Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a Final Office action in response to communications received May 24, 2022.  Claims 1, 2, 8, 9, and 15 have been amended.  Therefore, claims 1-20 are pending and addressed below. 

Response to Amendments
Applicant’s amendments to claims 1, 2, 8, 9, 15 are sufficient to overcome the 35 USC 112 rejection of claims 1, 2, 8, 9, 15, rejections set forth in previous office action.  Therefore the rejections are withdrawn.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 7-10, 14-16, 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Taylor et al. (US2013/0246627 A1, publish date 09/19/2013).

Claim 1:
With respect to claim 1, Taylor et al. discloses a method (Figure 2), comprising: 
receiving, at the device at the network layer, data for transmission (When a connection establishing request is received, 0024) (The computer program includes a first module located in an application layer, a second module located in a network layer, and a third module located in a kernel space and configured to examine a number of packets received by the computer network from at least one outside network and to forward the number of packets to one of the first and second modules after examining the number of packet, abstract);
determining, by the device at the network layer, a security level for the data (The method further includes the steps of filtering the first packet in one of at least two levels of security comprising a first level of security which examines the content information of the packet and a second level of security which examines the first packet excluding the content information of the packet, abstract);
determining, by the device at the network layer, at least one network connection of a plurality of network connections to transmit the data in a data packet based, at least in part, on the security level (determining at the first security level whether to establish the data communication connection based on at least one attribute of the physical connection, establishing a data communication connection between the computer network and the outside network, Claims 2, 3) and an association of the network connection with the security level (A new connection is created by modifying a connection list. The connection list, as the name implies, includes a list of currently active or soon to be active connections and relevant information thereof, 0050) (filtering the packet in one of at least two levels of security comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer; determining the level of security based on, in part, the header information of the first packet, thereby providing an appropriate level of security to the computer network; and determining which one of the at least two security level filters to apply depending on the level of security to any additional packet received from a data connection subsequent to the first packet; when the first level of security is determined to be applied, applying a filter at the application layer examining the content information of any additional packet received from the data connection subsequent to the first packet” Claim 1); and 
transmitting, by the device, the data packet over the at least one network connection (the connection exists in the connection list then that connection is used for new UDP packets received on the same connection, 0051).

Claims 2, 9:
With respect to claims 2, 9, Taylor et al. discloses wherein the determining a packet security level for the data comprises receiving an indication of the security level from an application layer (comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer, Claim 1).

Claims 3, 10, 16:
With respect to claims 3, 10, 16, Taylor et al. discloses wherein receiving the indication comprises receiving information through an application interface for passing information from a software module executing in a user mode to a software module executing in a kernel mode (proxy 211 preferably utilizes the application level socket interface to interact with DPF 207 in the kernel., 0074) (The computer program includes a first module located in an application layer, a second module located in a network layer, and a third module located in a kernel space and configured to examine a number of packets received by the computer network from at least one outside network and to forward the number of packets to one of the first and second modules after examining the number of packets., Abstract).

Claims 7, 14:
With respect to claims 7, 14, Taylor et al. discloses further comprising associating the plurality of network connections with security levels to form associations, the associations indicating security levels of data that may be transmitted over each of the plurality of network connections (filtering the packet in one of at least two levels of security comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer; determining the level of security based on, in part, the header information of the first packet, thereby providing an appropriate level of security to the computer network; and determining which one of the at least two security level filters to apply depending on the level of security to any additional packet received from a data connection subsequent to the first packet; when the first level of security is determined to be applied, applying a filter at the application layer examining the content information of any additional packet received from the data connection subsequent to the first packet, Claim 1)

Claim 8:
With respect to claim 8, Taylor et al. discloses an apparatus (Figure 2), comprising: 
a memory; and a processor coupled to the memory (the computer programs are read to a random access memory to be executed by a processor, 0036) and configured to perform steps comprising:
receiving, at the device at the network layer, data for transmission (When a connection establishing request is received, 0024) (The computer program includes a first module located in an application layer, a second module located in a network layer, and a third module located in a kernel space and configured to examine a number of packets received by the computer network from at least one outside network and to forward the number of packets to one of the first and second modules after examining the number of packet, abstract);
determining, by the device at the network layer, a security level for the data (The method further includes the steps of filtering the first packet in one of at least two levels of security comprising a first level of security which examines the content information of the packet and a second level of security which examines the first packet excluding the content information of the packet, abstract);
determining, by the device at the network layer, at least one network connection of a plurality of network connections to transmit the data in a data packet based, at least in part, on the security level (determining at the first security level whether to establish the data communication connection based on at least one attribute of the physical connection, establishing a data communication connection between the computer network and the outside network, Claims 2, 3) and an association of the network connection with the security level (A new connection is created by modifying a connection list. The connection list, as the name implies, includes a list of currently active or soon to be active connections and relevant information thereof, 0050) (filtering the packet in one of at least two levels of security comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer; determining the level of security based on, in part, the header information of the first packet, thereby providing an appropriate level of security to the computer network; and determining which one of the at least two security level filters to apply depending on the level of security to any additional packet received from a data connection subsequent to the first packet; when the first level of security is determined to be applied, applying a filter at the application layer examining the content information of any additional packet received from the data connection subsequent to the first packet” Claim 1); and 
transmitting, by the device, the data packet over the at least one network connection (the connection exists in the connection list then that connection is used for new UDP packets received on the same connection, 0051).


Claim 15:
With respect to claim 15, Taylor et al. discloses an information handling system
(providing multilevel security to a computer network, Abstract) (Figure 2), comprising: 
a first network adaptor configured to transmit data over a first network connection of a plurality of network connections (NIC 203, also known as an adapter interface, is a hardware attachment, usually a computer expandable board, that connects firewall 201 to outside networks, 0037) (Figure 2); 
a second network adaptor configured to transmit data over a second network connection of a plurality of network connections (DPF 207 determined whether the received packet is a connection control packet which requests to establish a data communication connection, 0039) (Figure 2)
a memory; and a processor (the computer programs are read to a random access memory to be executed by a processor, 0036) coupled to the first network adaptor, to the second network adaptor (NAT 205, DPF 207, UD-SPF 209, TPF 215, local TCP/IP 213 and OG-DPF 217 are located in the kernel space, 0034, Figure 2), and to the memory, wherein the processor is configured to perform steps comprising: 
associating the plurality of network connections with security levels to form associations, the associations indicating security levels of data that may be transmitted over each of the plurality of network connections (The method further includes the steps of filtering the first packet in one of at least two levels of security comprising a first level of security which examines the content information of the packet and a second level of security which examines the first packet excluding the content information of the packet, abstract), including a first security level for the first network adaptor and a second security level for the second network adaptor (The method further includes the steps of filtering the first packet in one of at least two levels of security comprising a first level of security which examines the content information of the packet and a second level of security which examines the first packet excluding the content information of the packet, abstract); 
receiving, at the network layer, data for transmission (When a connection establishing request is received, 0024) (The computer program includes a first module located in an application layer, a second module located in a network layer, and a third module located in a kernel space and configured to examine a number of packets received by the computer network from at least one outside network and to forward the number of packets to one of the first and second modules after examining the number of packet, abstract);
determining, at the network layer, a security level for the data (The method further includes the steps of filtering the first packet in one of at least two levels of security comprising a first level of security which examines the content information of the packet and a second level of security which examines the first packet excluding the content information of the packet, abstract), wherein the determining the packet security level for the data comprises receiving an indication of the security level from an application layer (comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer, Claim 1);
determining, at the network layer, at least one network connection of a plurality of network connections to transmit the data in a data packet based, at least in part, on the security level (determining at the first security level whether to establish the data communication connection based on at least one attribute of the physical connection, establishing a data communication connection between the computer network and the outside network, Claims 2, 3) and an association of the network connection with the security level (A new connection is created by modifying a connection list. The connection list, as the name implies, includes a list of currently active or soon to be active connections and relevant information thereof, 0050) (filtering the packet in one of at least two levels of security comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer; determining the level of security based on, in part, the header information of the first packet, thereby providing an appropriate level of security to the computer network; and determining which one of the at least two security level filters to apply depending on the level of security to any additional packet received from a data connection subsequent to the first packet; when the first level of security is determined to be applied, applying a filter at the application layer examining the content information of any additional packet received from the data connection subsequent to the first packet” Claim 1); and
transmitting the data packet over the at least one network connection (the connection exists in the connection list then that connection is used for new UDP packets received on the same connection, 0051).

Claim 20:
With respect to claim 20, Taylor et al. discloses wherein the processor is configured to execute a driver (the kernel may include device drivers, 0034) operating at the network layer for accessing the first network adaptor (NIC 203, also known as an adapter interface, 0037) and the second network adaptor (NAT 205, DPF 207, UD-SPF 209, TPF 215, local TCP/IP 213 and OG-DPF 217 are located in the kernel space, 0034, Figure 2), and wherein the processor is configured to execute a filtering platform, wherein the filtering platform provides an application interface to the network layer for receiving the indication of the security level from the application layer (filtering the packet in one of at least two levels of security comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer, Claim 1).





Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 4-6, 11-13, 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Taylor et al. (US2013/0246627 A1, publish date 09/19/2013) in view of Raleigh et al. (US2014/0094159 A1, publish date 04/03/2014).

Claims 4, 11, 17:
With respect to claims 4, 11, 17, Taylor et al. discloses the limitations of claims 2, 9, 15, as addressed. 

Taylor et al. does not disclose wherein the determining the at least one network connection is further based, at least in part, on an application priority level associated with the data packet as claimed.

Raleigh et al. teaches the VOIP channel employs another layer of application level security on the aggregated VOIP traffic trunk before it is placed on the secure IP transport layer, for implementing a secure control channel over the Internet including, for example, one or more of various packet encryption protocols running at or just below the application layer, running TCP Transport Layer Security (TLS), and running IP level security or secure tunnels (0121),  wherein the determining the at least one network connection is further based, at least in part, on an application priority level associated with the data packet (a higher priority level means that the application or utility/function is granted higher relative priority for network access (e.g., a priority level 10 can provide for guaranteed network access and a priority level 0 can provide a blocked network access, while priority levels between 1 through 9 can provide relatively increasing prioritized network access potentially relative to allocated network access and other services requesting network access), 0469-0470) (a network capacity controlled services priority level chart: various applications, Figure 39).

Taylor et al. and Raleigh et al. are analogous art because they are from the same field of endeavor of network communications.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Raleigh et al. in Taylor et al. for wherein the determining the at least one network connection is further based, at least in part, on an application priority level associated with the data packet as claimed for purposes of enhancing the computer network system of Taylor et al. by providing intelligent network monitoring to provide real-time traffic monitoring network service usage (e.g., at the packet level/layer, network stack application interface level/layer, and/or application level/layer) of the wireless network (see Raleigh et al. 0073)

Claims 5, 12, 18:
With respect to claims 5, 12, 18, the combination of Taylor et al. and Raleigh et al. discloses the limitations of claims 2, 9, 17, as addressed. 

Raleigh et al. teaches wherein determining the application priority level comprises receiving an indication of the application priority level from the application layer (a higher priority level means that the application or utility/function is granted higher relative priority for network access (e.g., a priority level 10 can provide for guaranteed network access and a priority level 0 can provide a blocked network access, while priority levels between 1 through 9 can provide relatively increasing prioritized network access potentially relative to allocated network access and other services requesting network access), 0469-0470) (a network capacity controlled services priority level chart: various applications, Figure 39)

Taylor et al. and Raleigh et al. are analogous art because they are from the same field of endeavor of network communications.

The motivation for combing Taylor et al. and Raleigh et al. is recited in claims 4, 11, 17.


Claims 6, 13, 19:
With respect to claims 6, 13, 19, the combination of Taylor et al. and Raleigh et al. discloses the limitations of claims 4, 11, 17, as addressed. 

Taylor et al. discloses wherein determining the at least one network connection (When a connection establishing request is received, 0024) comprises:
determining a secure network connection from the plurality of network connections for transmission of the data in a first condition when the security level corresponds to secure data;
determining any of the plurality of network connections for transmission of the data in a second condition when the packet security level corresponds to insecure data; and
determining an insecure network connection from the plurality of network connections for transmission of the data in a third condition when the data packet does not correspond to the first condition and does not correspond to the second condition (filtering the packet in one of at least two levels of security comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer; determining the level of security based on, in part, the header information of the first packet, thereby providing an appropriate level of security to the computer network; and determining which one of the at least two security level filters to apply depending on the level of security to any additional packet received from a data connection subsequent to the first packet; when the first level of security is determined to be applied, applying a filter at the application layer examining the content information of any additional packet received from the data connection subsequent to the first packet, Claim 1)

Raleigh et al. teaches the VOIP channel employs another layer of application level security on the aggregated VOIP traffic trunk before it is placed on the secure IP transport layer, for implementing a secure control channel over the Internet including, for example, one or more of various packet encryption protocols running at or just below the application layer, running TCP Transport Layer Security (TLS), and running IP level security or secure tunnels (0121), a second condition when the packet security level corresponds to insecure data and the application priority level corresponds to high-priority data (a higher priority level means that the application or utility/function is granted higher relative priority for network access (e.g., a priority level 10 can provide for guaranteed network access and a priority level 0 can provide a blocked network access, while priority levels between 1 through 9 can provide relatively increasing prioritized network access potentially relative to allocated network access and other services requesting network access), 0469-0470) (a network capacity controlled services priority level chart: various applications, Figure 39)

Taylor et al. and Raleigh et al. are analogous art because they are from the same field of endeavor of network communications.

The motivation for combing Taylor et al. and Raleigh et al. is recited in claims 4, 11, 17.



Response to Remarks/Arguments
Applicant's arguments filed on May 24, 2022 have been fully considered but they are not persuasive.  In the remarks, Applicant argues that:

Claims 1 and 8:
(1) Taylor’s step of applying a security level to an individual packet does not include the step of using an association of security levels to the list of network connections in order to determine which connection will be used for transmitting the received data based on that security level. There is no disclosure in Raleigh that the application priority level is “associated with the data packet” as claimed.  Thus, the cited prior art references do not disclose or suggest, individually or in combination, “the determining the at least one network connection is further based, at least in part, on an application priority level associated with the data packet” as recited in Applicant’s claims.

In response to remark/argument (1), Examiner respectfully disagrees.  Taylor et al. discloses “A new connection is created by modifying a connection list. The connection list, as the name implies, includes a list of currently active or soon to be active connections and relevant information thereof” (0050), “filtering the packet in one of at least two levels of security comprising a first level of security which examines the content information of the first packet at an application layer and a second level of security which examines the first packet excluding the content information therein at an network layer; determining the level of security based on, in part, the header information of the first packet, thereby providing an appropriate level of security to the computer network; and determining which one of the at least two security level filters to apply depending on the level of security to any additional packet received from a data connection subsequent to the first packet; when the first level of security is determined to be applied, applying a filter at the application layer examining the content information of any additional packet received from the data connection subsequent to the first packet” Claim 1.  Therefore, Examiner maintains that Taylor et al. does teach and suggest this limitation. 


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433