DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the amendment filed on 09/08/2022.
Claims 1-18 are currently pending in this application. Claims 1 and 8 have been amended. Claims 15-18 are new.
No information disclosure statement (IDS) has been filed.

Response to Arguments
The previous 112(b) rejections to the claims 1-14 have been withdrawn in response to the applicants’ amendments/remarks. However, current amendments cause the new rejections. See the updated rejections in the 112(b)-rejection section below.

Applicants have amended the claims 1 and 8 to include “… connect, at least one of the one or more client sites to … that has increased throughput”, and have, in pages 7-8 of the remarks, argued that “… Schultz teaches a system which similarly provides rules … conversely, the present invention discloses a system which provides rules … application details that … para. [0130] … as shown in fig. 13 … para. [0131] …”.
Applicants’ these arguments are not persuasive.
First of all, it is noted that although the claims are interpreted in light of the specification, limitations for the specification (e.g., information of the fig. 13, paragraphs 0131 and 0132 of the application) are not read into the claims - see In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
As taught in Markham, Markham teaches that each client is aggregated to one or more diverse network connections - see figs. 1A and 2 of Schultz. Moreover, the newly added reference of Markham, in figures 4, 6, 13 and paragraph 0158, clearly teaches that each client site (e.g., a local workstation/server) is aggregating to one or more diverse network connections to configure an aggregated connection (e.g., the connection with packet filter 142 of the router) that has increased throughput. Therefore, it is obvious that Schultz in view of Markham teaches amended/argued limitations, “… connect, at least one of the one or more client sites to … that has increased throughput”. See the amended rejections in the 103-rejection section below.

The applicants’ arguments for claim 8, new claims 15-18 (and dependent claims) are not persuasive because of the response stated above for the claim 1 (also see the 103 rejections section for the new claims 15-18 and dependent claims 2-7 and 9-14).
 
Thus, the applicants’ arguments are not persuasive. Please see rejections below for the current claims. This action is final.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 1-18 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claim 1 (claim 8 includes similar limitations) recites:
“… provide, by each firewall of a plurality of firewalls, corresponding to one or more of said plurality of network components, rules, security controls, and policy controls for at least one of the network components from said plurality of network components; manage, by a centralized firewall network controller, the rules, security controls or policy controls for the plurality of firewalls …”, however, it is not clear (1) whether rules, security controls and policy controls for the first (one of) network component is provided by the first (corresponding one) of the network component (e.g., providing the rules by the component itself) or not; (2) whether “rules, security controls and policy controls for one (first) network component(s) of the (first) firewall” are the same as “the rules, security controls or policy controls for the plurality of firewalls” (e.g., the rules for the first firewall are used for the second firewall, or omitting necessary step(s)/component(s), which causes the limitations unclear);
“… a plurality of network components associated to one (or more) client site(s) … connect, (at least) one of the one (or more) client sites to (at least) one of the plurality of network component(s), wherein each client site is aggregating to …”, however, it is not clear (1) whether the connected client site is the same as the client site associated with the plurality of network components or not (or it is not clear to define a boundary of the claimed limitations); (2) whether one client site is connected to a plurality of (e.g., 10,000) network components or not; (3) whether the claimed “each client site” is the same as “the associated client site” or “the connected client site” (note: suggested to use the same name, such as “a client site”, “the client site” if they are the same, but to use different names, such as “a first client site”, “a second client site” if they are different.   
 Claims 2-7 and 9-18 depend from the claim 1 or 8, and are analyzed and rejected accordingly.

Claims 15 and 17 recite “… the at least one of the plurality of network components includes at least one concentrator element … at a network access point to at least one network, the network component automatically terminating …”, however, it is not clear whether the term, the network component, is the same as “the at least one of the plurality of network components” or “a network access point”.

Claims 16 and 18 recite “… at a distance that would usually require a long haul network communication”, however, it is not clear whether the limitations followed by the term, “would” is actually limiting or not (note: the term “would” is interpreted as “indicating the consequence of an imagined event or situation”).   

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claim 1-18 is rejected under 35 U.S.C. 103 as being unpatentable over Schultz et al. (US 2018/0041470 A1) in view of Markham (US 2003/0126468 A1).

As per claim 1, Schultz teaches a network system for distributed firewall management in a network comprising a plurality of network components associated with one or more client sites [figs. 1A, 1B and 2 of Schultz - the network system of fig. 2 for firewall management by the APN network control node NCN for the distributed client site or APN client sites with a plurality of network components of fig. 1B], said system comprising: at least one processor and at least one non-transitory memory comprising program code, wherein the at least one non-transitory memory and the program code are configured to, with the at least one processor, cause the system [see par. 0056 of Schultz] to perform operations configured to:
provide, by each firewall of a plurality of firewalls, corresponding to one or more of said plurality of network components, rules, security controls, and policy controls for one or more of said plurality of network components [(fig. 1A, 1B, 2, 3, 12A, 12B; par. 0016, lines 1-5; par. 0050, lines 1-22; par. 0070, lines 1-6; par. 0075, lines 21-30 of Schultz teaches the system providing, by each firewall of a plurality of firewalls (e.g., the integrated firewalls), corresponding to one or more of said plurality of network components (e.g., WAN Ingress/Egress processor modules, control plane modules, applications, software modules, etc.), rules (e.g., the policy), security controls (e.g., starting a firewalling security process), and policy controls (e.g., initiating application steering to destinations allowed by the security policy, blocking inbound traffic that is not a result of an outbound session initiation by the security policies) for one or more of said plurality of network components (e.g., WAN Ingress/Egress processor modules, control plane modules, applications, software modules, etc.)]; and
manage, by a centralized firewall network controller configured the rules, security controls, or policy controls for the plurality of firewalls [fig. 2; par. 0072, lines 1-27 of Schultz teaches a centralized firewall network controller (e.g., the controller of the network control node NCN with the administrator) configured to manage the rules, security controls, or policy controls for the plurality of firewalls (e.g., the network control node NCN with the administrator can adjust/manage centralized configuration for a set of security policies to provide a managed/controlled firewall network that incorporates connections of the plurality of client site network components shown in fig. 2]; and
connect, at least one of the one or more client sites to at least one of the plurality of network components [figs. 1B, 2, 3; par. 0034, lines 1-10; par. 0035, lines 1-6 of Schultz teaches connect, at least one of the one or more client sites to at least one of the plurality of network components (e.g., WAN Ingress/Egress processor modules, control plane modules, applications, software modules, etc.)].

Although Schultz teaches each client is aggregated to one or more diverse network connections (see figs. 1A and 2 of Schultz), Schultz does not explicitly disclose each client site is aggregating to one or more diverse network connections to configure an aggregated connection that has increased throughput.
However, Markham teaches that each client site is aggregating to one or more diverse network connections to configure an aggregated connection that has increased throughput [figs. 4, 6, 13; par. 0039, lines 1-5; par. 0158, lines 1-10 of Markham teaches each client site (e.g., a local workstation/server) is aggregating to one or more diverse network connections to configure an aggregated connection (e.g., the connection with packet filter 142 of the router) that has increased throughput]. 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Schultz with the teaching of Markham to include aggregated connection for a greater throughput capability because it provides a greater degree of protection against threats from outsiders - see par. 0155 of Markham.

As per claim 2, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein the centralized firewall network controller is configured to provide a software defined perimeter defense system [par. 0049, lines 1-13; par. 0229, lines 1-2, 18-19 of Schultz – the centralized network controller NCN is configured for security zones to provide a software defined perimeter defense system as the security boundary of each security zone].

As per claim 3, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein the centralized firewall network controller is configured to provide five layers of security comprising administrator, network, trusted, public and untrusted [table 16; par. 0072, lines 9-27; par. 262, lines 1-5; par. 264, lines 9-11 of Schultz – the centralized APN configuration of the controller NCN provides network setting for selected site appliances, the security zones with Internet security zone for a trusted interface, untrusted Internet security zone with an untrusted interface, default LAN security zone with not setting a zone or public and administrator specific/assigned security zone].

As per claim 4, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein the centralized firewall network controller is configured to provide rule management with an asset alias capacity to assign a unit alias to each of the plurality of assets across the plurality of network components [figs. 1B, 2; par. 0060, lines 1-19; par. 0229, lines 1-19; table 11 of Schultz – the central configuration provides rule management with bandwidth or capacity optimization and the assigned security zone A or B or C to each appliance of the plurality of appliances of the client site network. In other words, the asset alias capacity optimization assigns a unit alias (e.g., security zone A/B/C) to each of the plurality of appliances across the plurality of network components].

As per claim 5, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein the plurality of firewalls use processing resources of the plurality of network components [figs. 1B, 2; par. 0049, lines 1-10; par. 0050, lines 1-29; par. 0060, lines 1-19 of Schultz teaches the plurality of firewalls, such as 192, 194, 196, 198, use processing resources of the plurality of network components, such as WAN Ingress/Egress processor modules, etc.].

As per claim 6, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein the centralized firewall network controller is configured to provide automatic network component discovery [figs. 1B, 2; par. 0076, lines 1-11 of Schultz teaches automatic network component discovery].

As per claim 7, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein the client site network component is configured to separate lower-link data traffic and to encapsulate data packets of the lower-link data traffic using the common access protocol [figs. 1A, 4; par. 0034, lines 1-10; par. 0089, lines 24-34 of Schultz teaches the transport reliable protocol (TRP) processing is begun including checking path id validity and path resequencing. Conduit user data processing is begun including aggregation, phase 1 of header compression, checking IP header of user data, application lookup using an application classification table. Also, a flow and rule lookup in a rules table is accomplished. The conduit flow processing is begun including handling fragmentation, re-sequence flow processing, phase 2 of header compression and strip TRP encapsulation. In other words, the client site network component (e.g., conduit processor module) is configured to separate lower-link data traffic (e.g., the data link layer traffic) and to encapsulate data packets of the lower-link data traffic using the common access protocol (e.g., TRP processing).

As per claim 15, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein the at least one of the plurality of network components includes at least one concentrator element, said concentrator element implemented at a network access point to at least one network, the network component automatically terminating the aggregated connection and passing data traffic to the network access point to the at least one network [figs. 1A, 4; par. 0034, lines 1-10; par. 0040, lines 1-18 of Schultz teaches wherein the at least one of the plurality of network components includes at least one concentrator element (e.g., the APN conduit), said concentrator element implemented at a network access point to at least one network (see fig. 1B), the network component automatically terminating the aggregated connection (e.g., without conduit) and passing data traffic to the network access point to the at least one network (e.g., delivering site-to-site traffic without the conduit)].

As per claim 16, Schultz in view of Markham teaches the system of claim 1. 
Schultz further teaches wherein at least one of the plurality of network components is configured to connect to the at least one of the one or more client sites at a distance that would usually require a long haul network communication [figs. 1A, 1B, 24; par. 0034, lines 1-10; par. 0036, lines 1-11; par. 0037, lines 1-12 of Schultz teaches wherein at least one of the plurality of network components is configured to connect to the at least one of the one or more client sites (see fig. 1B) at a distance that would usually require a long haul network communication (e.g., public wide area network WAN)].

Claims 8-14, 17 and 18 are method claims that correspond to the system claims 1-7, 15 and 16, and are analyzed and rejected accordingly.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAUNG T LWIN/Primary Examiner, Art Unit 2495