Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION
Claims 1-20 are presented for examination. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed  determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 8,365,272. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-49 of U.S. Patent No. 8,381,297. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-6 of U.S. Patent No. 9,391,956. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-12 of U.S. Patent No. 9,756079. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,057,295. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,284,603. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,951,659. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,304,293. Although the claims at issue are not identical, they are not patentably distinct from each other.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001). 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


8.	Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Winick et al hereafter Winick (US pat. 7992199) and in view of Fogel (US pat. App. 20070209067).
9.	As per claim 1, Winick discloses a computer, comprising: a processor and memory; an application associated with an application address, the application configured to assist in generating internal outgoing data packets and to assist in receiving internal incoming data packets, the internal outgoing data packets including the application address, the internal incoming data packets including the application address; a network interface coupled to receive external incoming data packets from and transmit external outgoing data packets to an untrusted device on an external network, the external outgoing data packets on the external network having a public address as a source address, the external incoming data packets being directed on the external network to the public address; and a driver coupled to the network interface, the driver for automatically forwarding the internal outgoing data packets to a network address translation engine to translate the application address to the public address (4:34-67, 6:22-34, 7:1-1-25, 8:1-29, wherein it emphasizes that an application assists to transfer outgoing data packet and receiving incoming data packets wherein that incoming and outgoing data packet has public address as source address wherein it automatically forwarding the internal outgoing data packets to a network address translation engine to translate the application address to the public address), and for automatically forwarding the external incoming data packets to the network address translation engine to translate the public address to the application address, the driver coupled to transmit the external incoming data packets to a firewall after the network address translation engine performs network address translation from the public address to the application address, the firewall configured to reject the external incoming data packets if the external incoming data packets according to a mobile device security policy and configured to allow the external incoming data packets to be forwarded to the application if the external incoming data packets do not include malicious content according to the mobile device security policy, the firewall being configured to handle application-level security, the mobile device security policy being configured for mobile-type devices (3:36-67, 4:9-22, 7:5-27, 7:39-67, 9:14-27; wherein it elaborates automatically translate public address to application address in NAT then it forward the packet to a firewall which check packet and forward to the next node). Winick does not expressly mention packets are deemed to include or potentially include malicious content according to a mobile device security policy. However, in the same field of endeavor, Fogel discloses the firewall configured to reject the external incoming data packets if the external incoming data packets according to a mobile device security policy and configured to allow the external incoming data packets to be forwarded to the application if the external incoming data packets do not include malicious content according to the mobile device security policy (paragraphs: 10, 11, 18, and 35-38).  
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Fogel’s teachings of transmit the incoming application packets to a security engine configured to reject the incoming application packets if the incoming application packets are deemed to include malicious content according to a mobile device security policy, and to allow the incoming application packets to be forwarded to the application if the incoming application packets have not been deemed to include malicious content according to the mobile device security policy with the teachings of Winick, for the purpose of protecting the network packets flow from unauthorized intruders.
10.	As per claim 2, Winick discloses the computer wherein the network address translation engine is part of the driver (3:51-67, 6:1-22).  
11.	As per claim 3, Winick discloses the computer wherein the network address translation engine is part of the firewall (6:35-54, 10:30-55).  
12.	As per claim 4, Winick discloses the computer wherein the firewall is located on a mobile security system configured to implement the mobile security policy (2:41-56, 7:31-55).  
13.	As per claim 5, Winick discloses the computer wherein the network address translation engine is configured to use Dynamic Host Configuration Protocol to translate the application address to the public address and the public address to the application address (4:56-67, 7:5-26).   
14.	As per claim 6, Winick discloses a system, comprising: a network interface coupled to an external network, the network interface coupled to receive external incoming data packets from and transmit external outgoing data packets to an untrusted device on the external network, the external outgoing data packets on the external network having a public address as a source address, the external incoming data packets being directed on the external network to the public address; a computer having one or more applications, each of the one or more applications associated with at least one application address, internal outgoing data packets being associated with the one or more applications; and a driver coupled to the network interface, the driver for automatically forwarding the internal outgoing data packets to network address translation engine to translate the application address to the public address (4:34-67, 6:22-34, 7:1-1-25, 8:1-29), and for automatically forwarding the external incoming data packets to the network address translation engine to translate the public address to the application address, the driver coupled to transmit the external incoming data packets to a firewall after the network address translation engine performs network address translation from the public address to the application address, the firewall being in communication with the network interface, the firewall configured to conduct both network-level security and application-level security on the external incoming data packets, the firewall configured to reject the external incoming data packets if the external incoming data packets include malicious content according to a mobile device security policy and configured to allow the external incoming data packets to be forwarded if the external incoming data packets do not include malicious content according to the mobile device security policy, the mobile device security policy being configured for mobile-type devices (3:36-67, 4:9-22, 7:5-27, 7:39-67, 9:14-27). Winick does not expressly mention packets are deemed to include or potentially include malicious content according to a mobile device security policy. However, in the same field of endeavor, Fogel discloses the firewall configured to reject the external incoming data packets if the external incoming data packets according to a mobile device security policy and configured to allow the external incoming data packets to be forwarded to the application if the external incoming data packets do not include malicious content according to the mobile device security policy (paragraphs: 10, 11, 18, and 35-38).  
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Fogel’s teachings of transmit the incoming application packets to a security engine configured to reject the incoming application packets if the incoming application packets are deemed to include malicious content according to a mobile device security policy, and to allow the incoming application packets to be forwarded to the application if the incoming application packets have not been deemed to include malicious content according to the mobile device security policy with the teachings of Winick, for the purpose of protecting the network packets flow from unauthorized intruders.
15.	As per claim 11, Winick discloses a method executable by a computer system, the method comprising: generating internal outgoing data packets by an application associated with an application address, the internal outgoing data packets including the application address; receiving internal incoming data packets by the application, the internal incoming data packets including the application address; transmitting external outgoing data packets by a network interface to an untrusted device on an external network, the external outgoing data packets on the external network having a public address as a source address; receiving by a network interface external incoming data packets from an untrusted device on an external network, the external incoming data packets being directed on the external network to the public address; sending by a driver the internal outgoing data packets and the external incoming data packets to a network address translation engine to translate between the application address and the public address (4:34-67, 6:22-34, 7:1-1-25, 8:1-29), the sending including automatically forwarding the internal outgoing data packets to the network address translation engine to translate the application address to the public address, the sending including automatically forwarding the external incoming data packets to the network address translation engine to translate the public address to the application address; sending by the driver the external incoming data packets to a firewall after the network address translation engine performs network address translation from the public address to the application address to evaluate the external incoming data packets against a mobile device security policy, the firewall being configured to handle application-level security, the mobile device security policy being configured for mobile-type devices, the firewall configured to reject the external incoming data packets if the firewall determines that the external incoming data packets include malicious content according to the mobile device security policy, the firewall configured to allow the external incoming data packets to be forwarded to the application if the firewall determines that the external incoming data packets do not include malicious content according to the mobile device security policy; and receiving the external incoming data packets after translation by the network address translation engine if the firewall has determined to allow the external incoming data packets (3:36-67, 4:9-22, 7:5-27, 7:39-67, 9:14-27). Winick does not expressly mention packets are deemed to include or potentially include malicious content according to a mobile device security policy. However, in the same field of endeavor, Fogel discloses the firewall configured to reject the external incoming data packets if the external incoming data packets according to a mobile device security policy and configured to allow the external incoming data packets to be forwarded to the application if the external incoming data packets do not include malicious content according to the mobile device security policy (paragraphs: 10, 11, 18, and 35-38).  
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Fogel’s teachings of transmit the incoming application packets to a security engine configured to reject the incoming application packets if the incoming application packets are deemed to include malicious content according to a mobile device security policy, and to allow the incoming application packets to be forwarded to the application if the incoming application packets have not been deemed to include malicious content according to the mobile device security policy with the teachings of Winick, for the purpose of protecting the network packets flow from unauthorized intruders.
16.	As per claim 16, Winick discloses a non-transitory computer-readable medium storing computer instructions, the computer instructions for causing a computer system to perform: generating internal outgoing data packets by an application associated with an application address, the internal outgoing data packets including the application address; receiving internal incoming data packets by the application, the internal incoming data packets including the application address; transmitting external outgoing data packets by a network interface to an untrusted device on an external network, the external outgoing data packets on the external network having a public address as a source address; receiving by a network interface external incoming data packets from an untrusted device on an external network, the external incoming data packets being directed on the external network to the public address; sending by a driver the internal outgoing data packets and the external incoming data packets to a network address translation engine to translate between the application address and the public address, the sending including automatically forwarding the internal outgoing data packets to the network address translation engine to translate the application address to the public address (4:34-67, 6:22-34, 7:1-1-25, 8:1-29), the sending including automatically forwarding the external incoming data packets to the network address translation engine to translate the public address to the application address; sending by the driver the external incoming data packets to a firewall after the network address translation engine performs network address translation from the public address to the application address to evaluate the external incoming data packets against a mobile device security policy, the firewall being configured to handle application-level security, the mobile device security policy being configured for mobile-type devices, the firewall configured to reject the external incoming data packets if the firewall determines that the external incoming data packets include malicious content according to the mobile device security policy, the firewall configured to allow the external incoming data packets to be forwarded to the application if the firewall determines that the external incoming data packets do not include malicious content according to the mobile device security policy; and receiving the external incoming data packets after translation by the network address translation engine if the firewall has determined to allow the external incoming data packets (3:36-67, 4:9-22, 7:5-27, 7:39-67, 9:14-27). Winick does not expressly mention packets are deemed to include or potentially include malicious content according to a mobile device security policy. However, in the same field of endeavor, Fogel discloses the firewall configured to reject the external incoming data packets if the external incoming data packets according to a mobile device security policy and configured to allow the external incoming data packets to be forwarded to the application if the external incoming data packets do not include malicious content according to the mobile device security policy (paragraphs: 10, 11, 18, and 35-38).  
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Fogel’s teachings of transmit the incoming application packets to a security engine configured to reject the incoming application packets if the incoming application packets are deemed to include malicious content according to a mobile device security policy, and to allow the incoming application packets to be forwarded to the application if the incoming application packets have not been deemed to include malicious content according to the mobile device security policy with the teachings of Winick, for the purpose of protecting the network packets flow from unauthorized intruders.
17.	 Claims 7-10, 12-15, and 17-20 are listed all the same elements of claims 2-5. Therefore, the supporting rationales of the rejection to claims 2-5 apply equally as well to claims 7-10, 12-15, and 17-20.
Citation of References
18. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action: 
Shukla (US pat. app. Pub. 20080016339): discusses protecting applications from local and network attacks. This method also detects and removes malware and is based on creating a sandbox at application and kernel layer. By monitoring and controlling the behavior and access privileges of the application and only selectively granting access, any attacks that try to take advantage of the application vulnerabilities are thwarted.  
Cheng et al (US pat. 8145733): elaborates that a Network Address Translation (NAT) server performs address translation services for client computers in a private computer network. A traffic monitor computer outside the private computer network may receive network data processed by the NAT server. The traffic monitor computer may parse network data to obtain application layer information, from which the traffic monitor computer may obtain identification information of the client computer that originally sent the network data. The identification information may include the private IP address of the client computer. In one embodiment, the traffic monitor computer obtains the private IP address of the client computer by examining trace information appended to an e-mail by a mail client running in the client computer.  

Conclusion
19.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590.  The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436