DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	This office action is in reply to amendment filed on June 15, 2022. Claims 1, 2 and 4-22 are pending. 
Response to Arguments
Applicant's arguments filed June 15, 2022 have been fully considered but they are not persuasive. 
Applicant argues that the prior art does not teach ‘determining, based on the device identifier, that the message is associated with a network translation device, wherein the message originates from at least one client device of a plurality of client devices of the network address translation device.’
Examiner would point out that, in the Board decision (12/02/2021), the board agreed with the examiner position that Li teaches ‘determining, based on the device identifier, that the message is associated with a network translation device’ [see board decision, page 8, second paragraph]; and ‘wherein the message originates from at least one a plurality of computing devices located downstream of the network translation device.’ [see board decision, page 11, first paragraph]. The only difference with applicant’s argument is that the devices are client devices of a plurality of client devices. It is understood by the examiner that Infected pc (110 of fig 1 and 210 of fig 2) are client device. It is also understood by the examiner unit 110 and 120 of fig 1 are executed on a client device.  
Applicant further argues that the references do not teach or suggest ‘causing each client device of the plurality of client devices to compare information stored in a local storage of each client device of the plurality of client devices with a stored list of domains.’
Examiner would point out that Chien US 2013/0333038 A1 teaches a network communication system including a plurality of client and server devices, comprising causing client device of the plurality of client devices to compare information stored in local storage of each client device of the plurality of client devices with stored list of domains (i.e., comparing IP address, port numbers and domain names against local white list database, paragraphs 0036-0039 and paragraph 0089).

Applicant further argued that the motivation to combine the reference is not supported. 
Examiner would like to cite from the Board decision (12/02/20210): “With respect to the obviousness of the claims before us on appeal, we emphasize that ‘the question under 35 USC 103 is not merely what the references expressly teach but what they would have suggested to one of ordinary skill in the art at the time of the invention was made ….” Examiner point out that, the prior art on record teaches the limitations and properly combined as pointed out by the Board decision. Examiner would further point out that one of ordinary skill in the art would have combined Chien within the system of Carothers and Li to further enhance the security of the system by checking and identifying network threats within client devices locally.  



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2 and 4-22 are rejected under 35 U.S.C. 103 as being unpatentable over Carothers US 2013/0232574 A1 in view of Li et al. US 2015/0058469 A1 (hereinafter Li) and further in view of Chien US 2013/0333038 A1. 

As per claim 1, Carothers teaches a method comprising:
receiving a message via a network address translation device disposed at a location, wherein the message originated from at least one client device of a plurality of client devices [paragraphs0029-0031];
determining based on the message that at least one client device of the plurality of client devices is a compromised [paragraphs0029-0031]; and
sending a signal to the network address translation device, wherein the signal causes a first process to execute on each client device of the plurality of client devices, wherein the first process comprises comparing information located in a local storage of the respective client device of the plurality of client devices with a stored list of domains [paragraphs 0029-0033],
In the same field of endeavor, Li teaches a method comprising: receiving by a computing device, a message comprising a device identifier [paragraphs 0025-0026]; determining based on the device identifier, that the message is associated with a network address translation device [paragraphs 0025-0026], It would have been obvious to one having ordinary skill in the art before the effective filing date of the application to employ the teachings of Li within the system of Carothers in order to further implement efficient communication system.
In the same field of endeavor, Chien teaches a network communication system including a plurality of client and server devices, comprising causing client device of the plurality of client devices to compare information stored in local storage of each client device of the plurality of client devices with stored list of domains [paragraphs 0036-0039 and paragraph 0089]. It would have been obvious to one having ordinary skill in the art before the effective filing date of the application to employ the teachings of Chien within the system of Carothers and Li to further enhance the security of the system by checking and identifying network threats within client devices locally.  

As per claim 10, Carothers teaches a method comprising:
receiving, by a network address translation device, a message, wherein the message indicates that one or more client devices of a plurality of client  devices is compromised [paragraphs0029-0033]; and
sending to the network address translation device, a signal wherein the signal causes a first process to execute on each of the one or more client devices of the plurality of client devices, wherein, the first process comprises comparing information located in a local storage of the respective device of the plurality of devices with a stored list of domains [paragraphs 0029-0033].
In the same field of endeavor, Li teaches a method comprising receiving by a device, a message comprising a device identifier [paragraphs 0025-0026]; determining based on the device identifier, that the message is associated with a network address translation device [paragraphs 0025-0026], It would have been obvious to one having ordinary skill in the art before the effective filing date of the application to employ the teachings of Li within the system of Carothers in order to further implement efficient communication system.
In the same field of endeavor, Chien teaches a network communication system including a plurality of client and server devices, comprising causing client device of the plurality of client devices to compare information stored in local storage of each client device of the plurality of client devices with stored list of domains [paragraphs 0036-0039 and paragraph 0089]. It would have been obvious to one having ordinary skill in the art before the effective filing date of the application to employ the teachings of Chien within the system of Carothers and Li to further enhance the security of the system by checking and identifying network threats within client devices locally.  

As per claim 14, Carothers teaches a method comprising:
sending by a network address translation device, a message that originated from at least one of a plurality of computing devices associated with a shared network [paragraphs 0029-0033];
receiving based on the device identifier and the message, a notification that a client device of the plurality of client devices is compromised [paragraphs0029-0033];
receiving based on a request, computer-executable code that causes a first process on each computing device to execute, wherein the first process comprises comparing information located in a local storage associated with a respective client device with a stored list of domains [paragraphs0029-0033]. In the same field of endeavor, Li teaches a method comprising: sending by a network address translation device, a message comprising a device identifier of the network address translation device [paragraphs 0025-0026]. It would have been obvious to one having ordinary skill in the art before the effective filing date of the application to employ the teachings of Li within the system of Carothers in order to further implement efficient communication system.
In the same field of endeavor, Chien teaches a network communication system including a plurality of client and server devices, comprising causing client device of the plurality of client devices to compare information stored in local storage of each client device of the plurality of client devices with stored list of domains [paragraphs 0036-0039 and paragraph 0089]. It would have been obvious to one having ordinary skill in the art before the effective filing date of the application to employ the teachings of Chien within the system of Carothers and Li to further enhance the security of the system by checking and identifying network threats within client devices locally.  

As per claim 2, Carothers further teaches the method further comprising sending, to the network address translation device, a signal wherein the signal causes one or more of a notification to be sent to client device [paragraphs 0029-0033].

As per claim 4, Carothers further teaches the method wherein the first process comprises: determining, based on a match between the information stored in the local storage and an item in the stored list of domains, that client device is compromised and causing based on determining that the client device is compromised, an action [paragraphs 0029-0033].

As per claims 5, 12 and 17, Carothers further teaches the method wherein the message indicating the one or more devices of the plurality of devices is compromised comprises the message indicating that the one or more devices of the plurality of devices is infected with one or more of malware, spyware, a virus or a Trojan [paragraphs 0029-0033].

As per claim 13, Carothers further teaches the method wherein the action comprises causing a browser to be directed to an address comprising another message [paragraphs 0029-0033].

As per claims 6 and 18, Carothers further teaches the method wherein the message comprises an e-mail message [paragraphs0029-0033].

As per claims 7, 19 and 21, Carothers further teaches the method wherein determining that at least one computing device of the plurality of client devices is the message originated from compromised comprises determining a pattern [paragraphs 0029-0033].

As per claims 8 and 20, Carothers further teaches the method wherein the pattern comprises a quantity of request by the at least one client device of an electronic file within a time window satisfying a threshold [paragraphs0029-0033].

As per claim 9, Carothers further teaches the method wherein sending the signal comprises sending a first response signal to the network address translation device, wherein the first response signal causes the network address translation device to send a subsequent response signal to each client device of the plurality of client devices [paragraphs 0029-0033].

As per claims 11 and 16, Carothers further teaches the method wherein the first process further comprises causing based on determining that the one or more client devices of the plurality of client devices is compromised, the one or more client device to execute an action [paragraphs0029-0033].

As per claim 15, Carothers further teaches the method further comprising determining based on the information stored in the local storage matching an item in the stored list of domains, c compromised client device [paragraphs 0029-0033].

	As per claim 22, Li further teaches the method wherein the network address translation device is associated with a local area network and wherein the network address translation device comprises at least one of: a router, a modem or a gateway [paragraph 0080 and figures 5 and 6]. It would have been obvious to one having ordinary skill in the art before the effective filing date of the application to employ the teachings of Li within the system of Carothers in order to further implement efficient communication system.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

BEEMNET W. DADA
Primary Examiner
Art Unit 2435



/BEEMNET W DADA/             Primary Examiner, Art Unit 2435