DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions. 

This action is response to communication:  response to amendments/arguments filed on 02/01/2022.
Claims 1-20 are currently pending in this application.  
No new IDS has been filed for this application.

Response to Arguments

The double patenting rejections are still pending as applicants have not filed a terminal disclaimer nor have they amended to differentiate from the parent claims.  
Applicant’s arguments concerning the 103 rejections have been fully considered but are not persuasive.  
Applicants have amended the claims to include that the network socket event request is intercepted before it “reaches” a transport layer (prior claims recited the network socket even request is intercepted before it is “processed” by the transport layer.  This is the same iteration as the claim set filed previously (10/21/2019, 03/01/2021, and 08/10/2021 before the amendment filed on 02/01/2022 (changing it to “processed”).  As mentioned in the last few office actions, such limitations would have been obvious over the prior references.  
Similar to the last round of arguments, applicants argue that Warrier does not teach such limitations, and at best, teaches intercepting packets at a session layer.  Applicants argue that Warrier teaches intercepting at the session layer, and not “between” the session and trasponrt layer before it reaches the transport layer.  This is not persuasive.  In the OSI model, the transport layer and session layer are adjacent to each other.  Thus, this requires the socket to be intercepted at either the session or transport layer, depending on the implementation.  There is technically nothing “in between”, so the interception must occur at either one of the boundaries of the session or transport layer.  Applicant’s specification (see pg pub 2020/0195612) teaches two implementations.  Paragraph 15 teaches at the transport layer interface, with paragraph 16 describing examples of TDI or WFP.  TDI is located at the transport layer itself (see Wikipedia on Transport Driver Interface, which is located on the upper layer of the transport layer).  Paragraph 18 teaches an alternative implementation, which provides examples of Winsock, Winsock 2, or SPI.  Applicants now have amended the language to include that the event is intercepted before the transport layer (thus implying its intercepted at the SPI), but also argues that the TDI intercepts it (which is at the transport layer).  These amendment/arguments contradict one another and it is not clear which implementation the applications are intending to claim.  Either way, Warrier teaches the claimed limitations.  As can seen clearly in Warrier in col. 3 lines 25-30, Warrier teaches that the socket intercepter can be implemented as a Winsock layered service provider.  Thus, Warrier clearly teaches this implementation.  This language further supports the alternative embodiment that it is intercepted before it even reaches the transport layer, thus happening in the upper/lower boundary (depending on how one looks at it) of the session layer which neighbors the transport layer.  As mentioned above, Warrier teaches this via Winsock, Winsock2, or SPI.  Applicant’s arguments not persuasive and the claimed limitations are obvious over the cited art of record.  See rejection below.   
	
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-23  of US Patent No. 9,444,841 (application 13/767686) and claims 1-20 of US Patent No. 10,454,895 (application 15/262861).  Although the claims at issue are not identical, they are not patentably distinct from each other because all of the limitations of the present claims are found in the parent patent.  

Claim Rejections - 35 USC § 112
The prior 112 rejections have been withdrawn in response to applicant’s amendments and arguments. 


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1, 2, 6, 7, 10, 11, 14, 17, and 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Pham et al. US Patent Application Publication 2005/0182958 (hereinafter Pham), in view of Warrier et al. US Patent No. 7,096,495 (Warrier).

As per claim 1, Pham teaches a method for enforcing a network policy on an application executing within a first context, the method comprising: intercepting, by an agent executing in the first context, a network socket event request from the application (paragraphs 37 and 38; Figure 2, with PEM 48A and 48B intercepting requests; requests may be network socket requests as seen in paragraph 38;); sending, by the agent to a security server executing in a second context, a request for a decision on whether to allow or deny the intercepted network socket event (paragraph 38, wherein the requested operation is sent to security appliance 42 for evaluation on rule-based policies; paragraph 38, wherein the request includes authentication and authorization information derived from the application instance; see also paragraph 45 wherein access attributes may include source host computer ip address, source application instance session and process identifiers, and secure signature and file size of the source application instance); receiving, by the agent, the decision from the security server, the decision being an allowance or a denial of the network socket event request, the decision being based at least in part on the application information and a network policy (paragraph 39, 45, and throughout, wherein security appliance 42 informs PEM 48 whether to permit or deny request; decision based on information such as application ID (the source application instance session and process identifiers etc) and the network policy (based on all the rules discussed prior); based on the decision to allow the network socket event request, forwarding, by the agent, the network socket request for processing (paragraph 39, 45, and throughout with permitting the request).
Pham does not explicitly teach wherein by an agent executing within the first context, intercepting a network socket event, the intercepting between a session layer and a transport layer of a network stack of the first context, before the socket event is processed by the transport layer.  This would have been obvious though, as seen throughout Warrier (col. 3 line 15-30 with socket interceptor at the session layer component; session layer is located before the transport layer; Warrier, in the cited portion, also teaches the interceptor implemented as a Winsock LSP, which is in accordance with applicant’s spec).  Further, it is inherent that the transport layer is located between a network layer and the application (OSI model, with 7 layers; application is at the application layer; layers are 7 Application layer; 6 Presentation Layer; 5 Session layer; 4 Transport Layer; 3 Network Layer; 2 Data link Layer; and 1 Physical Layer; if a socket request is being intercepted from the application before it reaches the transport layer, the interception must happen at either the presentation layer or session layer; Warrier teaches the session layer).  Further, Warrier teaches based on the decision,  the network socket event request and forwarding, by the agent, the network socket request to the transport layer in the first context for processing (col. 3 lines 15-30 wherein socket interceptor may allow the packets to go through or drop the packets if they are not allowed; socket interceptor drops packets to and from certain applications, thus showing that certain packets may go through from an application through the OSI layer, such as from the session layer to transport layer if allowed). 
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Pham with Warrior.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by enforcing dynamic network stack reconfiguration based on policies (col. 1 lines 30-35).

As per claim 2, it would have been obvious over the Pham combination wherein the intercepting is performed by a layered service provider residing between the session layer and a base transport provider  (Warrior col. 3 lines 15-30 Winsock, which is a layered service provider between the session/transport layers; see also rejection and arguments above with between the session/transport layer).
As per claim 6, it would have been obvious over the Pham combination wherein the network event is any of: opening the network socket, closing the network socket, and listening to the network socket (Pham paragraph 64). 
As per claim 7, it would have been obvious over the Pham combination wherein the application identifier is based on at least a process identifier that identifies (i) a process creatd when an operating system loads and runs an executable file of the application, and (ii) the executable file of the application (obvious over Pham paragraph 39 with signatures of executable files; also see Pham paragraph 61)
Claim 10 is rejected using the same basis of arguments used to reject claim 1 above. 
As per claim 11, it would have been obvious over the Pham combination wherein the request for the decision further includes application information comprising one or more of the following: an identification of a user of the application, an application file name, an application executable hash, and an application identifier (Warrier col. 3 lines 15-30 with dropping packets destined to and from applications (application identifier); also dropping packets from user logins (identification of the user). 
Claim 14 is rejected using the same basis of arguments used to reject claim 6 above. 
Claim 17 is rejected using the same basis of arguments used to reject claim 1 above.  Further, Warrior teaches a firewall (col. 3 lines 60-65).
Claim 18 is rejected using the same basis of arguments used to reject claim 11 above.

Claims 3, 12, and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the Pham combination as applied above, and further in view of Wagner US Patent No. 6,085,224 (Wagner)

As per claim 3, it would have been obvious over the Pham combination wherein the sending the network socket event request from the application in the first context to the transport layer in the first context. Warrior Figure 3 shows the socket interceptor sends data to tcp/ip.  Also see col. 3 lines 30-55.  Tcp/ip is the equivalent to a transport layer; further, Warrior teaches that the socket interceptor intercepts sockets in the session layer from the application layer; thus, if a packet passes the socket interceptor, it would have been obvious, if not inherent, that the packet would pass to the lower layers (the transport layer).  However, for a further and more explicit teaching on sending packets to the transport layer, see Wagner (col. 4 lines 30-45 with an interceptor executing underneath the application level and intercepts streams before they are sent to the transport layer).
At the time of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Pham combination with Wagner.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by restricting access to resources or data (col. 4 liens 5-10). 
Claim 12 is rejected using the same basis of arguments used to reject claim 3 above. 
Claim 19 is rejected using the same basis of arguments used to reject claim 3 above. 

Claims 4 and 16 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the Pham combination as applied above, and further in view of Ma US Patent Application Publication 2014/0304763 Ma).

As per claim 4, the Pham combination does not explicitlyt each wherein the request for the decision includes application information comprising a domain of the application.  However, this would have been obvious.  Warrior already teaches filtering based on applications, the user, and the context of the data from the application (col. 3 lines 15-30).  This can be considered a “domain of the application.”  However, for a further teaching on restricting sockets based on “domains”, see Ma (paragraphs 14, 57-59, with denying socket connections based on the domain of the application/content).
At the time of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Pham combination with Ma.  One of ordinary skill in the art would have been motivated to perform such an addition to provide security when establishing secure socket connections (paragraphs 4-5 of Ma).
Claim 16 is rejected using the same basis of arguments used to reject claim 4 above. 

Claims 5 and 13 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the Pham combination as applied above, and further in view of Raleigh et al. US Patent Application Publication 2010/0198698 (Raleigh).

	As per claim 5, the Pham combination does not explication teach collecting statistics about data flow through the network socket of the first context; sending the statistics from the first context, to a data collection module that receives statistics about dta flows through multiple network sockets of multiple contexts; and generating a report of the statistics about the data flows through the multiple network sockets of the multiple contexts.  However, this would have been obvious.  Warrior already teaches providing context information from the socket, and sending the context to packet guard which creates filters and provides filtering based on rules in a policy store.  Although this context data is not explicitly “statistics of data flows”, this is equivalent and would have been obvious to one of ordinary skill in the art to include information such as statistics on data flow.  However, for a further teaching on measuring data flows in multiple contexts and generating reports, see Raleigh (paragraph 81 with flow data recods generated for different service flows such as network socket connections).
	At the time of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Pham combination with Raleigh.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by verifying that a device is within a service policy and that device based service usage reports are accurate (paragraph 81 of Raleigh).
	Claim 13 is rejected using the same basis of arguments used to reject claim 5 above. 
	 
Claims 8, 9, 15, and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the Pham combination as applied above, and further in view of Kshirsagar et al. US Patent No. 8,095,786 Kshirsagar).

	As per claim 8, as best understood by the Examiner, the Pham combination does not teach wherein a transport layer interface located between the transport layer and the application intercepts the network socket event and the transport layer interface is a Transport Driver interface.  However, this would have been obvous. For example, see Kshirsagar (claim 4).
	At the time of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Pham combination with Kshirsagar.  One of ordinary skill in the art would have been motivated to perform such an addition to provide secure communication of network traffic from specific applications operating on a client device to a server device using a network layer virtual private network (col. 2 liens 11-15 of Kshirsagar).
	As per claim 9, it would have been obvious wherein the transport layer interface is a layered service provider that allows or blocks network socket event requests and resides above a base transport provider (Warrior col. 3 lines 25-30 wherein the socket interceptor is a Winsock layered service provider and is above the tcp/ip protocol, which is a base transport provider)
Claim 15 is rejected using the same basis of arguments used to reject claim 9 above. 
Claim 20 is rejected using the same basis of arguments used to reject claim 9 above. 


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495