Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 08/18/2022 has been entered.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 08/18/2022, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. Paul L. Sharer (Reg. No. 36,004) on February 7th, 2022.  During the telephone conference, Mr. Paul has agreed and authorized the Examiner to amend claim 317 and to cancel claims 307-316 and 324. 
The application has been amended as follows:
CLAIMS
307-316. (Cancelled)
317. (Currently Amended) An edge device comprising a network interface controller (NIC) hardware processor, a communication parameters file, and software components executable by the hardware processor, the software components comprising:
i)	a networking stack;
ii)	an application program comprising an API command to the networking stack; and
iii)	a network security program executable to perform communication management operations, the communication management operations comprising:
a)	authorizing one or more networking stack functions triggered by the API command, comprising: 
I)	obtaining an application identifier and process owner associated with an instance of the application program, and further obtaining a port number and a NIC address associated with the API command;
II)	parsing the communication parameters file to obtain a nonpublic application code and a nonpublic user code associated with the port number paired with the NIC address; and
III) confirming the nonpublic application code corresponds to the application identifier and further confirming the nonpublic user code corresponds to the process owner; and
b)	forming a configured network communication pathway between the application program instance and a remote program operated by a remote user on a remote device, comprising: 
I)	sending a first configuration packet from the device to the remote device, the first configuration packet containing a nonpublic device identifier for the device in a portion of the first configuration packet;
II)	receiving a second configuration packet from the remote device, the second configuration packet containing a first remote parameter in a first portion of the second configuration packet and a second remote parameter in a second portion of the second configuration packet; and
III)	matching the first remote parameter to a nonpublic remote application code that is associated with the port number in the communication parameters file, and further matching the second remote parameter corresponds to a nonpublic remote user code that is associated with the port number in the communications parameter file,
wherein the communication management operations further comprise: preventing the port number from being used by any communication pathway except for the configured network communication pathway.
318. (Previously Presented) The device of claim 317, wherein the API command is a bind command.
319. (Previously Presented) The device of claim 317, wherein the API command is a connect command.
320. (Previously Presented) The device of claim 317, wherein the configured network communication pathway is at least partially encrypted.
321. (Previously Presented) The device of claim 317, wherein the network security program is installed during production of the device.
322. (Previously Presented) The device of claim 317, wherein the obtaining is performed in a kernel space of the edge device.
323. (Previously Presented) The device of claim 317, wherein the confirming is performed in a kernel space of the edge device.
324. (Cancelled)  
325. (Previously Presented) The device of claim 317, wherein the communication management operations further comprise: preventing all user-applications on the edge device from directly connecting to remote computing devices.
326. (Previously Presented) The device of claim 317, wherein the communication management operations further comprise:
i) 	receiving a series of further network packets, the series of further network packets comprising (a) application data, and (b) encrypted parameters in application layer portions of the further network packets;
ii) 	decrypting the encrypted parameters using decryption keys to obtain decrypted parameters; and
iii) 	verifying that the decrypted parameters match the nonpublic remote application code prior to passing the application data to the application program.
Allowable Subject Matter
 Claims 317-323 and 325-326 are allowed in light of the Applicant’s arguments/amendments and in light of the prior art made of record.
 The following is an examiner’s statement of reasons for allowance: 
As to claims 317-323 and 325-326, the closest prior arts, Verzun (US 2016/0219024), in view of Korsunsky (US 2011/0214157), in view of Shiomi (US 2002/0049719), in view of Koodli (US 2007/0198837), in view of Ogawa (US 2013/0195109) and further in view of Centrify (“Zero Trust Security: A New Paradigm for a Changing World”) herein after Centrify, alone or in combination fails to anticipate or render obvious the claim invention.  
Verzun (prior art) discloses to enhance security, encryption and decryption by Layer 6 can be restricted to authorized senders and recipients whose identity is confirmed a priori via a Layer 5 authentication procedure and Layer 4, transport header containing its own source port number with an ad hoc value of; The resulting IP packet includes destination IP address, the destination port, along with its source IP address "NB", and its ad hoc port. Since the destination port represents the control port for requesting file transfer services, file server knows that notebook is requesting a file and expects login information to confirm the packet's - See par. 0252, 0285 and 0309-0312 of Verzun.
Korsunsky (prior art) discloses a method of providing packet data flow by comparing packet attributes, and further discloses routing data based on application identifiers, and identifying threats; Network management systems and methods may monitor any and all performance metrics that may be associated with a networked computing environment and, perhaps in response to this monitoring, may adjust any and all parameters or aspects of the networked computing environment so that the performance metrics are returned to and/or maintained at predetermined, estimated, calculated, or otherwise specified levels- See par. 0052, 0128, 0579 and 0583 of Korsunsky.
Shiomi (prior art) discloses a method of transmitting app IDs to facilitate operation; searches the table for the resource name corresponding to the received application ID, and collects the resource specified by the resource name and compares the received application ID with the read application ID- See par. 0081, 0088 and 0098 of Shiomi.
Koodli (prior art) discloses a mechanism for establishing a secure communication between network elements in a communication network; wherein the system performs the steps of forming a second network packet including a second payload, and at least one of a local program identification code, and a data model identification code, and executing at least one instruction to send the second network packet to network security software on the one of the plurality of networked computing devices via a secure communication pathway - See par. 0033, 0038 and 0066 of Koodli.
Ogawa (Prior art) discloses a network gateway apparatus which adds encryption to easily implement secure communication without affecting network environment settings includes two network interface cards to communicate on two networks. The processor of the network gateway apparatus initializes communications through the network interface cards and uses a TCP/IP protocol stack to communicate through the network interface cards and a packet is sent to the inside NIC 104 by the TCP/IP protocol stack 205, the address conversion unit 203 refers to the inside NIC address table 209, which includes the transmission origin MAC address, the transmission origin IP address, the transmission origin port number, the destination MAC address, destination IP address, and destination port number originally attached to the packet, using the port number as an index to identify this information in the table- See the abstract and par. 0046-0049 of Ogawa.
Centrify (prior art) discloses Zero Trust Security, verify the user (Zero Trust Security’s Verify-the-User component. Organizations can evaluate attributes and behavior to determine the amount of verification), Verify their device (Verifying their device also involves ensuring devices are only allowed access if they meet certain Security requirements), authorization into business applications and Behavior analytics are used to ascertain the risk level of individual transactions and decide in real-time whether or not to allow them- See pages 4-6 of Centrify.
However, none of Verzun, Korsunsky, Shiomi, Koodli, Ogawa and Centrify teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claim 317.  For example, none of the cited prior art teaches or suggest the steps of parsing the communication parameters file to obtain a nonpublic application code and a nonpublic user code associated with the port number paired with the  network interface controller (NIC) address; forming a configured network communication pathway between the application program instance and a remote program operated by a remote user on a remote device comprising: sending from the device to the remote device, the first configuration packet containing a nonpublic device identifier for the device; receiving a second configuration packet containing a first remote parameter and a second remote parameter; matching the first remote parameter to a nonpublic remote application code that is associated with the port number in the communication parameters file, and the second remote parameter corresponds to a nonpublic remote user code that is associated with the port number in the communications parameter file and preventing the port number from being used by any communication pathway except for the configured network communication pathway. 
These limitations, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  For these reasons, as well as the other limitations and in the light of amendments to the claims of the independent claims, puts these claims in condition for allowance.
Claims 318-323 and 325-326 are directly or indirectly dependent upon claim 317 therefore, they are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Primary Examiner, Art Unit 2495