Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Applicant’s amendment filed 8/2/2022 has been entered.  Claims 13, 18, 21, 24 and 25 were amended.  Applicant’s amendment to claim 21 has overcome the 112(b) rejection in the Non-Final Office Action mailed 5/25/2022.
Claims 13-25 are presented for examination.

Response to Arguments
Applicant's arguments filed 8/2/2022 have been fully considered but they are not persuasive. The amended limitations are rejected under §103 by Gerlach (EP 2464059) in view of Wu (US 2016/0050141) in view of with Strohmenger (2016/0274552).
On page 7, Applicant argues that claim 25 has been amended so that the firewall interface is now included in the automation cell (a respective firewall interface included in a respective automation cell) and is therefore not taught by Gerlach and Wu.  Examiner respectfully disagrees.  The previous claims (filed 2/27/2020) already claimed a firewall interface in the automation cell.
On the last ¶ of page 7, Applicant refers to their own specification1 to argue that Gerlach’s first network node must connect to the second network node via a system bus.  The claim recites “a firewall interface” and “the respective firewall interface for checking to a firewall system connected at least indirectly to the industrial communications network”  This reasonably means the automation cells have a connection (interface) with which it can communicate (interact) with a firewall system.  The claim does not place further restrictions on the interface so it does not preclude system buses as alleged by the Applicant’s interpretation of Gerlach.
On page 8, first ¶, Applicant argues claim 13 requires a firewall in the automation cell.  The claim recites: “datagrams to be checked being transmitted from the plurality of automation cells via the respective firewall interface for checking to a firewall system”  A firewall interface is not the same as a firewall, thus the firewall system is not claimed to be within the automation cell.  Therefore, claim 13 does not claim inclusion of the firewall in the automations cell.
On page 8, bottom ¶, Applicant’s argues that Gerlach is not capable of a firewall and firewall interfaces at the same time are not persuasive, they are allegations.  Gerlach shows an automation cell with a firewall interface from an automation cell connected to a security component which satisfies the limitation “a respective firewall interface”  Gerlach Fig 2  shows a firewall interface connecting the automation cell (100) to a security component (204).  Gerlach has no description of no feasibility for Fig 2.
The claims are rejected because the language of the claims does not distinguish them from the references.

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13-17, 21  and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Gerlach (EP 2464059) in view of Wu (US 2016/0050141) (Machine translation of EP2464059 used) in view of Strohmenger (2016/0274552).

Regarding claim 13, Gerlach teaches
a method for checking datagrams transmitted within an industrial automation system comprising a plurality of automation cells which are interconnected via an industrial communications network (Gerlach, [0001] The invention relates to a switching network node for a communication network, an automation system [0027] automation cell 100, See Fig. 2) and which each comprise a respective firewall interface (Gerlach, [0005] each automation cell 100 is also assigned a security component “Security device” 104.) and a plurality of automation appliances, (Examiner Note: devices connected to automation cell) datagrams to be checked being transmitted from the plurality of automation cells via the respective firewall interface for checking to a firewall system connected at least indirectly to the industrial communications network and being checked at the firewall system in a rule-based manner, (Gerlach [0006] security device 104 is a firewall  [0040] In addition to the firewall and VPN functionality of the security hardware components)
automation cells … are each connected to the industrial automation system (Gerlach, [0005] Various automation cells 100 are shown in FIG. 1, which can communicate with a system bus 110  [0001] automation system)
Gerlach teaches a firewall within a data processing system comprising a plurality of computer units, (Gerlach [0006] [0040]) but does not teach the firewall system being formed by at least one virtual machine.
However Wu teaches being checked at the firewall system in a rule-based manner, the firewall system being formed by at least one virtual machine (Wu [0187]  Generally, a firewall function may be installed on many servers, for example, a virtual machine VM  [0193] The processing unit 72 is configured to: determine in policy information stored in the storage unit 74 and according to a first filtering rule that matches the first packet,)
(Examiner Note: The preamble is reciting purpose or intended use see MPEP 2111.02 II, it does not result in a manipulative difference in the datagrams.  However for compact prosecution, the preamble is mapped to Gerlach and Wu)
Gerlach teaches the communication flow from a firewall interface to a firewall (Gerlach [0040] In addition to the firewall and VPN functionality of the security hardware components in routing mode (i.e. for connecting subnets), the firewall and VPN functionality can also be provided for coupling with the same subnet … Since only one communication to be protected participants has to be routed through the hardware security components [0003] secured via upstream security components …The entire traffic must always flow through this component be checked)
Gerlach does not explicitly teach establishing a data link layer tunnel.
However Wu teaches
establishing a data link layer tunnel between each respective firewall interface and the firewall system to transmit the datagrams to be checked; (Wu [0239] The service routing trigger 1 acquires the service identifier 10 from the source MAC address field of the service packet returned by the service node 1, and sends the user service packet whose source MAC address carries the service identifier 10 to the service routing trigger 2 by using a pre-established VxLAN tunnel.  [0083] The service node mentioned in the embodiments of the present disclosure may be a physical entity device, for example, a network device such as a router, a switch, or a server, or may be a logical functional entity or an application, for example, a firewall,)  (Examiner Note: VxLAN tunnel satisfies data link layer tunnel) 
transmitting at least successfully checked datagrams along with datagrams to be checked within the respective data link layer tunnel; and  (Wu [0194] The first filtering rule may include one or multiple of: a source address, a destination address, a source port, a destination port, and a protocol number that are of the first packet. For example, a first packet flow corresponding to the first packet may be identified by using 5-tuple information (a source address, a destination address, a source port, a destination port, and a protocol number) of the first packet.) (Examiner Note: Wu’s filtering is a firewall function)
encapsulating each datagram transmitted within the data link layer tunnels into a tunnel datagram which comprises a network layer header and a transport layer header along with the respective datagram, and transmitting each encapsulated datagram transmitted within the data link layer tunnels via a transport layer connection between the respective firewall interface and the firewall system (Wu [0245] It is assumed that a firewall value-added service is needed for processing when hosts or virtual machines between different subnets of a same tenant interwork with each other, and each service node device in FIG. 11 has a function of processing of a firewall value-added service, [0239] using a pre-established VxLAN tunnel) (Examiner Note: VxLAN tunnel encapsulates layer two frames with a layer 4 UDP datagram which satisfies a network and transport layer)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Wu’s traffic classifier system with Gerlach’s integrated safety network because doing so improves the network by reducing processing of problem packets (Wu, [0004] An objective of embodiments of the present disclosure is to provide a traffic classifier, a service routing trigger, and a packet processing method and system, so as to resolve a problem of service processing on a packet.)
While Gerlach teaches a security interface which reasonably reads on firewall interface (Gerlach [0006]), in the interest of compact prosecution Strohmenger is cited to teach an interface to a firewall device.
However Strohmenger teaches 
each respective firewall interface being included in a respective automation cell of the automation system  (Strohmenger, [0143] For example, FIG. 10 illustrates an example system 1000 that can comprise a firewall box 1012 that can serve as a cloud proxy for a set of industrial devices 1006.sub.1, 1006.sub.2, and/or (up through) 1006.sub.N.  …  Firewall box 1012 can allow industrial devices 1006.sub.1, 1006.sub.2, and/or (up through) 1006.sub.N to interact with the cloud platform without directly exposing the industrial devices to the Internet.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have substituted Strohmenger’s firewall device with Gerlach’s security device because both are security devices and it would yield predictable results.  Furthermore the use of a firewall device allows more secure remote maintenance on the industrial system (Strohmenger [0004] During operation of a given industrial automation system, comprising a collection of industrial devices, industrial processes, other industrial assets, and network-related assets, users (e.g., operators, technicians, maintenance personnel, etc.) typically can monitor or manage operations of the industrial automation system, perform maintenance, repairs, or upgrades on the industrial automation system, or perform other tasks in connection with operation of the industrial automation system. [0006] A cloud-based industrial controller can control the industrial devices, industrial processes, other industrial assets, and other components of the industrial automation system(s) via control algorithms that can execute on the cloud platform)


Regarding claim 14, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 13, wherein the firewall interfaces are each integrated into a controller or router of the respective automation cell (Gerlach, [0017] a single integrated security component can be internally virtualized in such a way that it appears to the user as if several security components have been integrated)

Regarding claim 15, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 13, wherein the industrial communications network comprises a first subnetwork which is secured against access from a second IP-based subnetwork and is connected via a router to the second subnetwork (Wu, [0262] After completing firewall value-added service processing, the source MAC address of the service packet returned by the service node 1 to the service routing trigger 1 carries the service identifier 100, and a VLAN identifier field carries the VLAN identifier 101. It is determined, according to the second policy information, that the service node sequence ends; then, according to a correspondence between the tenant identifier 100 and the VLAN identifier 101 in the second policy information, the VLAN identifier field is removed, the VxLAN tunnel is encapsulated, the tenant identifier 100 is encapsulated into the VxLAN tenant identifier of the VxLAN tunnel ID, and then routing and forwarding to another subnet of the tenant are performed.)
Wu is combined with Gerlach for the same reasons as claim 13.  

Regarding claim 16, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 14, wherein the industrial communications network comprises a first subnetwork which is secured against access from a second IP-based subnetwork and is connected via a router to the second subnetwork (Wu, [0262] After completing firewall value-added service processing, the source MAC address of the service packet returned by the service node 1 to the service routing trigger 1 carries the service identifier 100, and a VLAN identifier field carries the VLAN identifier 101. It is determined, according to the second policy information, that the service node sequence ends; then, according to a correspondence between the tenant identifier 100 and the VLAN identifier 101 in the second policy information, the VLAN identifier field is removed, the VxLAN tunnel is encapsulated, the tenant identifier 100 is encapsulated into the VxLAN tenant identifier of the VxLAN tunnel ID, and then routing and forwarding to another subnet of the tenant are performed.)
Wu is combined with Gerlach for the same reasons as claim 13.  

Regarding claim 17, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 15, wherein the data processing system which the virtual machine forming the firewall system provides is connected to the second subnetwork (Wu, [0262] After completing firewall value-added service processing, the source MAC address of the service packet returned by the service node 1 to the service routing trigger 1 carries the service identifier 100, and a VLAN identifier field carries the VLAN identifier 101. It is determined, according to the second policy information, that the service node sequence ends; then, according to a correspondence between the tenant identifier 100 and the VLAN identifier 101 in the second policy information, the VLAN identifier field is removed, the VxLAN tunnel is encapsulated, the tenant identifier 100 is encapsulated into the VxLAN tenant identifier of the VxLAN tunnel ID, and then routing and forwarding to another subnet of the tenant are performed.)
Wu is combined with Gerlach for the same reasons as claim 13.  

Regarding claim 21, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 13, wherein the datagrams are each transmitted within the data link layer tunnel via an unsecured transport layer connection between the respective firewall interface and the firewall system (Wu [0239] The service routing trigger 1 acquires the service identifier 10 from the source MAC address field of the service packet returned by the service node 1, and sends the user service packet whose source MAC address carries the service identifier 10 to the service routing trigger 2 by using a pre-established VxLAN tunnel. [0109] It should be noted that a service node generally has a reachable address, where the address of the service node may be an IP address or a MAC address.) (Examiner Note: Wu is not requiring encrypted/secured transport)
Wu is combined with Gerlach for the same reasons as claim 13.  

Regarding claim 23, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 13, wherein the data link layer tunnels between the respective firewall interface and the firewall system are set up in accordance with Internet Engineering Task Force (IETF) Request for Comments (RFC) 7348 (Wu, [0239] The service routing trigger 1 acquires the service identifier 10 from the source MAC address field of the service packet returned by the service node 1, and sends the user service packet whose source MAC address carries the service identifier 10 to the service routing trigger 2 by using a pre-established VxLAN tunnel.  [0260] The traffic classifier performs classification according to the flow filtering rule “subnet interworking filtering rule of the tenant 100”, which is in the first policy information, of the service routing sequence 100; encapsulates the service identifier 100 into a source MAC address field of a user service packet that is classified by the traffic classifier and belongs to the service node sequence 100; performs encapsulation of a VxLAN tunnel on a user service packet into which the service identifier 100 is encapsulated; encapsulates the tenant identifier 100 into a VxLAN tenant identifier of the VxLAN tunnel; and finally, sends, to the service routing trigger 1, a user service packet into which the service identifier 100 and the tenant identifier 100 are encapsulated.) (Examiner Note: RFC 7348 is for Virtual eXtensible Local Area Network)
Wu is combined with Gerlach for the same reasons as claim 13. 

Claim 25 is an apparatus claim for the method claim 13 and is rejected for the same reasons as claim 13.

Claims 18, 19, 22 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Gerlach (EP 2464059) in view of Wu (US 2016/0050141) in view of Strohmenger (2016/0274552) in view of Korunsky (US 2011/0214157).

Regarding claim 18, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 13, wherein each respective firewall interface (Gerlach [0005] each automation cell 100 is also assigned a security component “Security device” 104.)
Gerlach-Wu teach load balancing but do not teach redundantly configured and is connected to the firewall system in accordance with a Virtual Router Redundancy Protocol.
However Korunsky teaches redundantly configured and is connected to the firewall system in accordance with a Virtual Router Redundancy Protocol (Korunsky, [0154] The implementation of the flow processing facility 102 may include fully redundant elements and features that support complete redundancy. These elements and features may include the fans 222; the power supplies 220; the passive backplane 224; data-switch fabrics; control-switch fabrics; control processor module 208 with RAID-1 mirrored hard drives; active/active failover configuration between two switches; logical interface redundancy (such as and without limitation as may be provided by VRRP) … In one example, a data flow may be routed to a firewall application,)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Korunsky’s redundancy with Gerlach’s switching network node because doing so supports failover (Korunsky [0462] Systems built according to the architecture may support redundancy and/or failover with respect to elements of the systems.) 

Regarding claim 19, Gerlach, Wu, Strohmenger and Korunsky teach
the method as claimed in claim 13, wherein the plurality of automation cells are each redundantly connected to the industrial communications network in accordance with one of (i) a Rapid Spanning Tree Protocol, (ii) High-availability Redundancy Protocol and (iii) Media Redundancy Protocol (Korunsky, [0617] In an embodiment, a data flow processor may be configured to execute one or more applications for performing a spanning tree protocol for a network.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Korunsky’s spanning tree with Gerlach’s switching network node because doing so supports dynamic reconfiguring (Korunsky [0463] the systems that comply with the architecture may dynamically reconfigure themselves in response to a variety of factors.  Some of these factors, without limitation, may include a power failure, equipment failure, device failure, element failure, software failure, network failure)

Regarding claim 22, Gerlach, Wu and Strohmenger teach
the method as claimed in claim 21, wherein the datagrams are each transmitted within the data link layer tunnels between the respective firewall interface and the firewall system in accordance with a User Datagram Protocol (Wu [0239] The service routing trigger 1 acquires the service identifier 10 from the source MAC address field of the service packet returned by the service node 1, and sends the user service packet whose source MAC address carries the service identifier 10 to the service routing trigger 2 by using a pre-established VxLAN tunnel. [0095] The service node may be an application in OSI layer 3 to layer 7, for example, a firewall, or an NAT (Network Address Translation) device; the service node may be a service node instance; or the service node may be a network device such as a router, a switch, or a server.)  (Examiner Note: Wu teaches the service node application includes a firewall)
Wu is combined with Gerlach for the same reasons as claim 13.  
Gerlach does not explicitly teach User Datagram Protocol.  While the use of connection (TCP) or connectionless (UDP) communication is application dependent, and Wu teaches a firewall and VxLAN tunneling, in the interest of compact prosecution Korunsky is cited to teach UDP communication.
However Korunsky teaches User Datagram Protocol (Korunsky,  [0192] In the preferred embodiment, the data flow 444 is composed of an IP-packet sequence, such as may be associated with a connection-oriented protocol (e.g., TCP/IP) or a connectionless protocol (e.g., UDP/IP).)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Korunsky’s firewall processing of UDP packets with Gerlach’s switching network node because doing so improves secure network flow (Korunsky, [0010] The methods and systems disclosed herein for securing a computer resource include methods systems for providing a flow processing facility for processing a data flow,)

Regarding claim 24, Gerlach, Wu and Korunsky teach
the method as claimed in claim 13, wherein the firewall system checks datagrams transmitted by the firewall interfaces of the automation cells based on defined security rules, transmits successfully checked datagrams back to one of (i) a respective firewall interface and (Korunsky [0154] In one example, a data flow may be routed to a firewall application, then to an anti-virus application, then to a URL filter, then back to the firewall.) (ii) the respective firewall interface of a destination automation cell and rejects datagrams which do not comply with the defined security rules (Korunsky [0458] The flow processing facility 102 may facilitate content inspection as applied in a unified threat management application at the network layer. ... A network layer packet with such a violation may be acted upon by the UTM application to prevent the packet from reaching the network, and any and all connection or data flow 444 associated with the packet may be terminated or dropped.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Korunsky’s firewall processing with Gerlach’s switching network node because doing so improves secure network flow (Korunsky, [0010] The methods and systems disclosed herein for securing a computer resource include methods systems for providing a flow processing facility for processing a data flow,)

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Gerlach (EP 2464059) in view of Wu (US 2016/0050141) in view of Strohmenger (2016/0274552) in view of Edsall (US 2018/0115548).

Regarding claim 20, Gerlach, Wu and Strohmenger teach 
the method as claimed in claim 13, 
Gerlach teaches encryption (Gerlach [0007] applications that require encryption of the data traffic … the security device is designed as a VPN) but does not teach datagram  … encryption.  
However Edsall teaches the datagrams are each transmitted within the data link layer tunnels in encrypted form (Edsall  [0009] FIG. 3 is a flow chart depicting example egress operations to generate InsSec packets by encrypting VxLAN based packets in accordance with an embodiment;  [0017]  in which VxLAN packets 100 are transformed into InsSec packets 200 and routed over an InsSec tunnel.  [0023] In accordance with the present disclosure, various InsSec egress techniques are described herein in which the format of a received VxLAN packet 100 is manipulated to generate an InsSec packet 200.  … The VxLAN header 110 and the encapsulated packet payload 112 of the VxLAN packet 100 are encrypted using MACSec, thereby generating a MACSec payload 213 comprising an encrypted VxLAN header 210 and an encrypted encapsulated packet payload 212.) 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Edsall’s VxLAN encryption with Gerlach-Wu’s VPN and tunnels because doing so improved data security (Edsall, [0013] Techniques are provided herein to achieve data security and integrity using the cryptographic machinery of IEEE MACSec for TCP or UDP packets, for example, VxLAN, iVxLAN, and VxLAN-GPE packet.)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRUCE S ASHLEY/Examiner, Art Unit 2494                                                                                                                                                                                                        
/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        8-25-2022


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Applicant’s Published Application 2020/0220846 [0006]