Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Status of the Claims
This office action is in response to claims filed on 26 January 2021, the provisional application filed on 09 October 2012 is considered.
 Claims 1-19 are rejected and pending; Claims 1, 10 and 19 are independent claims.

Information Disclosure Statement
The information disclosure statements (IDS)s submitted on 08/08/2022, 04/18/2022, 12/17/2021, 09/20/2021 and 04/23/2021  are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-19 are rejected on the ground of nonstatutory double patenting over claims 1-19 of U.S. Patent No. 9,973,501 B2 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter, as follows: See side-by-side claim comparison below.
US Patent No.: 9,973,501 B2
Instant application
1. A method comprising: 
establishing, by a secure transaction device having a secure transaction device processor, redirection protocols in a host device having a host device processor different than the secure transaction device processor, the redirection protocols redirecting at least a portion of network traffic to the secure transaction device, the secure transaction device configured to use network configuration details of the host device to mimic the host device to render the secure transaction device transparent to a remote network resource;
 obtaining, by the secure transaction device, a security policy from a policy management system that is remote from the secure transaction device and from the host device; 
receiving, by the secure transaction device, outbound network traffic originated by a host application on the host device, the outbound network traffic directed to a secure network resource that is remote from the secure transaction device and from the host device; 
determining, by the secure transaction device, using the security policy, whether the host application is authorized to access the secure network resource; 
if the secure transaction device determines that the host application is authorized to access the secure network resource, transmitting the outbound network traffic over a secure tunnel to the secure network resource; and 
if the secure transaction device determines that the host application is not authorized to access the secure network resource, disallowing the outbound network traffic to be forwarded over the secure tunnel to the secure network resource.
1. A method comprising: 
establishing, by a secure transaction device having a secure transaction device processor, redirection protocols in a host device having a host device processor different than the secure transaction device processor, the host device having a host device network connection, the secure transaction device having a secure transaction device network connection different than the host device network connection, the redirection protocols causing the host device to redirect all network traffic to the secure transaction device when the secure transaction device is coupled to the host device and not to redirect all network traffic to the secure transaction device when the secure transaction device is not coupled to the host device, the secure transaction device network connection configured to use network configuration details of the host device network connection to mimic the host device network connection to render the secure transaction device transparent to a remote network resource; 
receiving, by the secure transaction device, outbound network traffic originated by a host application on the host device, the outbound network traffic directed to the remote network resource, the remote network resource being remote from the secure transaction device and from the host device; 
when the secure transaction device is coupled to the host device, establishing, by the secure transaction device, a secure tunnel between the host device via the secure transaction device network interface to the remote network resource; 
transmitting the outbound network traffic from the host application via the secure tunnel to the remote network resource; and 
when the secure transaction device is not coupled to the host device, transmitting the outbound network traffic from the host application via the host device network connection to the remote network resource.


Furthermore, there is no apparent reason why applicant was prevented from presenting claims corresponding to those of the instant application during prosecution of the application which matured into a patent. See In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968). See also MPEP § 804.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim 19 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over NARAYANASWAMY et al. US Pub. No.: 2013/0074144 A1 (herein after NARAYANASWAMY) in view of Rolette et al. US Pub. No.: 2012/0216273 A1 (hereinafter Rolette).

NARAYANASWAMY teaches:
As to claim 1, a method comprising: 
receiving, by the secure transaction device, outbound network traffic originated by a host application on the host device, the outbound network traffic directed to the remote network resource, the remote network resource being remote from the secure transaction device and from the host device (see Narayanaswamy Figs. 5-6, receive information from client (i.e. host device having a host processor of a host application directed to a secure resource) ¶19, device that performs security related functions associated with accessing resources in network 100 (i.e. secure resource configured to provide a secure transaction)); 
when the secure transaction device is coupled to the host device, establishing, by the secure transaction device, a secure tunnel between the host device via the secure transaction device network interface to the remote network resource (see Narayanaswamy ¶19, applications executed by clients 110 to facilitate determinations associated with granting, denying or limiting access to various resources); 
transmitting the outbound network traffic from the host application via the secure tunnel to the remote network resource (see Narayanaswamy ¶19, applications executed by clients 110 to facilitate determinations associated with granting, denying or limiting access to various resources; 29, receives data transmitted in network 100, such as data transmitted from clients 110 to server 130 and vice versa); and 
when the secure transaction device is not coupled to the host device, transmitting the outbound network traffic from the host application via the host device network connection to the remote network resource (see Narayanaswamy ¶19, applications executed by clients 110 to facilitate determinations associated with granting, denying or limiting access to various resources).
NARAYANASWAMY does not explicitly teach but the related art Rolette teaches:
establishing, by a secure transaction device having a secure transaction device processor, redirection protocols in a host device having a host device processor different than the secure transaction device processor, the host device having a host device network connection, the secure transaction device having a secure transaction device network connection different than the host device network connection, the redirection protocols causing the host device to redirect all network traffic to the secure transaction device when the secure transaction device is coupled to the host device and not to redirect all network traffic to the secure transaction device when the secure transaction device is not coupled to the host device, the secure transaction device network connection configured to use network configuration details of the host device network connection to mimic the host device network connection to render the secure transaction device transparent to a remote network resource (see Rolette Fig. 5 and ¶¶16, 33¶43, security device external to a host device receives from the host device over an egress tunnel associated with the host device a redirected packet intended for a virtual machine implemented by the host device. The security device determines whether the packet is permissible based on a security policy); 
	Therefore, it would have been obvious to one with ordinary skill in the art at the time the invention was made to modify the application identification disclosed by Narayanaswamy to include the securing a virtual environment, as thought by Rolette, in order to include security device/processor external to a host device/processor. It would have been obvious to one of ordinary skill in the art to include the external secure transaction device to secure resources in order to improved access control solutions.


As to claim 2, the combination of NARAYANASWAMY and Rolette teaches the method of claim 1, wherein the host application comprises a stand-alone application resident on the host device, or an interface resident on the host device that cooperates with a server application resident on at least one server (see Narayanaswamy ¶20, Server 130 may include a server/computing device, or a set of servers/computing devices, that provides clients 110 with access to various resources in network 100. In some implementations, the network resources reside on server 130. In other implementations, the network resources may be located externally with respect to server).

As to claim 3, the combination of NARAYANASWAMY and Rolette teaches the method of claim 1, further comprising determining whether the host application is authorized to access the remote network resource (see Narayanaswamy ¶19, device that performs security related functions associated with accessing resources in network 100).

As to claim 4, the combination of NARAYANASWAMY and Rolette teaches the method of claim 3, wherein the determining whether the host application is authorized to access the remote network resource comprises looking up permissions of the host application on the security policy (see Narayanaswamy Fig. 6, identify access policy associated with application apply access policy).

As to claim 5. the combination of NARAYANASWAMY and Rolette teaches The method of claim 1, further comprising determining whether a user of the host application has permission to access sensitive information on the remote network resource (see Narayanaswamy ¶4, limit access to network resources based on various authentication procedures designed to limit access to only authorized users executing approved applications).

As to claim 6, the combination of NARAYANASWAMY and Rolette teaches the method of claim 1, wherein the secure transaction device is a device coupled externally to the host device (see Narayanaswamy Figs. 1 and 3, network device (i.e. secure transaction device externally coupled to the host transaction device).

As to claim 7, the combination of NARAYANASWAMY and Rolette teaches the method of claim 1, wherein the secure transaction device is a device coupled internally to the host device (see Rolette ¶64, secure transaction device coupled/configured internally/externally to the host device).

As to claim 8, the combination of NARAYANASWAMY and Rolette teaches the method of claim 1, wherein the establishing redirection protocols in the host device includes injecting redirection code into an operating system of the host device (see Rolette ¶43, intercepted at the traffic interception & redirection modules (140, 145) of the host device (110)).

As to claim 9, the combination of NARAYANASWAMY and Rolette teaches the method of claim 1, wherein the network configuration details include network protocols and network addresses (see Rolette ¶42, packet designates the Internet Protocol (IP) address of the first virtual machine (120-1) as its source and the IP address of the second virtual machine (120-2) as its destination).

As to independent claim 10, this claim is directed to a secure transaction device executing the method of claim 1; therefore it is rejected along similar rationale.
As to independent claim 19, this claim directed to a non-transitory computer-readable medium comprising one or more processors and memory configured to store computer program instructions executing the method of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 11-18, these claims contain substantially similar subject matter as claim 2-9; therefore they are rejected along the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/             Examiner, Art Unit 2433              

/JEFFREY C PWU/             Supervisory Patent Examiner, Art Unit 2433