Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
	Claims 1-10 are pending.
Double Patenting
	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
"A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). " ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
	Claims 1-10  are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,190,486. Claims 1-20 of US Patent No. 11,190,486 contains every element of claim 1-10 of the instant application and as such anticipate claim 1-10 of the instant application. Although the conflicting claims are not identical, they are not patentably distinct from each other(as shown below for example in the mapping of the claim 1) . 


Instant Application
Patent No. 11,190,486
1. A secure network system comprising: 
a two-way bridge connecting a protected packet data network with an external packet data network so as to allow bidirectional communication between the protected packet data network and the external packet data network; 
a one-way link unidirectionally connecting the protected packet data network to the external packet data network and physically configured to carry signals in one direction from the protected packet data network to the external packet data network and to be incapable of carrying signals in the opposite direction from the external packet data network to the protected packet data network; and 
a security server configured: 
to receive an indication of a security threat to at least one of: the protected packet data network; or the external packet data network; and in response to the indication, to deactivate the two-way bridge and activate the one-way link so as to prevent the protected packet data network from receiving packets from the external packet data network while allowing forwarding of packets from the protected packet data network to the external packet data network.
1. A secure network system comprising: 
a first two-way bridge connecting a protected packet data network with an external packet data network so as to allow bidirectional communication between the protected and external packet data networks,…
a first one-way link unidirectionally connecting the protected packet data network to the external packet data network and physically configured to carry signals in one direction from the protected packet data network to the external packet data network and to be incapable of carrying signals in the opposite direction from the external packet data network to the protected packet data network, …and 
a security server …configured:
 to receive an indication of a security threat to at least one of: the protected packet data network; or the external packet data network; in response to the indication, to deactivate the first two-way bridge and activate the first one-way link so as to prevent the protected packet data network from receiving packets from the external packet data network while allowing forwarding of packets from the protected packet data network to the external packet data network;… 



CLAIM INTERPRETATION
	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
	The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation are: “network device” in claims 3, 4, 8 and 9.
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. Specification, pages 16-18 and figures 2 and 3 are interpreted to cover the corresponding structure.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
		The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 1-4 and 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over Ishigaki et al. (US Publication No. 2017/0054687) in view of Lee et al. (US Patent No.9,608,973).
	As per claims 1 and 6, Ishigaki teaches a secure network system (paragraph [0075] and figure 2, “security system),  comprising: a two-way bridge connecting a protected packet data network with an external packet data network so as so allow bidirectional communication between the protected and external packet data networks (paragraph [0076] and figure 2, duplex communication line connecting internal network to be protected with external network); a one-way link unidirectionally connecting the protected packet data network to the external packet data network  (paragraph [0076] and figure 2, simplex communication line 42, connecting internal network to be protected with externa network) and physically configured to carry signals in one direction from the protected packet data network to the external packet data network and to be incapable of carrying signals in the opposite direction from the external packet data network to the protected packet data network (paragraph [0023], “simplex communication line…to enable one-way communication” and paragraph [0123], “simplex communication line 42 is formed by connecting physical ports”); and to deactivate the two-way bridge and activate the one-way link (paragraph [0048], “enable one-way communication” (paragraph [0049], “sending the outbound data to the first gateway device through the simplex communication line and not through the duplex communication line”. It is noted that the outbound data is sent through simplex line not through the duplex communication line, thus, the simplex communication line is considered as activated and duplex communication line is considered to be deactivated) so as to prevent the protected packet data network from receiving packets from the external packet data network while allowing forwarding of packets from the protected packet data network to the external packet data network (paragraph [0020], “block improper access from the external network to internal network…,thereby to protect the internal network” and paragraph [0104], “outbound data is sent through the simplex communication line 42 not through the duplex communication line 4”).
	While Ishigaki discloses deactivating the two-way bridge and activating the one-way link, Ishigaki does not explicitly teach a security server configured to receive an indication of a security threat to at least one of the packet data networks; and in response to the indication, to deactivate the two-way bridge and activate the one-way link. However, in an analogous art, Lee discloses a center server receives information (indication) of malicious access (security threat) and transmits a ‘block relay’ command to the first relay and ‘start relay’ command to the second relay and activates the second relay to perform relay function (column 2, lines 34-38). 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Ishigaki with Lee. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to prevent hacker from accessing information, by deactivating infected relay from relaying data.
	While Lee discloses activating the second relay and deactivating the first relay in response to received security threat indication, Lee does not call the first relay a “two-way bridge” and the second relay a “one-way link”. However, one of ordinary skill in the art recognizes that the function of deactivating and activating of a device (i.e., bridge or the link) does not depend on the device or link  type being a “two-way bridge” and a “one-way link”, and deactivating and activating could be performed the same regardless of the type of the device or link. Therefore, such feature would have been obvious and predictable to one of ordinary skill in the art before the effective filing date of the claimed invention. 
	As per claims 2 and 7, Ishigaki further discloses, wherein the one-way link comprises a hardware-enforced unidirectional channel (paragraph [0123], “the one-way communication by simplex communication line 42 is formed by connecting physical ports”, paragraph [0005], data diode, the data is allowed to flow only one-way).
	As per claims 3 and 8, Ishigaki in view of Lee furthermore teaches a network device disposed in the protected packet data network, and configured to: receive data packets from a first host disposed in the protected packet data network for forwarding to a second host disposed in the external packet data network, (Ishigaki, paragraph [0077], “an accessory station (ACS) 64 as a terminal having  a role of collecting data…as an interface to the outside”); send (mirror) the received packets towards the one-way link (Ishigaki, paragraph [0084], operating data for the plant from the inside of the control network 6 sent to the simplex communication line 42), and mirror the received packets towards the  two-way bridge (Lee, column 4, lines 6-9,  the relay 121 and 122 receive data stored in the central server and store the received data  as mirror data). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine  Ishigaki with Lee, in order to transmit requested data from central server to a client  through an intermediary device.
	As per claims 4 and 9, Ishigaki in view of Lee  furthermore teaches, the system further comprising a network device disposed in the protected packet data network, and configured to: receive data packets from a first host disposed in the protected packet data network for forwarding to a second host disposed in the external packet data network for forwarding to a second host disposed in the external packet data network ( Ishigaki, paragraph [0077], “an accessory station (ACS) 64 as a terminal having  a role of collecting data from ..the control device 63 or a role as an interface to the outside”), wherein the security server is configured to issue a command in response to receiving the indication of the security 10threat (Lee, column 2, lines 27-38, receiving information (indication) related to malicious access and the center server in response transmits ‘block relay’ and ‘start relay’ command (issue a command)  to first and second relay, respectively ), forward the received packets towards the two-way bridge while the two-way bridge is active (Lee, column 5, lines 19-22, the second relay server after receiving start relay command perform relaying between in-house computer network and external client 200) ; and forward the received 15packets towards the one-way link responsively to receiving the issued command from the security server (Lee, column 5, lines 51-55, after receiving start relay command the other relay server perform relay function). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine  Ishigaki with Lee, in order to strengthen security of the computer network by securely providing access to data and  blocking hacker from accessing data.

	Claims 5, and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Ishigaki et al. (US Publication No. 2017/0054687) in view of Lee et al. (US Patent No.9,608,973), further in view of Raleigh et al. (US Publication No. 2012/0215911).
	As per claims 5 and 10, Ishigaki in view of Lee teaches all limitations of claim as applied to claim 1 and 6 above. Ishigaki furthermore teaches, wherein the one-way link includes a transmit-end and a receive-end, the one-way link including a proxy at both the transmit-end and the receive-end (paragraph [0048], figures 1 and 2,  simplex communication line for connecting the first gateway device and the second gateway device, the first gateway device connected to the internal network and the second gateway device connected to external network), and adopting Internet Protocol (IP) addresses of the hosts so as to allow the hosts in the protected and external packet networks to use the IP addresses in network communications over the one-way-link (paragraph [0021],[0107], acquire the destination IP address of the receiving-side end device on the internal network) .  
	Ishigaki in view of Lee does not explicitly teach but in an analogous art Raleigh teaches emulating hosts in the protected and external packet network (paragraph [0264], proxy serve emulating a remote  host on one side and emulating the device on the other side of network/external packet network). 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Ishigaki and Lee with Raleigh. This would have been obvious because one of ordinary skill in the art would have been motivated to analyze the activities of the internal and external hosts in order to increase network performance.
References Cited, Not Used

	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 	Vaisband (US Publication No. 2018/0262475), discloses, systems, methods and devices for secure routing and recording of network data streams passing through a network switch. 
	Wimmer et al. (US Publication No. 2020/0120071), discloses, transmission device for feedback-free unidirectional transmission of data from a first network zone into a second network zone for evaluation at a remote application server.
Conclusion
	     Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300 Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437