DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 02/22/2022 was filed before the mailing date of this office action.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 6-8, 11-14, 16-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by US-PGPUB No. 2022/0060498 A1 to Head Jr. et al. (hereinafter “Head”)
Regarding claim 1:
Head discloses: 
A method of isolating networked devices (¶22: “… a computer-implemented method … for shielding a network from malicious or unauthorized activity …”) on a local network (¶67: “… a local area network (LAN) …”, see Fig. 9 where Active Controller is connected to a LAN network) using a networked security device (¶209: “… an active monitoring device or controller 900 …”, see also Fig. 9), comprising: 
performing Internet Protocol spoofing (¶126: “One of the salient features of the present invention includes the detection of spoofing. Spoofing is normally understood to include both MAC address spoofing as well as IP address spoofing.”, ¶234: “… all spoofing is detectable by the active controller.”) in the networked security device to intercept network traffic (¶213: “… packets between any two computers or other network devices flow through the security device …”) between at least two networked devices (¶213: “… between any two computers or other network devices …”) on the same local network as the networked security device (see Fig. 9 where Active Controller is connected to a LAN network, ¶162: “… all data and device information travels through an active monitor/controller/filter device to ensure only trusted devices and trusted data are allowed on the network.”); and 
selectively blocking intercepted network traffic between the at least two networked devices (¶162: “… disconnecting communications between two devices …”) on the local network (¶162: “… the active controller of the invention is capable of disconnecting communications between two devices to thereby prevent malicious attacks, breaches, lost or stolen data, and so on.”).  
Regarding claim 2:
Head discloses:
The method of isolating networked devices on a local network using a networked security device of claim 1, wherein selectively blocking intercepted network traffic between the at least two networked devices comprises blocking traffic between an infected, insecure, or untrusted networked device and one or more other devices on the local network (¶77: “The data packets transmitted between the local devices within the switch are forced to pass through an active monitoring system such as an active controller. The active monitoring system or controller may perform functions including creating audit records and blocking or passing each packet of traffic based on security decisions.”).  
Regarding claim 3:
Head discloses:
The method of isolating networked devices on a local network using a networked security device of claim 1, further comprising identifying in the networked security device one or more networked devices that are either insecure or infected for selectively blocking intercepted networked traffic (¶234: “If a device responds to an ARP request for another device or if a device attempts to provide rogue DHCP services on a network, these are detected and blocked by the Security Device of the invention.”).  
Regarding claim 4:
Head discloses:
The method of isolating networked devices on a local network using a networked security device of claim 1, further comprising allowing networked traffic between the at least two networked devices on the local network and an external network (¶211: “… the active controller may be connected to a network device via wired connection (e.g., WAN cable) and connected to the switch via wired connection (e.g., LAN cable).”).  
Regarding claim 6:
Head discloses:
The method of isolating networked devices on a local network using a networked security device of claim 1, wherein Internet Protocol spoofing comprises at least one of Address Resolution Protocol (ARP) spoofing, Internet Control Message Protocol version 6 (ICMPv6) spoofing, and neighbor table spoofing (¶232: “… the active controller can be adapted for use with “smart ARP”, “smart DHCP”, as well as other very tightly controlled ARP (Address Resolution Protocol) for critical network devices. ARP spoofing is commonly used to compromise conventional network monitoring devices, thereby creating man-in-the-middle scenarios where all traffic is routed through the conventional monitoring device.”).  
Regarding claim 7:
Head discloses: 
The method of isolating networked devices on a local network using a networked security device of claim 6, where performing ARP spoofing comprises sending an ARP packet from the networked security device to a networked device, the ARP packet claiming the networked security device is another device on the local network (¶09: “ In the ARP spoofing solution, the one-armed bridge or equivalent device essentially races to answer all ARP questions to and from the internet gateway with “that's me” such that all local communications pass through the device.”).
Regarding claim 8:
Head discloses:
The method of isolating networked devices on a local network using a networked security device of claim 6, further comprising monitoring the local network for ARP packets (¶234: “… ARP spoofing attacks are both monitored and prevented, as well as many other attacks …”) from the at least two local network devices, and reinserting the network security device between the local network devices using ARP spoofing in response to discovering an ARP packet from one of the at least two local network devices (¶234: “If a device responds to an ARP request for another device or if a device attempts to provide rogue DHCP services on a network, these are detected and blocked by the Security Device of the invention.”).  
Regarding claim 11:
Head discloses:
A network security device (¶209: “… an active monitoring device or controller 900 … The active monitoring device may also be referred to as security device.”), comprising: 
a processor and a memory (¶212: “The security device may comprise one or more processors … an internal HBM memory system …”); 
a malware protection module (¶220: “… the Security Device … includes an active monitoring/control device …”) operable when executed on the processor to detect a threat to one or more private network devices and take one or more actions in response to detecting the threat; and 
a local network device isolation module (p152: “… an audit/control/filter/isolation device.”) operable when executed on the processor to perform Internet Protocol spoofing (¶126: “One of the salient features of the present invention includes the detection of spoofing. Spoofing is normally understood to include both MAC address spoofing as well as IP address spoofing.”, ¶234: “… all spoofing is detectable by the active controller.”) to intercept network traffic (¶213: “… packets between any two computers or other network devices flow through the security device …”)  between at least two networked devices (¶213: “… between any two computers or other network devices …”) on the same local network as the networked security device (see Fig. 9 where Active Controller is connected to a LAN network, ¶162: “… all data and device information travels through an active monitor/controller/filter device to ensure only trusted devices and trusted data are allowed on the network.”), and to selectively block intercepted network traffic (¶162: “… disconnecting communications …”) between the at least two networked devices (¶162: “… disconnecting communications between two devices …”) on the local network (¶162: “… the active controller of the invention is capable of disconnecting communications between two devices to thereby prevent malicious attacks, breaches, lost or stolen data, and so on.”).
Regarding claims 12-14, and 16-18:
Claims 12-14 and 16-18 substantially recite the same limitations as claims 2-4, and 6-8, respectively, in the form of a network security device realizing the corresponding method, therefore they are rejected by the same rationale.
Regarding claim 19:
Head discloses:
A method of isolating networked devices (¶22: “… a computer-implemented method … for shielding a network from malicious or unauthorized activity …”) on a local network (¶67: “… a local area network (LAN) …”, ¶210: “… LAN connections …”, see Fig. 9 where Active Controller is connected to a LAN network) using a networked security device (¶209: “… an active monitoring device or controller 900 …”, see also Fig. 9), comprising: 
performing Address Resolution Protocol (ARP) spoofing (¶126: “One of the salient features of the present invention includes the detection of spoofing. Spoofing is normally understood to include both MAC address spoofing as well as IP address spoofing.”, ¶234: “… all spoofing is detectable by the active controller.”) in the networked security device to intercept network traffic (¶234: “ If a device responds to an ARP request for another device or if a device attempts to provide rogue DHCP services on a network, these are detected and blocked by the Security Device of the invention.”) between at least a first networked (¶234: “… a device …”) device and other network devices (¶234: “… another device …”) on the same local network (¶234: “… on a network …”) as the networked security device (see Fig. 9 where Active Controller is connected to a LAN network, ¶162: “… all data and device information travels through an active monitor/controller/filter device to ensure only trusted devices and trusted data are allowed on the network.”); 
selectively blocking intercepted network traffic (¶162: “… disconnecting communications …”) between the first networked device and the other network devices (¶213: “… between any two computers or other network devices …”) on the same local network (¶162: “… the active controller of the invention is capable of disconnecting communications between two devices to thereby prevent malicious attacks, breaches, lost or stolen data, and so on.”) based on a determination that the first networked device is insecure, infected, or untrusted (¶161: “… disconnect the devices in the event it is determined at least one of the devices has been compromised, is a bad actor, attempted spoofing, and so on …”); and
 allowing network traffic between the at least two networked devices and an external network (¶211: “… WAN …”) (¶211: “The active controller may have two physical Ethernet ports designated WAN and LAN to denote inbound and outbound directionality, … the WAN side is placed toward the firewall with Internet access, and the LAN side is placed toward the rest of the internal network. As an example, the active controller may be connected to a network device via wired connection (e.g., WAN cable) and connected to the switch via wired connection (e.g., LAN cable).”).
Regarding claim 20:
Head discloses:
The method of isolating networked devices on a local network using a networked security device of claim 19, wherein the networked security device is further operable to make the determination that the first networked device is insecure, infected, or untrusted (¶161: “… enabling monitoring of all data inside an enclave by one or more central monitor(s)/controller(s) at all times to immediately disconnect the devices in the event it is determined at least one of the devices has been compromised, is a bad actor, attempted spoofing, and so on …”), and wherein the external network is the Internet (¶51: “FIG. 11 is a schematic diagram showing a TCP data stream between the internet and a device”, ¶99: “… the present invention implements security isolation based on detection of …  connections to external networks and devices …”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Head and further in view of US-PGPUB No. 2021/0051180 A1 to Barnett
Regarding claim 5:
Head discloses the method of isolating networked devices on a local network using a networked security device of claim 1, but does not disclose the following limitation taught by Barnett:
wherein selectively blocking intercepted network traffic between the at least two networked devices on the local network comprises using iptables or ip6tables rules to selectively block traffic (Barnett, ¶19: “… the in home network device can include a blocking stack that includes iptables functioning as an operating system netfilter that can block and/or route Internet traffic …”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Head to incorporate the functionality of the in home network device to include a blocking stack that includes iptables to block or route internet traffic, as disclosed by Barnett, such modification would provide the system to manage network traffic security by analyzing and matching bad IPV4 and IPV6 addresses, and bad Geo locations in the iptables to the incoming network traffic, and blocking the traffic if the iptables determine that the traffic matches any of the filters. 
Regarding claim 15:
Claim 15 substantially recites the same limitation as claim 5, in the form of a network security device realizing the corresponding method, therefore it is rejected by the same rationale.
Claims 9 is rejected under 35 U.S.C. 103 as being unpatentable over Head and further in view of US-PGPUB No. 2010/0241744 A1 to Fujiwara 
Regarding claim 9:
Head discloses the method of isolating networked devices on a local network using a networked security device of claim 8, but does not disclose the following limitation taught by Fujiwara:
wherein reinserting the network security device between the at least two local network devices comprises delaying at least five milliseconds between discovering an ARP packet from the one of the at least two local network devices and sending ARP packets to reinsert the network security device between the at least two local network devices (Fujiwara, ¶147: “After a specific length of time (e.g., 5 seconds) has passed since the monitoring unit 101 received the ARP request packet from the unregistered computer 103 (S21B), the monitoring unit 101 unitcasts a spoofed ARP reply packet where the MAC address of the registered computer 102 is spoofed as MAC3 (the fictitious MAC address) (S25). … This makes it possible to block the transmission of packets from the unregistered computer 103 to the registered computer 102.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Head to incorporate the functionality of the monitoring unit to delay replying to ARP requests for a length of time (e.g. 5 seconds), as disclosed by Fujiwara, such modification would allow the system to provide sufficient time so that the client device's ARP packet exchange is complete before it re-spoofs the client device by sending its own ARP packets.
Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Head and further in view of USPAT No. 7,945,656 B1 to Remaker 
Regarding claim 10:
Head discloses the method of isolating networked devices on a local network using a networked security device of claim 8, but does not disclose the following limitation taught by Remaker:
wherein reinserting the network security device between the at least two local network devices comprises sending ARP packets to reinsert the network security device between the at least two local network devices multiple times over the first five seconds after discovering the ARP packet from one of the at least two local network devices (Remaker, col 4, lines 23-26: “…  ARP requests are often sent in rapid succession, such as once every two seconds during a ten second interval, to rule out network congestion as a reason for non-reply.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Head to incorporate the functionality of the routing device to send ARP requests in rapid succession, as disclosed by Remaker, such modification would allow the system to rule out network congestion as a reason for non-reply, and to reduce the chances of the unspoofed client device communicating a significant amount of network traffic directly with the router/gateway rather than through the network security.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Keeni (US-PGPUB No. 2010/0242084-A1)- disclosed a network security monitoring apparatus and a network security monitoring system manages "permitted" or "not permitted" communication between nodes based on an access policy.
Smith (US-PGPUB No -2020/0112544-A1)- disclosed systems and methods for blocking spoofed traffic within communications networks include obtaining, at a computing system, routing information for an autonomous system of a communications network, the routing information identifying Internet Protocol (IP) addresses associated with the autonomous system.
Porras et al. (US-PGPUB No. 2021/0211408-A1)- disclosed a method for providing security for a container network having a plurality of containers includes establishing a network stack for each of the plurality of containers of the container network, determining network and policy information from active containers.
Alpert et al. (USPAT No. 10,257,295-B1)- disclosed a system to detect Internet activity from a client device that indicates that the client device may be infected with malware, and in response, provide an alert to a user. The system may monitor Internet activity over a local subnetwork using an Internet activity monitoring sensor.
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.H./Examiner, Art Unit 2491                                                                                                                                                                                                        



/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491