DETALED ACTION
This Office Action is with regard to the most recent papers filed 9/13/2022.

Response to Arguments
Applicant’s arguments filed 9/13/2022 with regard to the amendments adding “serial network entity” have been considered, but are moot based on the new grounds of rejection necessitated by the amendment.  It is noted that the serial network entity appears to have no actual impact on the claimed functionalities, and would merely specify a type of entity, where any serial entity that has an adapter to connect to another type of network, such as in Fausak, would teach such a serial network entity.
On page 9, Applicant briefly argues that it is unclear that the device of O’Brien is even compatible with the media-over-IP architecture in Alt in a manner that would be obvious to a person of ordinary skill in the art.  However, Applicant has provided no detail that would actually indicate an incompatibility with utilizing the data diodes of O’Brien with any type of bidirectional link that would utilize a firewall.  Further, it should be noted that the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).  In O’Brien, the “protocol break” technology, itself, is incorporated with the data diodes, where the “protocol break” technology is what ensures that no routable IP information is passed between the networks (O’Brien: Page 2, Paragraph 1), where this is would appear to be the cause of any question of incompatibility raised by Applicant.  If Applicant believed that the data diodes, themselves, result in an incompatibility, Applicant should provide details of how the data diodes (without bodily incorporating the teachings of O’Brien into the combination, such as by incorporating the additional proprietary protocol) would provide such an incompatibility, and how the instant claimed invention would avoid such an incompatibility.
Accordingly, the instant claims stand rejected for the reasons provided below.

Claim Objections
Claim 29 is objected to because of the following informality:  Claim 29 refers to “one or more machines communicatively coupled a network” in line 2, where the machines should apparently be “coupled to a network.”  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-35 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
With regard to claims 1, 8, 15, 22, and 29, each of the instant claims provide a “serial network entity.  While the instant specification mentions serial network in paragraph [0030], this is the only recitation of such, where an example OT technology includes “converting one type of network (e.g. a serial network to ethernet) to another…”  This does not actually provide a disclosure of a serial network entity, or any functions associated with such an entity.  If Applicant believes that such a serial network entity is supported, Applicant should provide specific detail of how such a serial network entity is disclosed that has the same connections and functions as claimed.  Claims 2-7, 9-14, 16-21, 23-28, and 30-35, which depend from one of claims 1, 8, 15, 22, and 29, do not remedy this issue and are rejected for the same.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-35 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 2015/0244788 (Fausak) in view of US 2007/0022289 (Alt) and O’Brien, Larry in “Owl Cyber Defense Unveils ReCon for Secure Bidirectional Communications,” posted at <https://www.arcweb.com/blog/owl-cyber-defense-unveils-recon-secure-bidirectional-communications> on June 7, 2018 (O’Brien) and US 7,484,008 (Gelvin).
With regard to claim 1, Fausak discloses a method for implementing a machine identity firewall, the method comprising: 
(a) providing bi-directional Remote Procedure Call (RPC) style channels within a Hypertext Transfer Protocol Secure (HTTPS) tunnel (Fausak: Paragraph [0094].  RPC can be used in Fausak using HTTPS as a transport protocol, where a TSGW tunnel (using HTTPS) is created to create a hole through a firewall.); 
Fausak fails to disclose expressly:
(b) implementing a proxy authentication and a stream binder on behalf of an entity that cannot embed a native tunnel endpoint, 
wherein a proxy end point of the proxy authentication (i) converts a first authentication format to a second authentication format other than the first authentication format, and (ii) bridges a first communication path to a second communication path other than the first communication path; 
(c) implementing a security key management; and 
(d) implementing a stream firewall that provides access control on a segmented per stream basis.
However, Alt teaches:
(b) implementing a proxy authentication and a stream binder on behalf of an entity that cannot embed a native tunnel endpoint (Alt: Paragraph [0073] and [0039].  Protocol conversion is performed, where an endpoint that cannot support a protocol for the other endpoint would not be able to perform any signaling with the other endpoint, including tunneling functionality, where such conversions would be performed by the interconnect system (proxy).), 
wherein a proxy end point of the proxy authentication (i) converts a first authentication format to a second authentication format other than the first authentication format, and (ii) bridges a first communication path to a second communication path other than the first communication path (Alt: Paragraphs [0039] and [0073].  The interconnect system performs proxy functions and converts signals (formats of the communications) from a first format to a second format.  Lacking detail of what an authentication format is, this terminology is taken to be the format that such authentication would have, which would include authentication messages using different signaling protocols.); 
(c) implementing a security key management (Alt: Paragraph [0082].  Security keys are provided for, where lacking detail as to what constitutes such management or how it is implemented, the use of security keys would provide at least some security key management implementation.); and 
(d) implementing a stream firewall that provides access control on a segmented per stream basis (Alt: Paragraphs [0039] and [0081].  Filtering can be performed on a per flow (stream) basis.).
Accordingly, it would have been obvious to one of ordinary skill in the art to utilize details of the proxy and firewall from Alt in the system of Fausak to provide for the efficient interconnection of components that would otherwise not be able to communicate due to differences in signaling protocols.
Fausak fails to teach, but O’Brien teaches that the stream firewall is implemented as a data diode proxy for the entity on either end of the stream (O’Brien: 2nd to 6th Paragraphs and Figure.  An improvement over traditional firewalls is provided where two data diodes are provided to allow for bidirectional communications.  With regard to “for the entity,” no detail is provided that details how ithe proxy is for the entity.  In the instant case, the proxy at least performs security functions for the entities that utilize the proxied connection, and thus would be for the entity, as claimed.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize data diodes, as in O’Brien, for the firewall to improve security of the network communications (O’Brien: 3rd to 4th Paragraphs).
Fausak fails to teach, but Gelvin teaches that the entity is a serial network entity (Gelvin: Column 14, lines 4-19 and Figure 8.  Serial network device connections can be adapted to communicate over other network types, such as IP networks.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to have the entity be a serial network entity to allow different types of network devices, including serial devices, to connect to the network.  It is noted that no functionality is performed based on the device being a serial network device, where the instant claim is merely broadly providing that the entity is a serial network entity.

With regard to claim 2, Fausak teaches using the RPC-style channels within the HTTPS tunnel for a local connectivity (Fausak: Figure 1.  When the client is taken to be local, local connectivity of the client is provided for by the tunnel (as the local system is able to connect to other systems.  For clarity, Applicant should amend the instant claim to provide for what constitutes “local connectivity.”).

With regard to claim 3, Fausak teaches using the RPC-style channels within the HTTPS tunnel for a remote connectivity (Fausak: Figure 1.  When the client is taken to be local, the tunnel is used for remote connectivity (as the local system is connected to the remote system.).

With regard to claim 4, Fausak teaches end points of the HTTPS tunnel are disposed at each application and/or machine that is connected in a manner configured to facilitate a peer-to-peer communication format (Fausak: Figure 1 and Paragraph [0364].  First, it is noted that a “peer-to-peer” connection format only provides that the format would support peer-to-peer connections in some manner, not that there is actually a peer-to-peer connection.  Second, the term “facilitate” only presents that the format is somehow assisted, but not necessarily implemented or any other detail of how the format is facilitated.  In the case of Fausak, each endpoint of the tunnel (which would be some software or machine) would be connected in some manner, where Fausak provides that the architecture “may enable peer-to-peer connection…”).

With regard to claim 5, Fausak teaches using a peer to peer communication channel facilitating the peer-to-peer communication format in (A) a segmented implementation of the machine identity firewall or (B) a scalable implementation of the machine identity firewall (Fausak: Paragraphs [0364] and [0100].  A firewall serves to segment a network, where lacking detail of what constitutes a “segmented implementation of the machine identity firewall,” the segmentation of the firewall would appear to provide such implementation, where the channel (over a tunnel) would cross the segments.  For clarity, it is recommended that Applicant provide specific detail on what constitutes a “segmented” implementation of the firewall.  Further, it is noted that there is little detail of what constitutes a “scalable implementation,” where the ability to add or remove rules referring to flows would provide some scaling, at least with respect to rules, where, for clarity, Applicant should provide additional detail with regard to how the firewall is scaled.).

With regard to claim 6, Fausak teaches wherein the segmented implementation of the per stream basis comprises a human accessible stream (Fausak: Paragraph [0094] and Figure 1.  The stream is provided to a client, where a user would access the data from the stream using the software of the client.  For clarity, Applicant should provide how such stream is “human accessible”).

With regard to claim 7, Fausak teaches that the segmented implementation of the per stream basis of an application stream for at least one machine (Fausak: Paragraph [0101].  The streams can be for applications.).

With regard to claims 8-35, the instant claims are similar to claims 1-7, and are rejected for similar reasons.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT B CHRISTENSEN whose telephone number is (571)270-1144. The examiner can normally be reached Monday through Friday, 6AM to 2PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SCOTT B. CHRISTENSEN
Examiner
Art Unit 2444



/SCOTT B CHRISTENSEN/Primary Examiner, Art Unit 2444