art would have been motivated to combine to access and apply proper decryption key used in encrypting the data message  (Tanizawa, Para 0110).

Regarding claim 5, in view of claim 4, Saraiya in view of Tanizawa disclose “wherein applying the encryption method and encryption key comprises encrypting at least a portion of the particular data message based on the encryption method and the encryption key” (Tanizawa, Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device).

Regarding claim 6, in view of claim 4, Saraiya in view of Tanizawa disclose “wherein applying the encryption method and encryption key comprises decrypting at least a portion of the particular data message based on the encryption method and the encryption key” (Tanizawa, Para 0108: decrypts the packet based on the cryptographic method and the cryptographic key).

Regarding claim 7, in view of claim 5, Saraiya in view of Tanizawa “further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network” (Tanizawa, Para 0103: packet is transmitted to a destination).

Regarding claim 8, in view of claim 6, Saraiya in view of Tanizawa “further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network” (Tanizawa, Para 0127, identifies a MAC address i.e., a “static second level address” for a packet).

Regarding claim 12, Saraiya in view of Tanizawa “A method for encrypting data messages associated with a particular machine and forwarded in a network, the method comprising:
 receiving a particular data message destinated to or sent from the particular machine, the particular data message comprising a dynamic first level address that is assigned to a particular interface of the particular machine, the particular machine comprising a plurality of interfaces and each interface of the plurality of interfaces is associated with a unique fixed second level address and a different dynamic first level address; 
identifying, for the particular data message, the static second level address associated with the particular interface of the particular machine; 
based on the identified static second level address, identifying a security policy for the particular data message by, using the fixed second level address identified for the particular data message to perform a lookup to select one security policy from a plurality of security policies that are specified for the plurality of fixed second level addresses of the plurality of interfaces; 
applying the identified security policy to the particular data message” (see rejection of claim 4).

Regarding claim 13, in view of claim 12, Saraiya in view of Tanizawa discloses “wherein a first interface of the plurality of interfaces communicates with a public network and a second interface of the plurality of interfaces communicates with a private network” (Tanizawa, Fig. 1: an access point interfaces both client side and network side; and Para 0137).

Regarding claim 14, in view of claim 1, Saraiya discloses “wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC)” (Saraiya: Fig. 2; and Para 0028, virtual machine with vNICs).

Regarding claim 15, in view of claim 1, Saraiya in view of Tanizawa discloses “wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram” (Saraiya, Para 0027, identifies a MAC address i.e., a “static second level address” for a packet).

[Based on 112(a)] Regarding claim 16, Saraiya in view of Tanizawa discloses “A non-transitory machine readable medium storing a program which when executed by at least one processing unit of a host computer secures communication of data messages of a particular machine executing on the host computer and comprising a dynamic IP (Internet Protocol) address, the program comprising sets of instructions for” (Para 0015, an apparatus with memory is disclosed in securing data packet by encrypting):   
“identifying, for a particular data message to or from the particular machine, a fixed MAC (media access control) address associated with an interface of the particular machine; 
based on the fixed MAC address, identifying a set of security policies for securing the communication of the particular data message; 
and applying the identified set of security policies to the particular data message” (see rejection of claim 1).

Regarding claim 17, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the set of instructions for identifying the MAC level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, 
wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server” (see rejection of claim 3).

[Based on 112(a)] Regarding claim 18, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption method and the shared key” (See rejection of claim 5).

[Based on 112(a)] Regarding claim 19, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the set of security policies comprises an encryption method and a shared key, wherein the set of instructions for applying the set of security policies comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption method and the shared key” (See rejection of claim 6).

Regarding claim 20, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network” (See rejection of claim 7).

Regarding claim 21, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network” (See rejection of claim 8).


Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Mazarick et al. (U.S. Patent No.: US 2009/0106405 A1) discloses “…A client VLAN 2310 is created and the first address of the subnet is assigned to the client VLAN's firewall 2311. The firewall contains a DHCP table that is created when the firewall is initialized to hold the mappings of the preregistered MAC addresses to IPs so that the IP is known as machines are added. The client is given a gateway 2001 configured to deliver the client's network packets directly to the virtual firewall 2311 through an IPSEC tunnel…” (Para 0021)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431