DETAILED ACTION
Claims 1-20 are presented for examination.
Claims 1 and 10 are amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The amendment to the Specification were received on 08/04/2022.  The Specification is acceptable.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1 and 10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant's arguments filed 08/04/2022 have been fully considered but they are not persuasive. The reasons set forth below.
The Applicant argues:
(1)	Belimpasakis, Lauer, and Ding all fail to teach or suggest a container or a virtual environment of any kind, [Remarks, pages 12-13].
The Examiner respectfully disagrees with these arguments.

As per the first argument
As indicated in the previous rejection and below, Belimpasakis discloses a first container including a first network map identifying network addresses for network components of at least a first portion of the network [paragraphs 0032, 0035, 0038, 0052, 0055, 0056, 0086, a first container (e.g., predetermined mappings 844) including a first network map identifying network addresses for network components of at least a first portion of the network (create and maintain mappings between Internet Protocol (IP) addresses and ports of networks)]; a second container including a second network map identifying network addresses for network components of at least a second portion of the network, the second network map being different from the first network map [paragraphs 0020, 0032, 0038, 0052, 0054, 0068, 0081, 0086, a second container (e.g., mapping module 840) including a second network map identifying network addresses for network components of at least a second portion of the network, the second network map being different from the first network map (determine port mappings of the gateway; use of alternate port mappings)].
  
Regarding a first container including a first network map and a second container including a second network map, Belimpasakis discloses in paragraphs 0074, 0075, 0085, and 0086.

[0074] The mobile computing arrangement 700 includes hardware and software components coupled to the processing/control unit 702 for performing network data exchanges. The mobile computing arrangement 700 may include multiple network interfaces for maintaining any combination of wired or wireless data connections. In particular, the illustrated mobile computing arrangement 700 is shown with wireless network circuitry …. 

[0075] …. The network 716 typically provides access to traditional landline data infrastructures, including IP networks such as the Internet. The mobile computing arrangement 700 may also include an alternate network/data interface 718 capable of accessing one or both of the networks 716, 717. The alternate data interface 718 may incorporate combinations of I/O and network standards …. 

[0085] The computing arrangement 801 may be coupled to other computing devices via networks. In particular, the computing arrangement includes network interfaces 824, 826 capable of interacting with respective local "private" networks 828 and external "public" networks 830. The network interfaces 824, 826 may include a combination of hardware and software components, including media access circuitry, drivers, programs, and protocol modules. Ultimately, the computing arrangement 801 may be configured to allow network services 832 of the private network 828 to be accessed by client device 834 when the client device 834 is coupled to the external networks 830. 

[0086] …. The port mapping module 840 may provide other features besides basic port mapping, such as NAT translation, authentication of the accessing client terminal 834, end-to-end data encryption between the public interface 826 and the terminal 834, remote enabling/disabling of the port mapping, etc. While on the private network 828, the client terminal 834 may also determine various parameters related to the port mapping module 840 by way of a remote access configuration module 842. The configuration module 842 may communicate data to the client terminal 834 that enables the terminal 834 to determine whether or not the current network is private 828 or public 830, discover predetermined mappings 844 used by the mapping module 840, receive/set authentication data 846, etc. Authentication data 846 may be used by both client 834 and gateway 800 for remote access, remote port mapping management, data encryption, etc. 


In other words, Belimpasakis discloses containers including network mapping are configured to act as a network input/output interface.

Therefore, given that Belimpasakis discloses containers including network mapping are configured to act as a network input/output interface, then Belimpasakis clearly discloses a first container including a first network map and a second container including a second network map.

Applicant specification discloses 
[0081] Wireless network-access device 430 communicates with network input/output interface 424 through an obfuscating module 510. More specifically, all communication between wireless network-access device 430 and network input/output interface 424 is conducted through a virtual container 516 on the obfuscating module. Virtual container 516 is configured to act as a network input/output interface, and may be described as performing some or all functions of a router, gateway, and/or proxy server.

[0082] Obfuscating module 510 can take the form of a separate hardware module such as data processing system 200 described above, or a software module run on hardware of network input/output interface 424, ….. Processor 514 is in direct communication with network input/output interface 424, separate from virtual container 516. Virtual container 516 may be described as a virtual software environment executed by processor 514, using storage area 512. References herein to virtual container 516 and/or other virtual containers may be understood to encompass software and/or processes executed within the virtual software environment.

This is similar to the Prior Art Belimpasakis which discloses containers including network mapping are configured to act as a network input/output interface.

Regarding the dependent claims 16-20, Applicant has not made specific arguments pertaining to why the cited references do not teach the recited claims. Without such arguments, the Examiner cannot respond and is not persuaded by such argument.

In view of above, it is clear that the system/methods of the cited art disclose the claimed invention.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5-11, and 15-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Belimpasakis, U.S. Publication No, 2009/0129301, in view of Lauer et al., (hereinafter Lauer), U.S. Publication No. 2009/0010200, and in further view of O’Connor et al., (hereinafter O’Connor), U.S. Publication No. 2013/0232565. 

As per claim 1, Belimpasakis discloses a method of mapping of a network [paragraphs 0015, 0016, 0031, a method of obfuscating mapping of a network (method that allows mapping of connections)] comprising: 
operatively coupling a network module [fig. 1, paragraphs 0048, 0049, a network module (gateway 102)] between an external-access node [fig. 1, 8, paragraphs 0048, 0053, an external-access node (an external client (device 103A))] and an bus [fig. 1, 3, paragraphs 0047, 0050, an bus (network communications framework; channels/connections)] of the network with all communications between the external-access node and the bus passing through the network module [fig. 1, 3, 8, paragraphs 0048-0050, 0053, operatively coupling a network module between an external-access node and an bus of the network with all communications between the external-access node and the bus passing through the network module (mobile device 103A may use the gateway 102 as a route to access the services provided by devices 101 of the local network)]; 
generating a first network map identifying network addresses for a set of components on at least a portion of the bus [paragraphs 0035, 0052, 0055, 0056, 0086, generating a first network map identifying network addresses for a set of components on at least a portion of the bus (gateway includes a network address translation gateway, and the second network parameters include an IP address and port mapping usable by the network address translation gateway)]; 
loading the first network map on the network module [fig. 1, 8, paragraphs 0012, 0055, 0086, loading the first network map on the network module (predetermined mappings 844 used by the mapping module 840, stored inside the gateway 800 for remote access, remote port mapping management, data encryption)]; 
making the first network map on the network module accessible to the external- access node [fig. 7, paragraphs 0014, 0056, 0057, 0081, making the first network map on the network module accessible to the external- access node (device and gateway may communicate the mappings; the port mapping data to be communicated to the mobile device)]; 
generating at least a second network map identifying network addresses for the set of components, the second network map being different from the first network map [paragraphs 0020, 0038, 0052, 0054,  0068, 0081, 0086, generating at least a second network map identifying network addresses for the set of components, the second network map being different from the first network map (determine port mappings of the gateway)], 
loading the second network map on the network module [fig. 1, 8, paragraphs 0068, 0086, loading the second network map on the network module (mappings 844, current and additional mappings)]; and 
changing the network map accessible to the external-access node from the first network map to the second network map [paragraphs 0054, 0056, 0063, changing the network map accessible to the external-access node from the first network map to the second network map (switch/modify; alternate parameters in the stored port mappings obtained from the gateway)].
Belimpasakis discloses devices connected to the network module (gateway device 102) including devices to easily interoperate, including a home, office, hotel room, automobile, airplane, etc., [paragraph 0041]. Belimpasakis does not explicitly disclose a method of obfuscating mapping of an avionic network, comprising: operatively coupling a network module between an external-access node and an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the network module.
However, Lauer discloses a method of obfuscating mapping of an avionic network [fig. 1, claim 8, paragraphs 0037, 0116, a method of obfuscating mapping of an avionic network a method of obfuscating mapping of an avionic network (a passenger wireless device (in a avionic network) where each electronic device must be identified, authenticated, and authorized to receive service)], comprising: operatively coupling a network module [fig. 2, paragraphs 0020, 0032, a network module (Air Subsystem)] between an external-access node and an avionics bus of the avionic network [fig. 1, paragraphs 0006, avionic network (aircraft network)] with all communications between the external-access node and the avionics bus passing through the network module [fig. 1, 2, 7, 8, paragraphs 0029, 0032, operatively coupling a network module between an external-access node and an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the network module (Air Subsystem 3 located within the aircraft 200 which serves to communicate with the plurality of passenger wireless devices 221-224 located within the aircraft; communications between the passenger wireless devices located in an aircraft and the Ground Subsystem 1 of the ground-based communication network are transported via the Air Subsystem 3)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the method described in Belimpasakis by including an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the network module as taught by Lauer because it would provide the Belimpasakis' method with the enhanced capability of providing an enhanced experience to passengers [Lauer, paragraphs 0027, 0029].
The modified Belimpasakis does not explicitly disclose disrupting any reconnaissance of the avionic network by changing the network map.
However, O’Connor teaches disrupting any reconnaissance of the avionic network by changing the network map [paragraphs 0005, 0012, 0045, 0046, 0071, disrupting any reconnaissance of the avionic network by changing the network map (map of the network nodes with at least one security constraint to determine which of the available network nodes are qualified network nodes)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the method described in the modified Belimpasakis by disrupting any reconnaissance of the avionic network by changing the network map as taught by O’Connor because it would provide the modified Belimpasakis' method with the enhanced capability of improving the efficiency of ad-hoc networks [O’Connor, paragraphs 0003, 0040, 0041].

As per claim 2, Belimpasakis discloses the method of claim 1, further comprising: 
generating at least first and second virtual environments [Abstract, paragraphs 0015, 0052, 0088, generating at least first and second virtual environments (first and second network parameters; determine port mappings 122 of the gateway 102)]; 
storing the first network map in the first virtual environment; and storing the second network map in the second virtual environment [fig. 8, paragraphs 0012, 0015, 0052, 0088, storing the first network map in the first virtual environment; and storing the second network map in the second virtual environment (storing the first and second network parameters)]; and 
wherein loading the first network map on the network module includes loading the first virtual environment storing the first network map on the network module, and loading the second network map on the network module includes loading the second virtual environment storing the second network map on the network module [fig. 8, claim 17, paragraphs 0012, 0015, 0052, 0088, wherein loading the first network map on the network module includes loading the first virtual environment storing the first network map on the network module, and loading the second network map on the network module includes loading the second virtual environment storing the second network map on the network module (determine first network parameters that enable the mobile terminal utilize to a computing service of the network; determine, via the gateway, second network parameters that allow the mobile terminal to utilize the computing service via the network)].

As per claim 5, Belimpasakis discloses the method of claim 1, 
wherein changing the network map accessible to the external-access node includes changing the network map accessible to the external- access node in response to meeting at least a first predetermined criterion [paragraphs 0013, 0050, 0080, 0086, 0088, wherein changing the network map accessible to the external-access node includes changing the network map accessible to the external- access node in response to meeting at least a first predetermined criterion (communications can use multiple predetermined port mappings on the gateway 102 to achieve the communications, assuming that the particular necessary ports)].

As per claim 6, Belimpasakis discloses the method of claim 5, 
wherein the at least a first predetermined criterion for changing the network map accessible to the external-access node includes a fixed basis for changing the network map accessible to the external-access node [paragraphs 0014, 0017, 0052, 0080, wherein the at least a first predetermined criterion for changing the network map accessible to the external-access node includes a fixed basis for changing the network map accessible to the external-access node (automatically enable the mappings, either while the device 103 is in the local region; detection settings 740 may include a number of network parameters to be analyzed to increase the accuracy of the detection)].

As per claim 7, the modified Belimpasakis discloses the method of claim 6, 
wherein the fixed basis is a predetermined geographical location of an aircraft [paragraphs 0014, 0017, 0052, 0080, wherein the fixed basis is a predetermined geographical location of an aircraft (determining a location of the apparatus)].

As per claim 8, Belimpasakis discloses the method of claim 5, 
wherein the at least a first predetermined criterion for changing the network map accessible to the external-access node includes a randomized basis for changing the network maps accessible to the external-access node [paragraphs 0008, 0052, 0061, 0064, 0080, wherein the at least a first predetermined criterion for changing the network map accessible to the external-access node includes a randomized basis for changing the network maps accessible to the external-access node (enabling of the mappings 122 may occur automatically (e.g., based on time of day))].

As per claim 9, Belimpasakis discloses the method of claim 8, 
wherein the randomized basis includes a varying time period [paragraphs 0008, 0052, 0061, 0064, 0080, wherein the randomized basis includes a varying time period (enabling of the mappings 122 may occur automatically (e.g., based on time of day))].

As per claim 10, Belimpasakis discloses a network module for mapping of an network [paragraphs 0015, 0016, 0031, a network module for mapping of an network (gateway that allows mapping of connections)], wherein the network module [fig. 1, paragraphs 0048, 0049, a network module (gateway 102)] is operatively coupled to the network and configured to: 
be operatively interposed between an bus [fig. 1, 3, paragraphs 0047, 0050, an bus (network communications framework; channels/connections)] of the network and an external-access node [fig. 1, 8, paragraphs 0048, 0053, an external-access node (an external client (device 103A))] with all communications between the external- access node and the bus passing through the network module [fig. 1, 3, 8, paragraphs 0048-0050, 0053, be operatively interposed between an bus of the network and an external-access node with all communications between the external- access node and the bus passing through the network module (mobile device 103A may use the gateway 102 as a route to access the services provided by devices 101 of the local network); 
generate a first one-to-one network map identifying network addresses for a first set of components on at least a first portion of the network [paragraphs 0035, 0052, 0055, 0056, 0086, generate a first one-to-one network map identifying network addresses for a first set of components on at least a first portion of the network (gateway includes a network address translation gateway, and the second network parameters include an IP address and port mapping usable by the network address translation gateway)]; 
make the first network map on the network module accessible to the external-access node [fig. 7, paragraphs 0014, 0056, 0057, 0081, make the first network map on the network module accessible to the external-access node (device and gateway may communicate the mappings; the port mapping data to be communicated to the mobile device)]; 
generate a second one-to-one network map identifying network addresses for a second set of components on at least a second portion of the network, the second network map being different from the first network map [paragraphs 0020, 0038, 0052, 0054,  0068, 0081, 0086, generate a second one-to-one network map identifying network addresses for a second set of components on at least a second portion of the network, the second network map being different from the first network map (determine port mappings of the gateway)]; and 
change the network map accessible to the external-access node from the first network map to the second network map [paragraphs 0054, 0056, 0063, changing the network map accessible to the external-access node from the first network map to the second network map (switch/modify; alternate parameters in the stored port mappings obtained from the gateway)].
Belimpasakis discloses devices connected to the network module (gateway device 102) including devices to easily interoperate, including a home, office, hotel room, automobile, airplane, etc., [paragraph 0041]. Belimpasakis does not explicitly disclose a network module for obfuscating mapping of an avionic network, wherein the network module is operatively coupled to the avionic network and configured to: be operatively interposed between an avionics bus of the avionic network and an external-access node with all communications between the external- access node and the avionics bus passing through the network module
However, Lauer discloses a network module for obfuscating mapping of an avionic network [fig. 1, claim 8, paragraphs 0037, 0116, a network module for obfuscating mapping of an avionic network (a passenger wireless device (in a avionic network) where each electronic device must be identified, authenticated, and authorized to receive service)], wherein the network module [fig. 2, paragraphs 0020, 0032, a network module (Air Subsystem)] is operatively coupled to the avionic network [fig. 1, paragraphs 0006, avionic network (aircraft network)] and configured to: be operatively interposed between an avionics bus of the avionic network and an external-access node with all communications between the external-access node and the avionics bus passing through the network module [fig. 1, 2, 7, 8, paragraphs 0029, 0032, wherein the network module is operatively coupled to the avionic network and configured to: be operatively interposed between an avionics bus of the avionic network and an external-access node with all communications between the external-access node and the avionics bus passing through the network module (Air Subsystem 3 located within the aircraft 200 which serves to communicate with the plurality of passenger wireless devices 221-224 located within the aircraft; communications between the passenger wireless devices located in an aircraft and the Ground Subsystem 1 of the ground-based communication network are transported via the Air Subsystem 3)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the module described in Belimpasakis by including an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the network module as taught by Lauer because it would provide the Belimpasakis' module with the enhanced capability of providing an enhanced experience to passengers [Lauer, paragraphs 0027, 0029].
The modified Belimpasakis does not explicitly disclose disrupting any reconnaissance of the avionic network by changing the network map.
However, O’Connor teaches identifying substitute local network IP addresses [paragraphs 0005, 0012, 0045, 0046, 0071, identifying substitute local network IP addresses (identifiers may be spoofed or obfuscated)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the module described in the modified Belimpasakis by identifying substitute local network IP addresses as taught by O’Connor because it would provide the modified Belimpasakis' module with the enhanced capability of improving the efficiency of ad-hoc networks [O’Connor, paragraphs 0003, 0040, 0041].

As per claim 11, Belimpasakis discloses the network module of claim 10, wherein the network module is configured to: 
generate at least first and second virtual environments [Abstract, paragraphs 0015, 0052, 0088, generating at least first and second virtual environments (first and second network parameters; determine port mappings 122 of the gateway 102)]; 
store the first network map in the first virtual environment; store the second network map in the second virtual environment [fig. 8, paragraphs 0012, 0015, 0052, 0088, storing the first network map in the first virtual environment; and storing the second network map in the second virtual environment (storing the first and second network parameters)]; and
make the first virtual environment accessible to the external-access node; and change the virtual environment accessible to the external-access node from the first virtual environment to the second virtual environment [fig. 8, claim 17, paragraphs 0012, 0015, 0052, 0088, make the first virtual environment accessible to the external-access node; and change the virtual environment accessible to the external-access node from the first virtual environment to the second virtual environment (determine first network parameters that enable the mobile terminal utilize to a computing service of the network; determine, via the gateway, second network parameters that allow the mobile terminal to utilize the computing service via the network)].

As per claim 15, Belimpasakis discloses a system for network mapping of an network of an aircraft [paragraphs 0015, 0016, 0031, a method of obfuscating mapping of a network (method that allows mapping of connections)], comprising: 
a first container including a first network map identifying network addresses for network components of at least a first portion of the network [paragraphs 0032, 0035, 0038, 0052, 0055, 0056, 0086, a first container (e.g., predetermined mappings 844) including a first network map identifying network addresses for network components of at least a first portion of the network (create and maintain mappings between Internet Protocol (IP) addresses and ports of networks)]; 
a second container including a second network map identifying network addresses for network components of at least a second portion of the network, the second network map being different from the first network map [paragraphs 0020, 0032, 0038, 0052, 0054,  0068, 0081, 0086, a second container (e.g., mapping module 840) including a second network map identifying network addresses for network components of at least a second portion of the network, the second network map being different from the first network map (determine port mappings of the gateway; use of alternate port mappings)]; and 
a switching device [fig. 1, paragraphs 0048, 0049, a switching device (gateway 102)] configured to interpose the first container between an bus [fig. 1, 3, paragraphs 0047, 0050, an bus (network communications framework; channels/connections)] of the network and an external-access node [fig. 1, 8, paragraphs 0048, 0053, an external-access node (an external client (device 103A))], and in response to at least a first criterion, replacing the first container with the second container interposed between the bus and the external-access node for changing the network map accessible to the external-access node from the first network map to the second network map [paragraphs 0054, 0056, 0063, replacing the first container with the second container interposed between the bus and the external-access node for changing the network map accessible to the external-access node from the first network map to the second network (switch/modify; alternate parameters in the stored port mappings obtained from the gateway)].
Belimpasakis discloses devices connected to the network module (gateway device 102) including devices to easily interoperate, including a home, office, hotel room, automobile, airplane, etc., [paragraph 0041]. Belimpasakis does not explicitly disclose a system of obfuscating mapping of an avionic network of an aircraft, comprising: a switching device configured to interpose the first container between an avionics bus of the avionic network and an external-access node.
However, Lauer discloses a system of obfuscating mapping of an avionic network of an aircraft [fig. 1, claim 8, paragraphs 0037, 0116, a system of obfuscating mapping of an avionic network of an aircraft (a passenger wireless device (in a avionic network) where each electronic device must be identified, authenticated, and authorized to receive service)], comprising: a switching device [fig. 2, paragraphs 0020, 0032, a switching device (Air Subsystem)] configured to interpose the first container between an avionics bus of the avionic network and an external-access node [fig. 1, 2, 7, 8, paragraphs 0029, 0032, configured to interpose the first container between an avionics bus of the avionic network and an external-access node (Air Subsystem 3 located within the aircraft 200 which serves to communicate with the plurality of passenger wireless devices 221-224 located within the aircraft; communications between the passenger wireless devices located in an aircraft and the Ground Subsystem 1 of the ground-based communication network are transported via the Air Subsystem 3)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the system described in Belimpasakis by including an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the switching device as taught by Lauer because it would provide the Belimpasakis' system with the enhanced capability of providing an enhanced experience to passengers [Lauer, paragraphs 0027, 0029].

As per claim 16, Belimpasakis discloses the system of claim 15, Belimpasakis does not explicitly disclose wherein the switching device has a first mode of operating and a second mode of operating different than the first mode, the first and second modes being configured to provide different levels of security.
However, Lauer discloses wherein the switching device has a first mode of operating and a second mode of operating different than the first mode, the first and second modes being configured to provide different levels of security [fig. 5, paragraphs 0067, 0103, 0110-0114, wherein the switching device has a first mode of operating and a second mode of operating different than the first mode, the first and second modes being configured to provide different levels of security (perform packet routing via secure tunnels; establish 3 different tunnels/flow Low priority; Medium priority; High priority)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the system described in Belimpasakis by including an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the switching device as taught by Lauer because it would provide the Belimpasakis' system with the enhanced capability of providing an enhanced experience to passengers [Lauer, paragraphs 0027, 0029].

As per claim 17, Belimpasakis discloses the system of claim 15, 
wherein the system includes a container manager operating on a host machine and running the first and second containers [fig. 1, 3, 8, paragraphs 0038, 0084, 0086, wherein the system includes a container manager operating on a host machine and running the first and second containers (computing arrangement 801 may include one or more data storage devices; switch/modify; alternate parameters in the stored port mappings obtained from the gateway)].

As per claim 18, Belimpasakis discloses the system of claim 17, 
wherein the host machine has a secure partition including the switching device and an external partition including the container manager [fig. 1, 3, 8, paragraphs 0006, 0031, 0035, 0038, 0051, 0071, 0081, 0084, 0086, wherein the host machine has a secure partition including the switching device and an external partition including the container manager].

As per claim 19, Belimpasakis discloses the system of claim 15, 
wherein each container is configured as a network gateway [fig. 1, 8, paragraphs 0035, 0041, 0049, 0081, 0083, wherein each container is configured as a network gateway (e.g. gateway 102)].

As per claim 20, Belimpasakis discloses the system of claim 15, further comprising
a randomization engine configured to generate the first and second network maps [fig. 1, 8, paragraphs 0038, 0054, 0059, 0068, 0086, a randomization engine configured to generate the first and second network maps (current/alternate port mapping)].

Claims 3, 4, and 12-14 is/are rejected under 35 U.S.0086, C. 103 as being unpatentable over Belimpasakis, in view of Lauer, in view of O’Connor, and in further view of Ding et al., (hereinafter Ding), U.S. Publication No. 2019/0036882.

As per claim 3, Belimpasakis discloses the method of claim 2, Belimpasakis does not explicitly discloses the further comprising limiting communication between the avionics bus and the external-access node to communication through the first virtual environment.
However, Ding discloses limiting communication between the avionics bus and the external-access node to communication through the first virtual environment [paragraphs 0042-0044, 0069, 0105, limiting communication between the avionics bus and the external-access node to communication through the first virtual environment (generation of firewall, or filtering, controls to filter network traffic)]
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the method described in Belimpasakis by limiting communication between the avionics bus and the external-access node as taught by Ding because it would provide the Belimpasakis’ method with the enhanced capability of securing, limiting and/or engineering traffic in a network [Ding, paragraphs 0042, 0053].

As per claim 4, Belimpasakis discloses the method of claim 3, wherein changing the network map accessible to the external-access node from the first network map to the second network map includes establishing communication of the external-access node with the second virtual environment [paragraphs 0020, 0038, 0052, 0054, 0056, 0063, 0068, 0081, 0086, wherein changing the network map accessible to the external-access node from the first network map to the second network map includes establishing communication of the external-access node with the second virtual environment (switch/modify; alternate parameters in the stored port mappings obtained from the gateway)]. Belimpasakis does not explicitly discloses removing communication of the external-access node with the first virtual environment.
However, Ding discloses wherein changing the network map accessible to the external-access node from the first network map to the second network map includes removing communication of the external-access node with the first virtual environment [paragraphs 0042-0044, 0069, 0105, removing communication of the external-access node with the first virtual environment (generation of firewall, or filtering, controls to filter network traffic)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the method described in Belimpasakis by removing communication of the external-access node with the first virtual environment as taught by Ding because it would provide the Belimpasakis’ method with the enhanced capability of securing, limiting and/or engineering traffic in a network [Ding, paragraphs 0042, 0053].

As per claim 12, Belimpasakis discloses the network module of claim 11, comprising a first partition and a second partition, wherein: 
the first partition is operatively coupled to the network and configured to generate the at least first and second virtual environments, to load the first virtual environment storing the first network map onto the second partition, and the second partition is configured to be operatively interposed between the bus and the external node [fig. 1, 3, paragraphs 0041, 0046, 0053, 0058, 0088, the first partition is operatively coupled to the network and configured to generate the at least first and second virtual environments, to load the first virtual environment storing the first network map onto the second partition, and the second partition is configured to be operatively interposed between the bus and the external node (region 118 may include any space where a user would like devices to easily interoperate, including a home, office, hotel room, automobile, airplane, boat, public wireless hotspot; automatically enable the mappings 122, either while the device 103 is in the local region 118)].
Belimpasakis does not explicitly discloses the further comprising not conduct communication between the avionics bus and the external-access node.
However, Ding discloses not conduct communication between the avionics bus and the external-access node [paragraphs 0042-0044, 0069, 0105, not conduct communication between the avionics bus and the external-access node (generation of firewall, or filtering, controls to filter network traffic)]
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the module described in Belimpasakis by limiting communication between the avionics bus and the external-access node as taught by Ding because it would provide the Belimpasakis’ module with the enhanced capability of securing, limiting and/or engineering traffic in a network [Ding, paragraphs 0042, 0053].

As per claim 13, Belimpasakis discloses the network module of claim 11, comprising 
a first partition and a second partition, wherein the first partition is operatively coupled to the network and configured to load the first virtual environment storing the first network map from the first partition onto the second partition, the second partition is configured to be operatively interposed between the bus and the external node [fig. 1, 3, paragraphs 0041, 0046, 0053, 0058, 0088, a first partition and a second partition, wherein the first partition is operatively coupled to the network and configured to load the first virtual environment storing the first network map from the first partition onto the second partition, the second partition is configured to be operatively interposed between the bus and the external node (region 118 may include any space where a user would like devices to easily interoperate, including a home, office, hotel room, automobile, airplane, boat, public wireless hotspot; automatically enable the mappings 122, either while the device 103 is in the local region 118)], 
Belimpasakis does not explicitly disclose an avionic network, wherein the network module is operatively coupled to the avionic network and configured to: be operatively interposed between an avionics bus of the avionic network and an external-access node 
However, Lauer discloses an avionic network [fig. 1, claim 8, paragraphs 0037, 0116, an avionic network (a passenger wireless device (in a avionic network) where each electronic device must be identified, authenticated, and authorized to receive service)], wherein the network module [fig. 2, paragraphs 0020, 0032, a network module (Air Subsystem)] is operatively coupled to the avionic network [fig. 1, paragraphs 0006, avionic network (aircraft network)] and configured to: be operatively interposed between an avionics bus of the avionic network and an external-access node [fig. 1, 2, 7, 8, paragraphs 0029, 0032, wherein the network module is operatively coupled to the avionic network and configured to: be operatively interposed between an avionics bus of the avionic network and an external-access node (Air Subsystem 3 located within the aircraft 200 which serves to communicate with the plurality of passenger wireless devices 221-224 located within the aircraft; communications between the passenger wireless devices located in an aircraft and the Ground Subsystem 1 of the ground-based communication network are transported via the Air Subsystem 3)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the module described in Belimpasakis by including an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the network module as taught by Lauer because it would provide the Belimpasakis' module with the enhanced capability of providing an enhanced experience to passengers [Lauer, paragraphs 0027, 0029].
Belimpasakis does not explicitly discloses the further comprising restrict data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition.
However, Ding discloses restrict data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition [fig. 1, paragraphs 0042-0044, 0069, 0105, restrict data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition (generation of firewall, or filtering, controls to filter network traffic)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the module described in Belimpasakis by limiting communication between the avionics bus and the external-access node as taught by Ding because it would provide the Belimpasakis’ module with the enhanced capability of securing, limiting and/or engineering traffic in a network [Ding, paragraphs 0042, 0053].

As per claim 14, Belimpasakis discloses the network module of claim 13, Belimpasakis does not explicitly disclose further comprising a data diode restricting data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition.
However, Ding discloses a data diode restricting data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition [fig. 1, paragraphs 0042-0044, 0060, 0069, 0105, a data diode restricting data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition (generation of firewall, or filtering, controls to filter network traffic; network security rules generator 114 receives the extracted and characterized groups of network flows and generates network security rules based on those network flows)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to improve upon the module described in Belimpasakis by limiting communication between the avionics bus and the external-access node as taught by Ding because it would provide the Belimpasakis’ module with the enhanced capability of securing, limiting and/or engineering traffic in a network [Ding, paragraphs 0042, 0053].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Buga et al., U.S. Publication No. 2012/0030717, discloses  a mapping representation of content to service flow status.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACKIE ZUNIGA ABAD whose telephone number is (571)270-7194. The examiner can normally be reached Monday - Friday, 8:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, IAN MOORE can be reached on 571-272-3085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JACKIE ZUNIGA ABAD/           Primary Examiner, Art Unit 2469