DETAILED ACTION
1. 	 Applicant's election without traverse of Group II, claims 11-24 in the reply filed on 01/25/2022 is acknowledged. Furthermore, new claim 25 is added. Thus claims 11-25 are pending and considered for examination. Claim 11 is independent.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
				Supplemental Response/Amendment 
3.	The supplemental amendment made to the specification that is filed on 01/28/2022 correcting a typographical error in the specification, is acknowledged. 
Priority
	4.	This application filed on 12/14/2018 doesn’t claim priority. Thus, the effective filing date for this particular application is December 14, 2018.
					Information Disclosure Statement
5.	The information disclosure statements (IDS) submitted on 02/11/2019 has been considered. The submission is in-compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Drawings
	6.	The drawings filed on December 14, 2018 are accepted. 
Specification
	7.	The specification filed on December 14, 2018 is also accepted.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “…system configured to”, in claim 25. The corresponding structure for this system is disclosed in the specification in ¶[0022 of the published specification, “20200195616”]. (See the following on Paragraph 0022. Computing system 10 includes a plurality of computing devices which are interconnected with one another via a communications network in an illustrative example. The computing system 10 of FIG. 1 includes a plurality of workstations 12, a switch 14, a router 16, and internet services 18. The computing system 10 also includes a plurality of servers 20, 22, 24 which implement general business processes and a plurality of servers 30, 32, 34 which implement role specific business processes in the illustrated embodiment, for example with respect to the control of the distribution of electrical energy within an electrical power grid.)
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
9.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

10.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, and/or examiner’s clarification. Meaning, text after a limitation in brackets [ ] corresponds to examiner’s mapping (including further explanation and/or comments) and/or prior art reference citations. Furthermore text in brackets [ ] points out explanation how the claim limitation is taught or explicitly taught by the reference being cited for that particular limitation or part of the limitation]



11.	Claims 11-25 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Silvano Gai (herein after referred as Gai) (US Publication No. 2009/0300350 A1) (Publication Date: Dec 3, 2009) in view of NPL document, titled “A Framework to Protect Data Through Segmentation” by Cisco (herein after referred as Cisco) (January 17, 2018… 9 pages)(This is submitted with the IDS)

As per dependent claim 11 Gai discloses a computing system operational method [See figure 2 and paragraph 0105, ‘embodiments of the present invention relate to computer readable media or computer program products that include program instructions and/or data (including data structures) for performing various computer-implemented operations] comprising:
 initiating an action to transmit data from [See at least figures 1 and 2. And at least Paragraph 0042, FIG. 1. Host 105 is a member of a security group within enterprise network 110. Routers 115 and 120 are routers of enterprise network 110. When host 105 sends packet 107 to destinations within enterprise network 110 or Internet 130. See also paragraph 0070- 0071, FIG. 2 illustrates various types of security groups implemented on an enterprise network. In this example, there are seven different roles defined for security groups within enterprise network 200 and seven corresponding SGTs indicated on FIG. 2: 1 is for guests; 2 is for authenticated devices; 3 is for unauthenticated devices; 4 is for the Internet; 5 is for secure servers; and 6 is for regular servers. Number 7 is used for a closed security group, also known as a non-overlapping security group. See paragraph 0071, In other embodiments, roles are assigned to users or applications instead of devices];

as a result of the initiating, determining one of a plurality of network segments of a communication network which is associated with computing device [See figure 1 and figure 2 and at least paragraph 0042, When host 105 sends packet 107 to destinations within enterprise network 110 or Internet 130, an SGT is added to packet 107 at ingress port 112 of router 115. In this example, the SGT is for security group 1, the members of which are authorized to access server 125 or Internet 130, but not server 135. See for instance paragraph 0074, Authenticated device 245 has its packets tagged with SGT=2, preferably after reaching port 255 of router 220. Accordingly, authenticated device 245 can send packets to Internet 130, to regular server 250 and to secure server 270, because ports 225, 227, 265 and 275 will pass packets having an SGT of 2. Authenticated device 245 can receive packets from Internet 130, from regular server 250 and secure server 270, because port 255 will pass SGTs of 4, 5 or 6.]; 
after the determining, modifying the data to enable communication of the data using the one network segment [See figure 1 and figure 2 and at least paragraph 0043, At least a portion of packet 107 that includes the SGT may be encrypted. The encryption may be performed using any viable method know to those of skill in the art, such as secret key or public key cryptography. See paragraph 0045, In a first example, host 105 sends packet 107 to server 125, e.g., to request information stored on server 125. Authentication information is added to packet 107 and the packet is encrypted at port 140.]; 
transmitting the modified data using the one network segment [See figure 1 and figure 2 and see at least paragraph 0045, Then, packet 107 is forwarded from router 115 to router 120 based upon information encoded in layer 3 of packet 107, but not upon the SGT]; receiving the modified data after the transmitting; processing the modified data after the receiving; and as a result of the processing [See figure 1 and figure 2 and at least paragraph 0045, Packet 107 is decrypted at port 150 of router 120 and the SGT is checked at egress port 122 to determine whether packet 107 is authorized to reach server 125], delivering the data [See figure 1 and figure 2 and at least paragraph 0045, because the SGT of packet 107 indicates security group 1, the members of which are allowed to send packets to server 125, packet 107 is transmitted to server 125. See also paragraph 0063, the SGT of packet 107 would be read to determine that packet 107 is from a device within security group 1, the members of which are allowed to send packets to server 125. Therefore, packet 107 is transmitted to server 125.].

Gail substantially discloses all the limitation recited in the claims but doesn’t explicitly disclose the following bolded or underlined claim limitation: “an application segment of a transmitting computing device and an application segment of recipient computing device”
In other words, even though the transmitting 105 and the receiving computing devices 125 such as shown on figure 1 and 2 and disclosed on paragraph 0071, of Gail includes application software segment. Gail doesn’t explicitly disclose this limitation. 

However, Cisco at least on figure page 3, figures 4-5 teaches or discloses the app to app segmentation or the communication between an application segment of a transmitting computing device and an application segment of recipient computing device”

Gai and Cisco are an analogous/in the same field of endeavor as they both pertain to grouping network nodes and segmentation to enforce internal security and protection of data transmission.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement in the system of Gail a mechanism of adding a feature such as ““an application segment of a transmitting computing device and an application segment of recipient computing device” as per teaching of Cisco because this would provide a stronger protection of data using a segmentation framework that breaks infrastructure into individual components and builds connection points between the relevant components based on applications and devices.  [See Cisco, Abstract and figures 4-5]

As per claim 25, Claim 25 is rejected for the same reason as that of the above independent claim 11.


As per dependent claim 12, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gail discloses the method/system, wherein the determining comprises determining using a policy which identifies the one network segment and was predefined before the initiating. [See paragraphs 0082- 0083 and figure 8, ref. 815, the policies and see also Cisco figures 4-6 and see particularly, segmentation policy shown on figure 6]

As per dependent claim 13, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Cisco discloses the method/system, further comprising establishing a data connection between the application segment of the transmitting computing device and the one network segment as a result of the determining. [See at least figure 4 and figure 5 and see how a data connection between application segment is established. See Gail figure 2]

As per dependent claim 14, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gail discloses the method/system after the modifying and before the transmitting [See figure 1 and figure 2 and at least paragraph 0043, At least a portion of packet 107 that includes the SGT may be encrypted. The encryption may be performed using any viable method know to those of skill in the art, such as secret key or public key cryptography. See paragraph 0045, In a first example, host 105 sends packet 107 to server 125, e.g., to request information stored on server 125. Authentication information is added to packet 107 and the packet is encrypted at port 140.], verifying that the modified data is authorized for transmission via the one network segment, and wherein the transmitting occurs as a result of the modified data being authorized for the transmission [See paragraph 0016, reading a security group tag in a field of the packet reserved for layer three or higher; determining a first security group of the packet based on the security group tag, wherein the first security group is one of a plurality of security groups and wherein the first security group associates a first set of destination addresses and a first set of sources authorized to access the first set of destination addresses; and deciding, based upon the source and the first security group designation, whether to transmit the packet to the destination address. See also paragraph 0017, the packet can be verified by analyzing authentication information in the packet, thereby authenticating a source and/or a user. The method may include the step of decrypting the packet.].


As per dependent claim 15, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gai discloses the method/system wherein the verifying comprises determining that the application segment of the transmitting computing device is authorized to send external communications via the one network segment. [See paragraph 0065-0066, the host 105 sends packet 107 to the Internet 130. The SGT of packet 107 is checked at egress port 118 to determine whether packet 107 is authorized to reach the Internet 130. Because the SGT of packet host 105 indicates security group 1, the members of which are permitted to send packets to the Internet 130, packet 107 is transmitted to the Internet 130. See paragraph 0066, host 105 attempts to send packet 107 to server 135. Packet 107 is forwarded from router 115 to router 120 based upon information encoded in layer 3 of packet 107, but not upon the SGT. The SGT of packet 107 is checked at egress port 127 to determine whether packet 107 is authorized to reach server 135. See also Cisco at least figure 4 and 5]


As per dependent claim 16, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gail discloses the method/system wherein the processing comprises: identifying the application segment of the recipient computing device; and determining whether the application segment of the recipient computing device is authorized to receive the data from the one network segment [ See at least paragraph 0081, Because ports 731 and 741 will pass packets having SGTs of either 1 or 2, servers 715 and 720 may receive packets from any other device in the private security group. However, because ports 726 and 736 will pass only those packets having SGTs of 2, client device 705 and client device 710 can receive packets from either of servers 715 and 720, but not from each other and 0085-0086, If a packet having an SGT of 2 and a destination of server 250 is received by port 265, the packet will be forwarded to server 250. If port 265 receives a packet having an SGT of 3 and a destination of server 250, the packet will be forwarded and the event will be logged. If a packet having an SGT of 2 and a destination of server 270 is received by port 275, the packet will be forwarded to server 270. However, if port 275 receives a packet having an SGT of 3 and a destination of server 270, the packet will be dropped. See also Cisco figures 4-5]


As per dependent claim 17, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gai discloses the method/system wherein the delivering comprises delivering as a result of the application segment of the recipient computing device being authorized to receive the data from the one network segment. [[ See at least paragraph 0081, Because ports 731 and 741 will pass packets having SGTs of either 1 or 2, servers 715 and 720 may receive packets from any other device in the private security group. However, because ports 726 and 736 will pass only those packets having SGTs of 2, client device 705 and client device 710 can receive packets from either of servers 715 and 720, but not from each other and 0085-0086, If a packet having an SGT of 2 and a destination of server 250 is received by port 265, the packet will be forwarded to server 250. If port 265 receives a packet having an SGT of 3 and a destination of server 250, the packet will be forwarded and the event will be logged. If a packet having an SGT of 2 and a destination of server 270 is received by port 275, the packet will be forwarded to server 270. However, if port 275 receives a packet having an SGT of 3 and a destination of server 270, the packet will be dropped. See also Cisco figures 4-5]

As per dependent claim 18, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gai discloses the method/system wherein the 
the modifying comprises adding metadata to the data which identifies the one network segment [See at least paragraph 0007, a Security Group Tag (SGT) is inserted in the packet at an ingress port of the network and the SGT is checked for traffic segregation at an egress port of the network. The SGT may be inserted in the packet in conjunction with a security header. Preferably, authentication information is also added to the packet and paragraph 0045, Authentication information is added to packet 107 and the packet is encrypted at port 140 and paragraph 0042, an SGT is added to packet 107 at ingress port 112 of router 115. In this example, the SGT is for security group 1, the members of which are authorized to access server 125 or Internet 130, but not server 135.See Cisco figures 4-5].


As per dependent claim 19, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gai discloses the method/system wherein 
wherein the transmitting comprises transmitting as a result of the metadata indicating that the application segment of the transmitting computing device is authorized to communicate externally of the transmitting computing device using the one network segment [[See paragraph 0065-0066, the host 105 sends packet 107 to the Internet 130. The SGT of packet 107 is checked at egress port 118 to determine whether packet 107 is authorized to reach the Internet 130. Because the SGT of packet host 105 indicates security group 1, the members of which are permitted to send packets to the Internet 130, packet 107 is transmitted to the Internet 130. See paragraph 0066, host 105 attempts to send packet 107 to server 135. Packet 107 is forwarded from router 115 to router 120 based upon information encoded in layer 3 of packet 107, but not upon the SGT. The SGT of packet 107 is checked at egress port 127 to determine whether packet 107 is authorized to reach server 135. See also Cisco at least figure 4 and 5]


As per dependent claim 20, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gail discloses the method/system wherein the delivering comprises delivering as a result of the metadata indicating that the data is authorized to be communicated from the one network segment to the application segment of the recipient computing device [ See paragraph 0073-0074, Packets marked in this way can only egress enterprise network 200 toward the Internet 130, because the egress filters of ports 225 and 227, which connect enterprise network 200 to the Internet, are the only egress filters which will pass a packet with an SGT of 1. Similarly, visitor device 205 can only receive packets having an SGT of 4, which is assigned to packets that reach port 225 or port 227 from Internet 130. Authenticated device 245 has its packets tagged with SGT=2, preferably after reaching port 255 of router 220. Accordingly, authenticated device 245 can send packets to Internet 130, to regular server 250 and to secure server 270, because ports 225, 227, 265 and 275 will pass packets having an SGT of 2. Authenticated device 245 can receive packets from Internet 130, from regular server 250 and secure server 270, because port 255 will pass SGTs of 4, 5 or 6. See also Cisco figures 4-5]

As per dependent claim 21, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Gai discloses the method/system further comprising removing the metadata from the data after the processing and before the delivering [See at least paragraph 0046, In some embodiments, server 125 may decrypt packet 107. If hosts are not able to decrypt packets and/or process SGTs, it is preferable that packets which egress the network are “plain vanilla” packets without SGTs. The “plain vanilla packet “without SGTs broadly meets the packet/data without metadata or with removed SGTs/metadata]


As per dependent claim 22, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Cisco discloses the method/system wherein the application segment is an initial application segment and the transmitting computing device executes a plurality of additional application segments, and further comprising only enabling the one network segment to communicate data from the initial application segment. [See at least figures 4-5 and see Gai at least figure 2]


As per dependent claim 23, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Cisco discloses the method/system wherein the application segment is an initial application segment and the transmitting computing device executes a plurality of additional application segments, and further comprising enabling the initial application segment to only communicate data via the communication network using the one network segment. [See at least figures 4-5 and see Gail at least figure 2]

As per dependent claim 24, the combination of Gai and Cisco, discloses a method/system as applied to claims above. Furthermore, Cisco discloses the method/system further comprising: initiating another action to transmit data from another application segment of the transmitting computing device; and determining another of the network segments to transmit the data from the another application segment. [See at least figures 4-5 and see Gai at least figure 2]


Conclusion
12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A.	US Publication No. 20100099405 A1 to Brisebois as shown on FIGS. 4A and 4B illustrate schematically subscriber segmentation for two disparate markets and network selection profile and display profile for a first type of subscriber type, respectively, in accordance with aspects of the subject innovation.

B. 	US Publication No. 2007/0067438 A1 to Goranson discloses classification of traffic as approved or unapproved can comprise creating policies to define network relationships. Examples of such policies can include those that classify traffic according to source-IP addresses, source ports, destination-IP addresses, destination ports, and/or protocols. Another policy can be based on the state of a connection in the network. Yet another policy can be based on traffic data flow including, but not limited to the direction and volume of the traffic. Policies can operate on single users and/or systems as well as on groups and/or network segments. Any traffic that is unapproved according to policies and/or is not defined by a policy is deemed abnormal by default. The traffic is then further examined by the knowledge and hypothesis nodes to confirm that the traffic is indeed abnormal.
C.	US Patent No. 11284462 B2 to Samuel discloses a method includes obtaining, by a cellular termination function via a cellular access point, a request from a client for data plane connectivity via a network, wherein the cellular access point is registered within the network and is in communication with a first switch of the network; obtaining, by the cellular termination function, cellular policy information and enterprise policy information for the client; obtaining, by the cellular termination function, an Internet Protocol (IP) address for the client; and establishing data plane connectivity for the client with the network via the cellular access point, the first switch of the network, and a second switch of the network based, at least in part, on the IP address for the client, wherein the second switch connects the network with one or more data networks.
D.	See the other cited prior arts.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498