Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/11/2022 has been entered.
Claims 1-14,16-17,19-22 are pending.

Examiner’s Amendments 
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a communication with Attorney of Record Robert Mazzarese on 8/30/2022. 
Please amend claims 1, 4 and 20 as follows:

1. (Currently Amended) A computer program product comprising computer executable code embodied on a non-transitory computer readable medium that, when executing on one or more processors of a network translation device that couples a subnet including a plurality of endpoints to an enterprise network, causes the network translation device to perform the steps of:
translating address information between a first routing prefix for the subnet and a second routing prefix for a network external to the subnet;
receiving a notification of a detection of a compromised one of the plurality of endpoints on the subnet from a threat management facility separated from the compromised one of the plurality of endpoints by the network translation device, the threat management facility using a different address space than the plurality of endpoints, wherein the notification received at the network translation device from the threat management facility outside the subnet includes an identifier for the compromised one of the plurality of endpoints using a subnet address for the compromised one of the plurality of endpoints within the subnet, the subnet address provided in a heartbeat message to the threat management facility by one of the plurality of endpoints on the subnet using a control channel between the one of the plurality of endpoints on the subnet and the threat management facility outside the subnet; 
in response to the notification, blocking traffic between the compromised one of the plurality of endpoints and the enterprise network outside the subnet; and 
directing one or more of the plurality of endpoints on the subnet that are managed by the threat management facility, other than the compromised one of the plurality of endpoints, to stop network communications on the subnet with the compromised one of the plurality of endpoints while maintaining network communications on the subnet with other endpoints.  
2. (Previously Presented) The computer program product of claim 1 wherein the detection of the compromised one of the plurality of endpoints is based on an omission of an expected heartbeat from the compromised one of the plurality of endpoints.  
3. (Previously Presented) The computer program product of claim 1 wherein the detection of the compromised one of the plurality of endpoints is based on an error in content of a heartbeat from the compromised one of the plurality of endpoints.  
4. (Currently Amended) A method for operating a network device that couples a subnet including a plurality of endpoints to an enterprise network, the method including: 
receiving a notification of a detection of a compromised one of the plurality of endpoints on the subnet from a threat management facility separated from the compromised one of the plurality of endpoints by the network device that performs a network address translation for the subnet, the threat management facility using a different address space than the plurality of endpoints, wherein the notification received at the network device from the threat management facility outside the subnet includes an identifier for the compromised one of the plurality of endpoints using a subnet address for the compromised one of the plurality of endpoints within the subnet, the subnet address provided in a heartbeat message to the threat management facility by one of the plurality of endpoints on the subnet using a control channel between the one of the plurality of endpoints on the subnet and the threat management facility outside the subnet; 
in response to the notification, blocking traffic between the compromised one of the plurality of endpoints and the enterprise network outside the subnet; and 
directing one or more of the plurality of endpoints on the subnet that are managed by the threat management facility to stop network communications on the subnet with the compromised one of the plurality of endpoints while maintaining network communications on the subnet with other ones of the plurality of endpoints.  
5. (Previously Presented) The method of claim 4 wherein the detection of the compromised one of the plurality of endpoints includes receiving a notification from the compromised one of the plurality of endpoints.  
6. (Previously Presented) The method of claim 4 wherein the detection of the compromised one of the plurality of endpoints includes receiving a notification from one of the plurality of endpoints other than the compromised one of the plurality of endpoints.  
7. (Previously Presented) The method of claim 4 wherein the detection of the compromised one of the plurality of endpoints includes detecting potentially malicious traffic to or from the compromised one of the plurality of endpoints at the network device.  
8. (Original) The method of claim 7 further comprising querying each of the endpoints coupled to the subnet to identify a source of the potentially malicious traffic.  
9. (Previously Presented) The method of claim 8 further comprising: when the source is identified, preventing network communications through the network device by the source; and when the source is not identified, preventing network communications by any of the endpoints through the network device.  
10. (Previously Presented) The method of claim 4 wherein the detection of the compromised one of the plurality of endpoints includes receiving a notification from a firewall in the enterprise network outside the subnet.  
11. (Previously Presented) The method of claim 4 further comprising, in response to receiving notification of the compromised one of the plurality of endpoints, directing communications from the one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints through a virtual private network.  
12. (Original) The method of claim 11 wherein the virtual private network physically passes through the network device.  
13. (Original) The method of claim 11 wherein the virtual private network physically circumvents the network device.  
14. (Original) The method of claim 4 further comprising determining a security status of each of the one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints and permitting network communications through the network device only from devices meeting one or more security conditions.  
15. (Canceled)  
16. (Original) The method of claim 14 wherein the one or more security conditions include an indication of security compliance from a local security agent.  
17. (Original) The method of claim 4 further comprising translating network traffic at the network device between a first routing prefix for the subnet and a second routing prefix for a network external to the subnet.  
18. (Canceled)  
19. (Previously Presented) The method of claim 4 wherein the network device includes at least one of a router, a network device, and a gateway.  
20. (Currently Amended) A network device comprising: 
a first network interface to an external network; 
a second network interface to a subnet; 
one or more processors; and 
a memory bearing instructions executable by the one or more processors to translate network traffic between a first routing prefix for the external network and a second routing prefix for the subnet, the memory further bearing instructions executable by the one or more processors to secure a plurality of endpoints connected to the subnet by receiving a notification of a detection of a compromised one of the plurality of endpoints on the subnet from a threat management facility separated from the compromised one of the plurality of endpoints by the network device that performs a network address translation for the subnet, the threat management facility using a different address space than the plurality of endpoints, wherein the notification received at the network device from the threat management facility outside of the subnet includes an identifier for the compromised one of the plurality of endpoints using a subnet address for the compromised one of the plurality of endpoints within the subnet, the subnet address provided in a heartbeat message to the threat management facility by one of the plurality of endpoints on the subnet using a control channel between the one of the plurality of endpoints on the subnet to the threat management facility outside the subnet, in response to the notification, blocking traffic between the compromised one of the plurality of endpoints and the external network outside the subnet, and directing one or more of the plurality of endpoints on the subnet that are managed by the threat management facility to stop network communications on the subnet with the compromised one of the plurality of endpoints while maintaining network communications on the subnet with other ones of the plurality of endpoints.  
21. (Canceled)  
22. (Previously Presented) The computer program product of claim 1, wherein the control channel includes a bidirectional control channel.   

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/18/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Allowed Claims
Claims 1-14,16-17,19-20, 22 are allowed, in view of the examiner’s amendments above.

Reason for Allowance

 This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104 (e). In this case, the substance of applicant's remarks filed on 8/30/2022 with respect to the amended claim limitations along with the examiner’s amendments point out the reason claims are patentable over the prior art of record. Thus, the reason for allowance is in all probability evident from the record and no statement for examiner's reason for allowance is necessary (see MPEP 13202.14).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        9/3/2022