Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a reply to the application filed on 3/30/2021, in which, claims 1-20 are pending. Claims 1 and 9 are independent.
When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.

Information Disclosure Statement
The information disclosure statement (IDS) submitted is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The drawings filed on 3/30/2021 are accepted.

Specification
The disclosure filed on 3/30/2021 is accepted.

Double Patenting
1. 	A rejection based on double patenting of the "same invention" type finds its support in the language of 35 U.S.C. 101 which states that "whoever invents or discovers any new and useful process ... may obtain a patent therefor ..." (Emphasis added). Thus, the term "same invention," in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957); and In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970).

2.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claims 1 and 9 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1 and 11 of US 10997303 B2. Although the conflicting claims are not identical, they are not patentably distinct from each other because all the limitations recited in the independent claims 1 and 9 of the present application and are broader than limitations recited in independent claims 1 and 11 of US 10997303 B2.      
Claims 2-8, 13-14, and 17-18 of the present application are not patentably distinct from respective claims 1-16 of US 10997303 B2 because the claims recite substantially the same features.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20120260331 A1 (hereinafter ‘Aaron’) in view of US 20130097658 A1 (hereinafter ‘Cooper’) in view of US 20150074258 A1 (hereinafter ‘Ferreira’).

As regards claim 1, Aaron (US 20120260331 A1) discloses: A method for managing network flows for an enterprise network, the method comprising: receiving, at a firewall of…network, a network message from a process executing on an endpoint; (Aaron: Figs 1-4 and ¶31-¶39, i.e., sending/receiving network traffic between network computing elements) 
However, Aaron does not but in analogous art, Cooper (US 20130097658 A1) teaches: an enterprise network; (Cooper: ¶30, i.e., host computer in the corporate i.e., network)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Aaron to include a corporate network in which metadata about network flows is received from host systems as taught by Cooper with the motivation to apply a network policy action to the flow (Cooper: ¶11)   
However, Aaron et al do not but in analogous art, Ferreira teaches querying a device to gather metadata regarding the network flow including application information (Ferreira: ¶38-¶40), thus teaching: transmitting a request.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was to modify Aaron et al with the teaching of Ferreira of discovering/polling new traffic flows with the motivation to receive the information as soon as possible to be displayed to the user of the system of Ferreira as a predicted result. (Ferreira: ¶38-¶40)
Aron et al combination further discloses: through a secure connection from the firewall to a local security agent on the endpoint to retrieve identifying information for an application associated with the process from a process cache in a kernel space of an operating system for the endpoint; (Aaron: Abstract, ¶33-¶36, i.e., communication between the host and firewall is done securely that includes exchanging application information; Figs. 4, 5A-5B, ¶41-¶44, i.e., whenever a new (i.e., unknown) application becomes active, the hosts identifies the application and sends identifying information to the firewall and the process is repeated every time a new application becomes active wherein, Fig. 1, ¶19-¶28, the applications and the agent are executing in memory 122 i.e., the kernel space i.e., operating system space. Note: Applications execute as processes in the space of a an operating system and wherein the processes are identified by an identifier, see e.g., US 6185686 B1, col 8:30-50.  See also Ferreira: ¶38-¶40. See also Cooper: ¶25-¶26 i.e., the metadata including the application information gathered over a secure, separate channel)
receiving, from the local security agent in response to the request, identifying information for the application including at least an application type; and (Aaron: Figs. 4, 5A-5B, ¶41-¶44, i.e., whenever a new (i.e., unknown) application becomes active, the hosts identifies the application and sends identifying information to the firewall and the process is repeated every time a new application becomes active)
applying a security policy for the enterprise network to the network message at the firewall according to the network message and the application type. (Aaron: ¶38-¶39, applying security policy and rules)

Claim 9 recites substantially the same features recited in claim 1 above, and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 2, Aaron et al combination discloses the method of claim 1 wherein applying the security policy includes managing a network traffic flow at the firewall based on the security policy. (Aaron: ¶38-¶39, applying security policy and rules)

As regards claim 3, Aaron et al combination discloses the method of claim 2 wherein managing the network traffic flow includes associating the network traffic flow with the application type. (Aaron: ¶38-¶39)

As regards claim 4, Aaron et al combination discloses the method of claim 2 managing the network traffic flow includes applying a security policy to the network traffic flow according to the application type. (Aaron: ¶38-¶39)

As regards claim 5, Aaron et al combination discloses the method of claim 1 wherein the firewall executes on the endpoint. (Aaron: Fig 1. See also Cooper: Fig 1, ¶12)

As regards claim 6, Aaron et al combination discloses the method of claim 1 wherein the firewall executes on a gateway for the enterprise network. (Aaron: Fig 1. See also Cooper: Fig 1, ¶12)

As regards claim 7, Aaron et al combination discloses the method of claim 1 wherein the firewall executes on a cloud-based security appliance for the enterprise network. (Aaron: Fig 1. See also Cooper: Fig 1, ¶12)

As regards claim 8, Aaron et al combination discloses the method of claim 1 wherein the identifying information includes an application name for the application. (Aaron: ¶31-¶32)

As regards claim 10, Aaron et al combination discloses the computer program product of claim 9 wherein the identifying information includes the application type. (Aaron: ¶38-¶39, applying security policy and rules)

As regards claim 11, Aaron et al combination discloses the computer program product of claim 9 further comprising querying a threat management facility for the enterprise network to identify the application type based on the identifying information. (Ferreira: ¶38-¶41)

As regards claim 12, Aaron et al combination discloses the computer program product of claim 9 further comprising querying a data store of the firewall to identify the application type based on the identifying information. (Ferreira: ¶38-¶41)

As regards claim 13, Aaron et al combination discloses the computer program product of claim 9 wherein transmitting the request includes transmitting the request through a secure connection. (Aaron: Abstract, ¶33-¶36, i.e., communication between the host and firewall is done securely)

As regards claim 14, Aaron et al combination discloses the computer program product of claim 13 wherein the secure connection between the firewall and the endpoint is on a channel separate from the network message. (Cooper: ¶26, secure, out-of-band channel i.e., separate, for communicating the metadata information)

As regards claim 15, Aaron et al combination discloses the computer program product of claim 9 wherein transmitting the request includes conditionally transmitting the request when the firewall cannot determine the application type for the application. (Ferreira: ¶38-¶40. See also, Aaron: Figs. 4, 5A-5B, ¶41-¶44)

As regards claim 16, Aaron et al combination discloses the computer program product of claim 9 wherein the firewall executes on the endpoint. (Aaron: Fig 1. See also Cooper: Fig 1, ¶12)

As regards claim 17, Aaron et al combination discloses the computer program product of claim 9 wherein the firewall executes on a gateway for the enterprise network. (Aaron: Fig 1. See also Cooper: Fig 1, ¶12)

As regards claim 18, Aaron et al combination discloses the computer program product of claim 9 wherein the firewall executes on a cloud-based security appliance for the enterprise network. (Aaron: Fig 1. See also Cooper: Fig 1, ¶12)

As regards claim 19, Aaron et al combination discloses the computer program product of claim 9 further comprising storing an application type determined from the identifying information at the firewall in association with at least one of a machine name, a MAC address, an IP address, or a socket for the network message. (Aaron: ¶8-¶9, ¶28-¶35. Ferreira: Fig. 2, ¶22-¶30. See also Cooper: Fig. 6, ¶19-¶25)

As regards claim 20, Aaron et al combination discloses the computer program product of claim 9 wherein the identifying information includes one or more of an application name, an application path, a classification, or a verifiable assertion of source. (Aaron: ¶8-¶9, ¶28-¶35. Ferreira: Fig. 2, ¶22-¶30. See also Cooper: Fig. 6, ¶19-¶25)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SYED A ZAIDI/Primary Examiner, Art Unit 2432