DETAILED ACTION
I.	Claims 6 and 7 have been added.
II.	Claims 1 and 3-7 have been examined.
III.	Responses to Applicant’s remarks have been given.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114 was filed in this application after appeal to the Patent Trial and Appeal Board, but prior to a decision on the appeal. Since this application is eligible for continued examination under 37 CFR 1.114 and the fee set forth in 37 CFR 1.17(e) has been timely paid, the appeal has been withdrawn pursuant to 37 CFR 1.114 and prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant’s submission filed on 09/13/2022 has been entered.
Response to Arguments
The amendments to claims 1, 4, and 5 give cause for the previous 35 U.S.C. 112(b) rejection of those claims to be hereby withdrawn.
The amendments made to Figure 3 give cause for the objections to the drawings and to paragraph 36 of the Specification to be hereby withdrawn.
The addition of a period at the end of paragraph 43 of the Specification gives cause for the objection of the Specification on those grounds to be hereby withdrawn; however, the Specification remains objected to via the grounds cited below.  The Applicant argues that the amended paragraph 9 provides support for the claim limitations of “detecting the specific network application has ceased execution by using deep packet inspection; and closing the micro-firewall container”; however, the introduction of new matter to the Specification is in violation of 35 U.S.C. 132(a) which states that no amendment shall introduce new matter into the disclosure of the invention. Thus, the Specification remains objected to.
Applicant's arguments filed on 09/13/2022 have been fully considered but they are not persuasive. The amendments filed on 09/13/2022 are considered non-compliant because they have failed to meet the requirements of 37 CFR 1.121.  In order for the amendment document to be compliant, correction of the following item is required:
Claim 4 from the claim set previously filed on 09/24/2021 possessed the claim limitations of “spawning a dedicated micro-firewall container for executing per-application micro-firewall images for an operating system of the firewall device, to execute the application profile of the specific network application, wherein the dedicated micro-firewall is part of a plurality of micro-firewalls available, and wherein the plurality of micro-firewalls available is divided by categories, at least two of the categories comprising source entity and destination entity”. These claim limitations are not present within the current claim set filed on 09/13/2022, nor have they been struck through to indicate that they are to be deleted (if that is what the Applicant wants to do with said claim limitations). 
The Applicant is required to submit a corrected claim amendment section including directions that the corrected version of the claims be entered.  Only the corrected section of the non-compliant amendment document must be submitted (in its entirety), e.g., the entire “Amendments to the claims” section of the applicant’s amendment document must be re-submitted.  37 CFR 1.121(h).
Further, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). The Examiner maintains that Blaisdell’s disclosure of rules and conditions for the allowance and restriction of network traffic through a firewall provides disclosure of the Applicant’s claimed invention via, but not limited to, paragraph 33, “software rule triggers”, paragraphs 34, and 37, “firewall rules”, section 2.6 “Dynamic Enabling/Disabling of Firewall Rule Based on Usage Events” which covers paragraph 57, “Firewall rule are grouped into profiles”, paragraph 58, “Profiles are activated or deactivated by: software trigger, timer trigger, internal firewall rule trigger”.
In response to the Applicant's argument that the references fail to show certain features of Applicant’s invention, it is noted that the features upon which applicant relies (i.e., “nested applications”) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Specification
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required: Claims 1, 4, and 5 recite the limitation “detecting the first or second specific network application has ceased execution by using deep packet inspection; and closing the first or second dedicated micro-firewall container.” There is no support for this limitation anywhere in the originally-filed specification. 
The originally-filed Specification does not contain support for the amendments directed to “a second dedicated micro-firewall container for executing second per-application micro-firewall images corresponding to a second application…”; and “executing the second application profile in the second dedicated micro-firewall container to examine the data packet including second per-application firewall rules” within independent claims 1, 4, and 5. Also, the “first module”, “second module”, “third module”, “fourth module”, “fifth module”, “sixth module”, and “seventh module” within independent claim 5 do not have support within the originally-filed Specification.
The amendment filed 09/13/2022 is objected to under 35 U.S.C. 132(a) because it introduces new matter into the disclosure.  35 U.S.C. 132(a) states that no amendment shall introduce new matter into the disclosure of the invention.  The added material which is not supported by the original disclosure is as follows: the subject matter added to paragraph 9 of the Specification; aside from the original sentence that comprised paragraph 9 (i.e., “Advantageously, firewall device performance is improved by increasing throughput.”).
Applicant is required to cancel the new matter in the reply to this Office Action.
The use of the terms “Chrome” and “You Tube” within paragraph 22 on page 8 of the Specification; as well as  “Windows 94, 98, Me, Windows NT, Windows 2000, Windows XP, Windows XP x44 Edition, Windows Vista, Windows CE, Windows Mobile, Windows 4 or Windows 8), Linux, HP-UX, UNIX, Sun OS, Solaris, Mac OS X, Alpha OS, AIX, IRIX32, or IRIX44” and “Microsoft” in paragraph 42 on page 13 of the Specification which are trade names or a marks used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.
The disclosure is objected to because of the following informalities: the term “You Tube” is a misspelling of “YouTube”.  Appropriate correction is required.
Drawings
The drawings were received on 09/13/2022.  These drawings are accepted.
Claim Objections
Claim 6 is objected to because of the following informalities:  line 4 of claim 6 has the claim language “with in” and should be amended to be “within”.  Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1 and 3-7 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The originally-filed Specification does not contain support for the amendments directed to “spawning a second dedicated micro-firewall container for executing second per-application micro-firewall images corresponding to a second application…”; and “executing the second application profile in the second dedicated micro-firewall container to examine the data packet including second per-application firewall rules” within independent claims 1, 4, and 5. Also, the “first module”, “second module”, “third module”, “fourth module”, “fifth module”, “sixth module”, and “seventh module” within independent claim 5 do not have support within the originally-filed Specification.
Further, claims 1, 4, and 5 have the claim limitation of “detecting the first or second specific network application has ceased execution by using deep packet inspection; and closing the first or second dedicated micro-firewall container.” The originally-filed Specification does not contain support for these amendments.
Also, claim 7 is directed to “wherein the second application comprises YouTube”; however, “YouTube” is not referred to as an “application” within paragraph 22 on page 8 of the Specification; but rather refers to “a firewall container can be executed for both a Chrome web browser and for a You Tube video displayed within”.
Dependent claims 3 and 6 are rejected by virtue of their dependencies upon the rejected independent claims.
Claim 4 is rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, as based on a disclosure which is not enabling.  The disclosure does not enable one of ordinary skill in the art to practice the invention without “spawning a dedicated micro-firewall container for executing per-application micro-firewall images for an operating system of the firewall device, to execute the application profile of the specific network application, wherein the dedicated micro-firewall is part of a plurality of micro-firewalls available, and wherein the plurality of micro-firewalls available is divided by categories, at least two of the categories comprising source entity and destination entity”, which is/are critical or essential to the practice of the invention but not included in the claim(s). See In re Mayhew, 527 F.2d 1229, 188 USPQ 356 (CCPA 1976). Claim 4 from the claim set previously filed on 09/24/2021 possessed the claim limitations of “spawning a dedicated micro-firewall container for executing per-application micro-firewall images for an operating system of the firewall device, to execute the application profile of the specific network application, wherein the dedicated micro-firewall is part of a plurality of micro-firewalls available, and wherein the plurality of micro-firewalls available is divided by categories, at least two of the categories comprising source entity and destination entity”.  The current claim 4 – as filed on 09/13/2022 – has a new claim limitation pertaining to “spawning a second dedicated micro-firewall container for executing second per-application micro-firewall images corresponding to a second application related to the first application, wherein the second application is distinct from the first”.  However, a “spawning a second dedicated micro-firewall container…” is not possible without the presence of a first “dedicated micro-firewall container”, which has been removed from the current claim set.  Appropriate correction is required.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Dependent claim 7 recites "wherein the second application comprises YouTube". To ascertain the metes and bounds of the claimed “YouTube”, the Examiner turns to Applicant's disclosure of the invention. No explicit nor limiting definition can be sought in the disclosure of the invention. 
The following have been held: during examination, the PTO must interpret terms in a claim using "the broadest reasonable meaning of the words in their ordinary usage as they would be understood by one of ordinary skill in the art, taking into account whatever enlightenment by way of definitions or otherwise that may be afforded by the written description contained in the Applicant's specification." In re Morris, 127 F.3d 1048, 1054 (Fed. Cir. 1997). The second paragraph of 35 U.S.C. § 112 requires only that one of skill in the art, reading the claims in light of the specification, be able to clearly distinguish between subject matter encompassed by the claims, and subject matter not encompassed by the claims. See Miles Laboratories Inc. v. Shandon Inc., 997 F.2d 870, 875 (Fed. Cir. 1993) ("The test for definiteness is whether one skilled in the art would understand the bounds of the claim when read in light of the specification."). "[B]readth is not to be equated with indefiniteness." In re Miller, 441 F.2d 689, 693 (CCPA 1971).
Where a trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not ordinarily comply with the requirements of 35 U.S.C. 112(b). This is because the metes and bounds of the claim are in doubt, since a trademark or trade name cannot be used to properly identity any particular product. Rather, a trademark or trade name is used to identify a source of goods and not the goods themselves. YouTube is a known online video sharing and social media platform. At the time of writing of the office action, the Examiner notes that with YouTube, there exists various specification/features that are ever changing and subject to change.
The claim comprises these ever changing subject matter elements and is being used to definite structural claim limitations over the art. A trademark or trade name simply does not function in this matter. See Ex parte Simpson, 218 USPQ 1020 (BPAI 1982, non-precedential). Appropriate correction is required.
When a claim is amenable to two or more plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention. Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential).
Presently, some claims require speculation and conjecture by the Examiner and by one of ordinary skill in the art inasmuch as the claims under examination are rejected under 35 U.S.C. 112, second paragraph.  In light of the precedence set forth in In re Steele, 305 F.2d 859, 862 (CCPA 1962) and In re Wilson, 424 F.2d 1382, 1385 (CCPA 1970), the Examiner applies cited art in accordance with a position as best understood in the context of the claims and the invention as a whole to expedite compact prosecution.  Such interpretations of the claims versus the cited art cannot be used as a basis for overcoming the objections or rejections set forth supra. 
A claim that requires the exercise of subjective judgment without restriction may render the claim indefinite. In re Musgrave, 431 F.2d 882, 893, 167 USPQ 280, 289 (CCPA 1970). Claim scope cannot depend solely on the unrestrained, subjective opinion of a particular individual purported to be practicing the invention. Datamize LLC v. Plumtree Software, Inc., 417 F.3d 1342, 1350, 75 USPQ2d 1801, 1807 (Fed. Cir. 2005)); see also Interval Licensing LLC v. AOL, Inc., 766 F.3d 1364, 1373, 112 USPQ2d 1188 (Fed. Cir. 2014) (holding the claim phrase "unobtrusive manner" indefinite because the specification did not "provide a reasonably clear and exclusive definition, leaving the facially subjective claim language without an objective boundary").
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1 and 3-6 are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No. US 2017/0353498 to Huang et al., hereinafter Huang, and further in view of United States Patent Application Publication No. US 2008/0235755 to Blaisdell et al., hereinafter Blaisdell.
Regarding claims 1 and 5, Huang teaches a firewall device and a computer-implemented method in a firewall device of a data communication system (Figure 2A, “Instance Engine 314”), for executing per-application micro-firewall images in a dedicated container on a data communications network, the method comprising the steps of:
generating application profiles from metadata concerning network applications installed on network devices (Figures 3B and 5B, paragraphs 6, 144 and 169);
storing the application profiles in an application profile database (Figure 3B, and paragraphs 130-133),
detecting a current execution of a specific network application for transmitting data packets on a network device with deep packet inspection (Figures 4B and 5A, and paragraphs 8, 26, 73, 141 and 164);
responsive to the detection, retrieving an application profile associated with the specific network application (Figures 5B and 5C and paragraphs 56 and 172);
spawning a first dedicated micro-firewall container for executing first per-application micro-firewall images corresponding to a first application from an operating system of the firewall device, to execute the application profile of the specific network application (paragraph 165, “security instance distinct from the plurality of user-space instances is instantiated (508).  The security instance is instantiated within the respective operating system environment, has a respective virtual address space in virtual memory of the respective operating system environment, and is executed in user space of the respective virtual address space.”, paragraphs 166 and 177, “For each respective user-space instance of the plurality of user-space instances, the security instance is used (526) to apply the respective set of security policies associated with the respective user-space instance to the monitored operations for the respective user-space instance, and the monitored data communications sent by and/or received by the respective user-space instance, so as to detect and/or remediate violations of the respective set of security policies.” and paragraph 181).
Huang teaches the claimed invention, as cited above.  However, Huang is not relied upon for  the claim limitations with regards to “”the application profiles comprising per-application firewall rules for applications running on the network devices, the network devices located remotely from the firewall device over the data communications network…the application profiles comprising per-application firewall rules; wherein the dedicated micro-firewall is part of a plurality of micro-firewalls available, and wherein the plurality of micro-firewalls available is divided by categories, at least two of the categories comprising source entity and destination entity; executing the application profile in the container to examine network traffic associated with the specific network application including per-application firewall rules and general firewall rules; detecting the first or second specific network application has ceased execution by using deep packet inspection; and closing the corresponding first or second dedicated micro-firewall container.”; as well as “spawning a second dedicated micro-firewall container for executing second per-application micro-firewall images corresponding to a second application related to the first application, wherein the second application is distinct from the first application” and “executing the second application profile in the second dedicated micro-firewall container to examine the data packet including second per-application firewall rules”. Blaisdell teaches said limitations, as cited below
Further regarding claims 1 and 5, Blaisdell teaches the application profiles comprising per-application firewall rules for applications running on the network devices, the network devices located remotely from the firewall device over the data communications network (Figures 3 and 4, and paragraph 33, “software rule triggers”, paragraphs 34, and 37, “firewall rules”, section 2.6 “Dynamic Enabling/Disabling of Firewall Rule Based on Usage Events” which covers paragraph 57, “Firewall rule are grouped into profiles”, paragraph 58, “Profiles are activated or deactivated by: software trigger, timer trigger, internal firewall rule trigger” and paragraphs 59-61; and paragraphs 106, and 119);
 wherein the dedicated micro-firewall is part of a plurality of micro-firewalls available, and wherein the plurality of micro-firewalls available is divided by categories, at least two of the categories comprising source entity and destination entity; spawning a second dedicated micro-firewall container for executing second per-application micro-firewall images corresponding to a second application related to the first application, wherein the second application is distinct from the first application (paragraphs 40, 55, and 106, “A node can only request propagation for policies controlling its own resources (i.e., source or destination address belonged to it).”, and paragraphs 120 and 251, “Firewall could only be installed from a host/router which own the source (egress firewall) or destination (ingress firewall)”);
executing the first application profile in the container to examine network traffic associated with the specific network application including per-application firewall rules and general firewall rules; executing the second application profile in the second dedicated micro-firewall container to examine the data packet including second per-application firewall rules (Figures 3 and 4, and paragraph 33, “software rule triggers”, paragraphs 34, and 37, “firewall rules”, section 2.6 “Dynamic Enabling/Disabling of Firewall Rule Based on Usage Events” which covers paragraph 57, “Firewall rule are grouped into profiles”, paragraph 58, “Profiles are activated or deactivated by: software trigger, timer trigger, internal firewall rule trigger” and paragraphs 59-61; and paragraphs 106, and 119);
detecting the first or second specific network application has ceased execution by using deep packet inspection; and closing the corresponding first or second dedicated micro-firewall container (paragraph 79, “Deep packet inspection support (configurable based on local resource availability)”, and paragraph 80, “Dynamically provisioned (API/authentication framework to allow external injection of rules and activation/deactivate of rule)”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Blaisdell with the teachings of Huang to improve the security of the network environment because “it would be desirable have a firewall operated by the ISP that implements rules and policies of a network owner or the owner of a stand-alone device, thereby preventing unwanted traffic from entering the network and ensuring that there is available bandwidth for data leaving the network in certain specified circumstances” (Blaisdell – paragraph 7).
The obviousness to combine for independent claims 1 and 5 also pertains to independent claim 4.
In assessing whether a claim to a combination of prior art elements/steps would have been obvious, the question to be asked is whether the improvement of the claim is more than the predictable use of prior art elements or steps according to their established functions. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). “[T]he analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” Id. at 418.  It is well established that in evaluating references it is proper to take into account not only the specific teachings of the references but also the inferences which one skilled in the art would reasonably be expected to draw therefrom. In re Preda, 401 F.2d 825, 826 (CCPA 1968).
Regarding claim 3, Huang teaches wherein more than one micro-firewall container is spawned for a specific network application (paragraphs 97, 98, and 124).
Regarding claim 4, Huang discloses a non-transitory computer-readable media storing instructions that, when executed by a processor, perform a computer-implemented method in a firewall device of a data communication system, for executing per-application micro-firewall images in a dedicated container on a data communications network, the method comprising the steps of:
generating application profiles from metadata concerning network applications installed on network devices (Figures 3B and 5B, paragraphs 6, 144 and 169);
storing the application profiles in an application profile database (Figure 3B, and paragraphs 130-133), 
detecting a current execution of a specific network application for transmitting data packets on a network device with deep packet inspection (Figures 4B and 5A, and paragraphs 8, 26, 73, 141 and 164);
responsive to the detection, retrieving an application profile associated with the specific network application (Figures 5B and 5C and paragraphs 56 and 172);
spawning a first dedicated micro-firewall container for executing first  per-application micro-firewall images corresponding to a first application from an operating system of the firewall device, to execute the application profile of the specific network application (paragraph 165, “security instance distinct from the plurality of user-space instances is instantiated (508).  The security instance is instantiated within the respective operating system environment, has a respective virtual address space in virtual memory of the respective operating system environment, and is executed in user space of the respective virtual address space.”, paragraphs 166 and 177, “For each respective user-space instance of the plurality of user-space instances, the security instance is used (526) to apply the respective set of security policies associated with the respective user-space instance to the monitored operations for the respective user-space instance, and the monitored data communications sent by and/or received by the respective user-space instance, so as to detect and/or remediate violations of the respective set of security policies.” and paragraph 181).
Huang discloses the claimed invention, as cited above.  However, Huang is nor relied upon for the claim limitations with regards to “the application profiles comprising per-application firewall rules for applications running on the network devices, the network devices located remotely from the firewall device over the data communications network…wherein the dedicated micro-firewall is part of a plurality of micro-firewalls available, and wherein the plurality of micro-firewalls available is divided by categories, at least two of the categories comprising source entity and destination entity; spawning a dedicated micro-firewall container for executing per-application micro-firewall images from an operating system of the firewall device, to execute the application profile of the specific network application; executing the first application profile in the first dedicated micro-firewall container to examine a data packet associated with the first and second specific network applications including first per-application firewall rules; executing the second application profile in the second dedicated micro-firewall container to examine the data packet including second per-application firewall rules; detecting the first or the second specific network application has ceased execution by using deep packet inspection; and closing the corresponding first or second dedicated micro-firewall container”.  Blaisdell discloses said claim limitations, as cited below.
Further regarding claim 4, Blaisdell the application profiles comprising per-application firewall rules for applications running on the network devices, the network devices located remotely from the firewall device over the data communications network (Figures 3 and 4, and paragraph 33, “software rule triggers”, paragraphs 34, and 37, “firewall rules”, section 2.6 “Dynamic Enabling/Disabling of Firewall Rule Based on Usage Events” which covers paragraph 57, “Firewall rule are grouped into profiles”, paragraph 58, “Profiles are activated or deactivated by: software trigger, timer trigger, internal firewall rule trigger” and paragraphs 59-61; and paragraphs 106, and 119); 
spawning a dedicated micro-firewall container for executing per-application micro-firewall images from an operating system of the firewall device, to execute the application profile of the specific network application, wherein the dedicated micro-firewall is part of a plurality of micro-firewalls available, and wherein the plurality of micro-firewalls available is divided by categories, at least two of the categories comprising source entity and destination entity; spawning a second dedicated micro-firewall container for executing second per-application micro-firewall images corresponding to a second application related to the first application, wherein the second application is distinct from the first (paragraphs 40, 55, and 106, “A node can only request propagation for policies controlling its own resources (i.e., source or destination address belonged to it).”, and paragraphs 120 and 251, “Firewall could only be installed from a host/router which own the source (egress firewall) or destination (ingress firewall)”);
executing the first application profile in the first dedicated micro-firewall container to examine a data packet associated with the first and second specific network applications including first per-application firewall rules (Figures 3 and 4, and paragraph 33, “software rule triggers”, paragraphs 34, and 37, “firewall rules”, section 2.6 “Dynamic Enabling/Disabling of Firewall Rule Based on Usage Events” which covers paragraph 57, “Firewall rule are grouped into profiles”, paragraph 58, “Profiles are activated or deactivated by: software trigger, timer trigger, internal firewall rule trigger” and paragraphs 59-61; and paragraphs 106, and 119);
executing the second application profile in the second dedicated micro-firewall container to examine the data packet including second per-application firewall rules (Figures 3 and 4, and paragraph 33, “software rule triggers”, paragraphs 34, and 37, “firewall rules”, section 2.6 “Dynamic Enabling/Disabling of Firewall Rule Based on Usage Events” which covers paragraph 57, “Firewall rule are grouped into profiles”, paragraph 58, “Profiles are activated or deactivated by: software trigger, timer trigger, internal firewall rule trigger” and paragraphs 59-61; and paragraphs 106, and 119);
detecting the first or the second specific network application has ceased execution by using deep packet inspection; and closing the corresponding first or second dedicated micro-firewall container (paragraph 79, “Deep packet inspection support (configurable based on local resource availability)”, and paragraph 80, “Dynamically provisioned (API/authentication framework to allow external injection of rules and activation/deactivate of rule)”.
Regarding claim 6, Huang teaches wherein the first application comprises a specific web browser, and the second application comprises a specific application funning with in the web browser (paragraph 71, “Users employ client devices to access computer systems 102 and to access services provided by computer systems 102. For example, one or more client devices execute web browser applications that can be used to access services provided by one or more of computer systems 102. As another example, one or more of the client devices execute software applications that are specific to a service provided by the one or more computer systems 102 (e.g., service “apps” running on smart phones or tablets, such as an iPhone, Android, or Windows smart phone or tablet).”).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Huang and Blaisdell as applied to independent claim 1 above, and further in view of United States Patent Application Publication No. US 20170142068 A1 to Devarajan et al., hereinafter Devarajan.
Huang and Blaisdell teach the claimed invention, as cited above.  However, they are not relied upon to teach the claim limitation set forth within dependent claim 7 pertaining to “wherein the second application comprises YouTube”.  Devarajan teaches said claim limitation, as cited below
Regarding claim 7, Devarajan teaches wherein the second application comprises YouTube (paragraph 73, “Exemplary high bandwidth applications can include content streaming such as video (e.g., Netflix, Hulu, YouTube, etc.) or audio (e.g., Pandora, etc.).”, and paragraph 85, “Firewall applications are defined as Layer 7 (L7) applications (e.g., Lync, Skype, YouTube, etc.). The firewall 602 enables custom firewall services to allow users to define their own pin holes through the FW firewall 602 if a pre-defined firewall application does not exist.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Devarajan with the teachings of Huang and Blaisdell to enable various applications to be accessible via customizable firewall parameters
In assessing whether a claim to a combination of prior art elements/steps would have been obvious, the question to be asked is whether the improvement of the claim is more than the predictable use of prior art elements or steps according to their established functions. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). “[T]he analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” Id. at 418.  It is well established that in evaluating references it is proper to take into account not only the specific teachings of the references but also the inferences which one skilled in the art would reasonably be expected to draw therefrom. In re Preda, 401 F.2d 825, 826 (CCPA 1968).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The references cited on form PTO-892 are cited to further show the state of the art with respect to the implementation of firewalls within a network environment. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMIAH L AVERY whose telephone number is (571)272-8627. The examiner can normally be reached M-F 8:30am -5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JEREMIAH L AVERY/Primary Examiner, Art Unit 2431