DETAILED ACTION
	This Office Action is in response to an RCE, filed 22 June 2022, wherein Claims 16-17, 19-20, 22-23, 25-38 are pending and ready for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 22 June 2022 has been entered.
 
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Aaron Grunberger on 26 July 2022. 
The application has been amended as follows: 

1-15. (Canceled).
16. (Currently Amended) A method for operating a communications system including at least one network infrastructure component and at least one communications device, the at least one network infrastructure component being configured to forward data to and/or from the at least one communications device, the method comprising the following steps:
allocating the at least one communications device to at least one of a plurality of security zones, wherein each of the plurality of security zones is a logical virtual area of the communications system formed by the allocation; 
specifying at least one forwarding rule that assigns a respective communication, by the at least one communications device within the communications system, to one or more of the plurality of security zones, the assignment limiting a transmission of the communication to being to, from, and/or within the one or more of the plurality of security zones to which the respective communication is assigned; 
temporarily deactivating one of the security zones so that communications are transmittable within the deactivated one of the security zones during its deactivation without regard to compliance with the at least one forwarding rule, the at least one forwarding rule being required to be complied with for communications in the one of the security zones when the one of the security zones is not deactivated.
17. (Previously Presented) The method as recited in claim 16, wherein the communications system is based on software-defined network (SDN) and the at least one network infrastructure component is an SDN switch.
18. (Canceled). 
19. (Previously Presented) The method as recited in claim 16, wherein the communications system has at least one first subnet and one second subnet, and a first communications device of the first subnet and a second communications device of the second subnet are allocated to a shared one of the security zones.
20. (Previously Presented) The method as recited in claim 16, wherein the allocating of the at least one communications device and/or the specifying of the at least one forwarding rule is carried out dynamically during a running application of the communications system. 
21. (Canceled). 
22. (Previously Presented) The method as recited in claim 16, wherein the specification of a forwarding rule of the at least one forwarding rule includes distributing the forwarding rule to a network infrastructure component of the at least one network infrastructure component.
23. (Previously Presented) The method as recited in claim 16, wherein the specification of a forwarding rule of the at least one forwarding rule includes defining the forwarding rule.
24. (Canceled). 
25. (Previously Presented) The method as recited in claim 16, wherein the specification of a forwarding rule of the at least one forwarding rule takes place dynamically during a running application of the communications system.
26. (Previously Presented) The method as recited in claim 16, further comprising the following step:
forwarding data to and/or from the at least one communications device as a function of the at least one forwarding rule, by the network infrastructure component.
27. (Currently Amended) A device for operating a communications system which includes at least one network infrastructure component and at least one communications device, the network infrastructure component being configured for forwarding data to and/or from the at least one network infrastructure component, and the device being configured to:
allocate the at least one communications device to at least one of a plurality of security zones, wherein each of the plurality of security zones is a logical virtual area of the communications system formed by the allocation; 
specify at least one forwarding rule that assigns a respective communication, by the at least one communications device within the communications system, to one or more of the plurality of security zones, the assignment limiting a transmission of the communication to being to, from, and/or within the one or more of the plurality of security zones to which the respective communication is assigned; 
temporarily deactivate one of the security zones so that communications are transmittable within the deactivated one of the security zones during its deactivation without regard to compliance with the at least one forwarding rule, the at least one forwarding rule being required to be complied with for communications in the one of the security zones when the one of the security zones is not deactivated.
28. (Previously Presented) The device as recited in claim 27, wherein the communications system is based on software-defined networking (SDN), and the least one network infrastructure component is an SDN switch.

29. (Currently Amended) A network infrastructure component of a communications system, the communications system including at least one communications device, the network infrastructure component configured to:
allocate the at least one communications device to at least one of a plurality of security zones, wherein each of the plurality of security zones is a logical virtual area of the communications system formed by the allocation; 
specify at least one forwarding rule that assigns a respective communication, by the at least one communications device within the communications system, to one or more of the plurality of security zones, the assignment limiting a transmission of the communication to being to, from, and/or within the one or more of the plurality of security zones to which the respective communication is assigned; 
skip a check of whether a communication is enabled for transmission within one of the security zones in response to a temporary deactivation of the one of the security zones by which communications are transmittable within the deactivated one of the security zones during its deactivation without regard to compliance with the at least one forwarding rule, the at least one forwarding rule being required to be complied with for communications in the one of the security zones when the one of the security zones is not deactivated.
30. (Previously Presented) The network infrastructure component as recited in claim 29, wherein the communications system is based on software-defined networking (SDN), and the network infrastructure component is an SDN switch.

31. (Currently Amended) A non-transitory computer-readable storage medium on which is stored a computer program including computer-readable instructions for operating a communications system including at least one network infrastructure component and at least one communications device, the at least one network infrastructure component being configured to forward data to and/or from the at least one communications device, the computer-readable instructions, when executed by a computer, causing the computer to perform:
allocating the at least one communications device to at least one of a plurality of security zones, wherein each of the plurality of security zones is a logical virtual area of the communications system formed by the allocation; 
specifying at least one forwarding rule that assigns a respective communication, by the at least one communications device within the communications system, to one or more of the plurality of security zones, the assignment limiting a transmission of the communication to being to, from, and/or within the one or more of the plurality of security zones to which the respective communication is assigned; 
temporarily deactivating one of the security zones so that communications are transmittable within the deactivated one of the security zones during its deactivation without regard to compliance with the at least one forwarding rule, the at least one forwarding rule being required to be complied with for communications in the one of the security zones when the one of the security zones is not deactivated.

32. (Currently Amended) A communications system, comprising:
at least one communications device;
at least one network infrastructure component configured to forward data to and/or from the at least one network infrastructure component; and
a device for operating the communications system, wherein the device is configured to:
allocate the at least one communications device to at least one of a plurality of security zones, wherein each of the plurality of security zones is a logical virtual area of the communications system formed by the allocation; 
specify at least one forwarding rule that assigns a respective communication, by the at least one communications device within the communications system, to one or more of the plurality of security zones, the assignment limiting a transmission of the communication to being to, from, and/or within the one or more of the plurality of security zones to which the respective communication is assigned; 
temporarily deactivate one of the security zones so that communications are transmittable within the deactivated one of the security zones during its deactivation without regard to compliance with the at least one forwarding rule, the at least one forwarding rule being required to be complied with for communications in the one of the security zones when the one of the security zones is not deactivated.
33. (Previously Presented) The communications system as recited in claim 32, wherein the communications system is based on software-defined networking (SDN).

34. (Currently Amended) A method comprising:
providing a device for operating a communications system which includes at least one network infrastructure component and at least one communications device, wherein the network infrastructure component is configured to forward data to and/or from the at least one network infrastructure component, and the device is configured to: 
(i) allocate the at least one communications device to at least one of a plurality of security zones, wherein each of the plurality of security zones is a logical virtual area of the communications system formed by the allocation; 
(ii) specify at least one forwarding rule that assigns a respective communication, by the at least one communications device within the communications system, to one or more of the plurality of security zones, the assignment limiting a transmission of the communication to being to, from, and/or within the one or more of the plurality of security zones to which the respective communication is assigned; and 
(iii) temporarily deactivate one of the security zones so that communications are transmittable within the deactivated one of the security zones during its deactivation without regard to compliance with the at least one forwarding rule, the at least one forwarding rule being required to be complied with for communications in the one of the security zones when the one of the security zones is not deactivated; and
using the device to control the communications system
35. (Currently Amended) The method as recited in claim 16, wherein the assignment is based on a classification of a type of data that is included in the respective communication.
36. (Currently Amended) The method as recited in claim 16, wherein a third of the security zones, which is defined by allocation of the two of the security zones to the third of the security zones.
37. (Canceled). 
38. (Previously Presented) The method as recited in claim 16, wherein the specifying is performed for the respective communication in response to receipt of the respective communication with an appended tag, and the assignment is based on the tag appended to the respective communication.


REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:

Claim 1 (and similarly recited in the other independent claims) recite:
“[…] temporarily deactivating one of the security zones so that communications are transmittable within the deactivated one of the security zones during its deactivation without regard to compliance with the at least one forwarding rule, the at least one forwarding rule being required to be complied with for communications in the one of the security zones when the one of the security zones is not deactivated.”

	The closest prior art of Cooper et al. (US 20160205071) discloses a system that provides different security zones that communications are assigned and allowed to be exchanged based on the users’ security zones. Leafe et al. (US 20120233668) describes various logical zones within a datacenter that may overlap with various permissions allowed based on the zones. Schultz et al. (US 20180041470) describes the use of shared security zones for nodes in different datacenters and/or locations. Pignorel et al. (US 20190132331) describes methods of containing different communication types within certain zones based on the type of communications being sent. The prior art of Fainberg et al. (US 20200007396) describes the use of segmentation policies within certain zones with some of the zones overlapping – the communications being appended with various tags for identification purposes. 
	The closest prior art fails to disclose the above-recited feature in the claims. Nor would one of ordinary skill in the art find it obvious to bridge any potential combination with the closest prior arts, with any reasonable motivation(s), to arrive at the claimed invention without using hindsight reasoning to produce the motivation(s) to combine the prior arts. Accordingly, Claims 16-17, 19-20, 22-23, 25-36, and 38 are allowed.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN A SPARKS whose telephone number is (571)431-0735. The examiner can normally be reached IFP (Flex) Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached on 571-272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JONATHAN A. SPARKS/
Examiner
Art Unit 2459



/SCHQUITA D GOODWIN/Examiner, Art Unit 2459