DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/24/2022 has been entered.
Claims 31-50 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s Remarks filed on 8/24/2022 have been fully considered.
With respect to the argument that Verzun does not teach or suggest non-public identification codes, Examiner notes that this argument is moot in view of the newly cited paragraphs from Verzun.
With respect to the argument that Wei does not teach “comparing an identification code…”, Examiner respectfully disagrees. In the final office action dated 2/124/2022, it was explained that Wei [0018] teaches “comparing the layer2 MAC addresses, IP addresses, port numbers and protocol number with an access control list etc…” where at least MAC addresses and IP addresses teach identification codes and it was shown that Wei teaches the argued feature, however Applicant did not provide reasoning to challenge this response.
With respect to the argument that there is no teaching or suggestion in the prior art of “transmitting a first application identifier for a first user-application to the second computing device and receiving……..a second application identifier for a second user-application…”, and that there is not teaching of “confirming the application data received comports to a data model”, Examiner respectfully disagrees. Verzun para.309-312 describe sending the port# where “port #21 represents the control port for requesting file transfer services” and therefore the port# is an application identifier and Verzun describes receiving a second port number in response where the second port number represents the responding application. With respect to the feature confirming the application data received conforms to a data model, the office action cited Verzun: Upon receiving IP packet 593, the browser in the notebook unwraps the payload, converts the graphics format using presentation Layer 6 into a browser compatible format [Verzun, para.0323], which teaches confirmation that the format is compatible or conforms with the browser.
With respect to arguments regarding the double patenting rejections, the rejections have been reconsidered and are being maintained.

Double Patenting
 The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re LongL 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
 A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
 Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
 Claims 31-50 are rejected on the ground of nonstatutory double patenting over claims 1-29 of Patent No. 10630642.
Claims 31-50 are rejected on the ground of nonstatutory double patenting over claims 1-28 of Patent No. 10397186.
Claims 31-50 are rejected on the ground of nonstatutory double patenting over claims 1-30 of Patent No. 10367811.
Claims 31-50 are rejected on the ground of nonstatutory double patenting over claims 1-30 of Patent No. 10361859.
Claims 31-50 are rejected on the ground of nonstatutory double patenting over claims 1-24 of Patent No. 10374803.
Claims 31-50 are rejected on the ground of nonstatutory double patenting over claims 1-22 of Patent No. 10375019.
Claims 31-50 are provisionally rejected on the ground of nonstatutory double patenting over claims 21-40 of copending Application No. 16/450322.
Claims 31-50 are provisionally rejected on the ground of nonstatutory double patenting over claims 31-60 of copending Application No. 16/450221.
Claims 31-50 are provisionally rejected on the ground of nonstatutory double patenting over claims 1-30 of copending Application No. 16/228331.
The claims in the instant application are either anticipated or rendered obvious by the claims in the above patents and copending applications.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 31-35, 37-44 and 46-50 are rejected under 35 U.S.C. 103 as being unpatentable over Verzun et al (US Pub.No.2016/0219024) in view of Wei et al (US Pub. No.2012/0144187).

Re Claim 31. Verzun discloses a method for performing communication management operations to secure communications of a plurality of networked computing devices, the method comprising: i) sending a [nonpublic] first identification code for a computing device to a software port on a second computing device (i.e. FIG. 31A, where client's device 526B, either a tablet or notebook, requests a web page from host 526A, typically a web server. In the exchange, client 526B sends a IP datagram comprising a Layer-3 IP header 529 having an IP address 527B with a numeric value "IP address B" to a host server at an IP address 527A having a numeric value "IP address A". Encapsulated within the payload of the Layer-3 datagram, the client also sends a Layer-4 transport header 530 containing its own source port number 528A with an ad hoc value of 9,999. The port request is sent to host port 80--a reserved HTTP port 528A used for web browser downloads of web pages) [Verzun, para.00252-0253, Fig.31A]  via a pre-established communication pathway (i.e. After negotiation is completed and an authentication method is selected, communication may commence) [para.0282], (i.e. SOCKS uses a handshake method to inform the proxy software about the connection that the client is trying to make without interpreting or rewriting packet headers. Once the connection is made, SOCKS operates transparently to the network users) [Verzun, para.00276]; ii) receiving, in response to the sending the [nonpublic]  first identification code, a [nonpublic] second identification code for the second computing device (i.e. To enhance security, encryption and decryption by Layer 6 can be restricted to authorized senders and recipients whose identity is confirmed a priori via a Layer 5 authentication procedure ) [Verzun, para.0285] , (i.e. FIG. 31B illustrates the reply for the client's request for services. As shown, all the directions of the arrows are reversed and all source and destination IP addresses and #s are swapped from the prior illustration. In the exchange, an IP datagram containing an Layer-3 IP header 537 is sent from a source IP address 531 having a numeric value "IP address A" to a destination IP address 532 having a numeric value "IP address B". Encapsulated within the Layer 3 datagram, a Layer-4 transport header 538 includes source port 533 having a numeric value of port # “80” and a destination prort 534 having a numeric value of port # "9,999". Embedded within IP packet payload 539, the response to the services request is payload (data) 536 which may contain HTML code for creating a web page) [Verzun, para.0254-0255, Fig.31B]; 
 	Verzun does not explicitly disclose that the identification codes are nonpublic, however Verzun states that Another security method, also relying on encryption, is that of a “virtual private network” or VPN. In a VPN, a tunnel or secure pipe is formed in a network using encrypted IP packets. Rather than only encrypting the payload, in a VPN the entire IP packet is encrypted and then encapsulated into another unencrypted IP packet acting as a mule or carrier transmitting the encapsulated packet from one VPN gateway to another …The basic VPN concept is illustrated in FIG. 48A where server 700, as part of one LAN supporting a number of devices wirelessly through RF connections 704 and wireline connections 701 is connected by a “virtual private network” or VPN comprising content 706 and VPN tunnel 705 to a second server 707 having wireline connections 708 to desktops 709A thru 709C, to notebook 711, and to WiFi base station 710. In addition to these relatively low bandwidth links, server 707 also connects to supercomputer 713 via high bandwidth connection 712. In operation, outer IP packet 714 from server A, specifying a source IP address “S8” and port #500 is sent to server B at destination IP address “S9” and port #500. This outer IP packet 714 describes how servers 700 and 707 form an encrypted tunnel to one another for data to pass within. The VPN payload of outer packet 714 contains last-mile IP packet 715 [Verzun, para.0758-0760, discloses securing communication using a VPN tunnel where the inner packet 715 is encrypted and Fig. 48A shows that the inner packet contains device MAC and IP addresses] and encrypted identification codes implicitly teach non-public identification codes.
Verzun does not explicitly disclose whereas Verzun in view of Wei does: iii) comparing the nonpublic [Verzun, as presented above, teaches nonpublic identification codes] second identification code with a pre-established value for the second computing device (i.e. receiving an inbound data packet that contains an operation command for the device, comparing the layer 2 header MAC addresses, IP addresses, port numbers and protocol number with an access control list, if there is a disparity between the layer 2 header MAC addresses, IP addresses, port numbers or protocol number, and the access control list, dropping the data packet, comparing the layer 3 header source address, destination address and protocol number with the access control list, if there is a disparity between the layer 3 header source address, destination address or protocol number, and the access control list, dropping the data packet, comparing the layer 4 header sequence number and acknowledgement number with a connection status, if the layer 4 sequence number or acknowledgement number does not conform with the connection status, dropping the data packet [Wei, para.0018]; 
 	Verzun further discloses: iv) further sending a first application identifier for a first user-application to the second computing device via the pre-established communication pathway; v) further receiving, in response to the sending the first application identifier, a second application identifier for a second user-application (i.e. This process is illustrated in FIG. 34, where notebook 35 having a numeric IP address "NB" and dynamic port assignment requests a file from file server 21A by sending IP packet 580 as an FTP request using TCP transport, to port #21, the FTP control port of the file server. The resulting IP packet 580 includes destination IP address "S1", the destination port #21, along with its source IP address "NB", and its ad hoc port #9999. Since port #21 represents the control port for requesting file transfer services, file server 21A knows that notebook 35 is requesting a file and expects login information to confirm the packet's destination IP address and port number……………………..in response, file server 21A then opens the IP packet's payload to determine the file name and optionally the file path being requested, and after locating file 583, encapsulates it into a responsive IP packet 582 and sends the packet back through the data to notebook 35 by swapping the IP addresses and ports i.e. where the destination becomes IP address “NB” at port #9999, and the source becomes IP address “S1” and port#20) [Verzun, para.309-0312];  vi) comparing the second application identifier with a pre-established value for the second user-application (i.e. the main rule for devices to establish communication at the application layers is the same or compatible application must exist on all the communicating devices) [Verzun, para.0272]; vii) confirming application data received from the second user-application conforms to a data model assigned to a predetermined port number (i.e. Upon receiving IP packet 593, the browser in the notebook unwraps the payload, converts the graphics format using presentation Layer 6 into a browser compatible format) [Verzun, para.0323], a data range assigned to the predetermined port number (i.e. FIG. 31B illustrates the reply for the client's request for services ……..Encapsulated within the Layer-3 datagram, a layer-4 value of port #80 and a destination port 534 having a numeric value of port #9999. Embedded within IP packet payload 539, the response to the services request is payload (data) 536 which may contain HTML code for creating a web page) [Verzun, para.0254] and a command type assigned to the predetermined port number (i.e. the port # identifies the type of service requested) [Verzun, para.0271], the predetermined port number assigned to the first user-application and/or the second user-application; followed by viii) passing the confirmed application data to the first user-application (i.e. To request a web page, IP packet 590 specifies port #80 of the web server. In response, web server 21A then attaches an HTML payload and return IP packet 591 by swapping the addresses and port #s from that of packet 591, namely where the source is now port i#80 at IP address 9999 and the destination is now port #9999 at IP address "NB". The HTML data is carried using a TCP based connection to insure high payload reliability) [Verzun, 0322]. 
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Verzun with Wei because it would be desirable to have an application layer security proxy to protect substation automation systems.  The application layer security proxy inspects an inbound data packet at the application layer, and either drops the data packet, forwards the data packet, or processes the data packet rather than dropping it in order to maintain the communications network connection, the later two according to a predefined role-based access control policy [Wei, para.0014].

Re Claim 32. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: wherein the nonpublic second identification code is obtained from a network packet (i.e. Layer 4, transport header 530 containing its own source port number 528A with an ad hoc value of 9,999. The port request is sent to host port 80--a reserved HTTP port 528A used for web browser downloads of web pages) [Verzun, para.0252, Fig. 31B, depicts layer 4 in item 538 source and destination port numbers].  

Re Claim 33. Verzun in view of Wei discloses the method of claim 32, Verzun further discloses: wherein the nonpublic second identification code is obtained from a portion of the network packet that is higher-than-OSI layer three and lower than-OSI layer seven (i.e. Layer 4, transport header 530 containing its own source port number 528A with an ad hoc value of 9,999. The port request is sent to host port 80--a reserved HTTP port 528A used for web browser downloads of web pages) [Verzu, para.0252, Fig. 31B, depicts layer 4 in  item 538 source and destination port numbers]. 

Re Claim 34. Verzun in view of Wei discloses the method of claim 33, Verzun further discloses: wherein the comparing is initiated in a kernel space of the first computing device (i.e. the main rule for devices to establish communication at the application layers is the same or compatible application must exist on all the communicating devices) [Verzun, para.0272, establishing communication is performed in a kernel space of a computing device]. 

Re Claim 35. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: wherein the pre-established value is preprovisioned on nonvolatile storage media of the first computing device (i.e. Layers 2, 3 and 4 likewise all utilize device "identity" as a key component in directing communication traffic among devices. For example, Layer 2, the data link layer, identifies input and output connections using media access or MAC addresses) [Verzun, para.0385, MAC addresses implicitly disclose the claimed feature].

Re Claim 37. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: wherein the nonpublic first identification code and the nonpublic second identification code are shared secrets between the first computing device and the second computing device (i.e. As an added level of security, the client devices may exchange seeds and keys directly with each other via the signaling servers. Thus a transmitting client device may send a seed and/or key directly to the receiving client device. In such embodiments the packet received by the receiving client device will be in the same scrambled or encrypted form as the packet leaving the sending client device. The receiving client device can therefore use the seed or key that it receives from the sending client device to unscramble or decrypt the packet) [Verzun, para.0450].

Re Claim 38. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: further comprising translating, prior to the passing, the application data from a first pre-established format to a second pre-established format (i.e. Layer 6 is also responsible for encryption, i.e. formatting and encrypting data before sending across a network, and conversely decrypting data and reformatting it before presenting it to the application layer. For example, upon receiving a tab-delineated data file sent in an encrypted format over the Internet, Layer 6, once it has decrypted the file according to negotiated decryption keys, can reformat the data for importation into a row-column based spreadsheet, e.g. Excel, or a relational data base such as Oracle) [Verzun, para.0285, see also para.00318-0319].  

Re Claim 39. Verzun in view of Wei discloses the method of claim 38, Verzun further discloses: further comprising determining the first pre-established format and the second pre-established format from (a) a data model identification code assigned to the data model and/or (b) the predetermined port number (i.e. Upon receiving IP packet 593, the browser in notebook unwraps the payload, converts the graphics format using presentation Layer 6 into a browser compatible format) [Verzun, para.0323], (i.e. A list of common official reserved port #s is listed in FIG. 31C including the well-known port 80 for HTTP web browsing) [Verzun, para.0255]. 

Re Claim 40. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: further comprising sending the first application identifier and a data model identifier assigned to the data model to the second computing device in a single network packet (i.e. The IP packet contains digital information defining the physical connection between devices, the way the data is organized to link the devices together, the network routing of the packet, a means to insure the useful data (payload) was delivered accurately and what kind of data is in the payload, and then the payload data itself to be used by various application programs) [Verzun, para.0072], (i.e. The IP packet also contains, the Layer 4 port of the sending and receiving devices potentially defining the type of service being requested, and the data file itself) [Verzun, para.0385], (i.e. While the port # identifies the type of service requested, the application must understand the nature of the data encapsulated as a Layer 4 payload. Taking action based on the contents of the delivered package is the role of the upper OSI application layers, Layers 5, 6, and 7) [Verzun, para.0271, Fig. 31A]. 

Re Claim 41. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: wherein the comparing the nonpublic second identification code and the comparing the second application identifier are performed prior to any communication of application data between the first user-application and the second user-application (i.e. the main rule for devices to establish communication at the application layers is the same or compatible application must exist on all the communicating devices) [Verzun, para.0272]. 

Re Claim 42. Verzun in view of Wei discloses the method of claim 41, Verzun further discloses: further comprising: i) receiving a data packet from a first port assigned to the first user-application, the first port hosted on the first computing device, the data packet comprising a payload and a second port number; and ii) assembling a packet segment for the received data packet, the packet segment comprising the payload, the first application identifier, and a data model identifier assigned to the data model (i.e. FIG. 31B illustrates the reply for the client's request for services. As shown, all the directions of the arrows are reversed and all source and destination IP addresses and port #s are swapped from the prior illustration. In the exchange, an IP datagram containing an Layer-3 IP header 537 is sent from a source IP address 531 having a numeric value "IP address A" to a destination IP address 532 having a numeric value "IP address B". Encapsulated within the Layer-3 datagram, aLayer-3 datagram, a Layer-4 transport header 538 includes source port 533 having a numeric value of port #80 and a destination port 534 having a numeric value of port # "9,999". Embedded within IP packet payload 539, the response to the services request is payload (data) 536 which may contain HTML code for creating a web page) [Verzun, para.0253-0254, Fig.31A-B]. 

Re Claim 43. Verzun in view of Wei discloses the method of claim 42, Verzun further discloses: wherein the pre-established communication pathway has a one-to-one correspondence to an n-tuple comprising the first application identifier, the second application identifier, the second port number, and the data model identifier [Verzun, Fig. 31A-B and Fig.34 shows a tuple comprising the first application identifier, the second application identifier, the second port number, and the data model identifier with the payload], (where the port # identifies the type of service requested) [Verzun, para.0271].

Re Claim 44. Verzun in view of Wei discloses the method of claim 43, Verzun further discloses: wherein each of a series of network packet communications of user-application data between the first port and the second port comprise: transmission of a network packet to a third port, the third port assigned to network security software resident on the second computing device, the third port having a one-to-one correspondence with the second port number, the second port number assigned to the second port, the second port assigned to the second user-application, the network packet comprising the first application identifier and the data model identifier (i.e. Ports are also used to facilitate "firewalls", preventing or at least inhibiting unauthorized access to a computer, server, or device for a particular service. For example, any server located on an intranet, i.e. on a private network located behind a NAT or protected by a dedicated network security box, can be limited to specific types of service requests initiated from the Internet. For example, the firewall may be set to block port 80 requests, disabling HTTP service requests and preventing web page downloads from the Internet. Alternatively the firewall can be set to allow only port 25 service requests from the Internet, with no other ports are enabled) [Verzun, para.0257]. 

Re Claim 46. Verzun in view of Wei discloses the method of claim 44, Verzun further discloses:  wherein all communications of user-application data between the first port and the second port comprise the series of network packet communications (i.e. As shown, a series of data packets 1099A, 1099B, 1099C, and 1099Z arrive in sequence in the communication node. Each data packet includes a header such as 1102A, and its corresponding data, e.g. 1090A) [Verzun, para.0982].

Re Claim 47. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: further comprising i) intercepting a network connection request from a first port assigned to the first user- application, the first port hosted by the first computing device, the request comprising a second port number; and ii) verifying that the first user-application is specifically authorized to communicate with a second port, the second port number assigned to the second port (i.e. Another Layer 5 application, "socket secure" or SOCKS, is an Internet protocol used for routing IP packets between a server and client through a proxy server and to perform "authentication" to restrict server access to only authorized users) [Verzun, para.0275, 0276].

Re Claim 48. Verzun in view of Wei discloses the method of claim 47, Verzun further discloses: wherein the verifying is performed prior to forming the pre-established communication pathway (i.e. After negotiation is completed and an authentication method is selected, communication may commence) [Verzun, para.0282], (i.e. to enhance security, encryption and decryption by Layer 6 can be restricted to authorized senders and recipients whose identity is confirmed a priori via a Layer 5 authentication procedure) [Verzun, para.0285].

Re Claim 49. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: further comprising: i) confirming that further application data received from the first user-application (i.e. So using HTML, the content of a web page is not constructed from a single download like a file sent using FTP, but is built using a succession of calls to different servers each delivering specific content. This concept is illustrated graphically in FIG. 35B) [Verzun, para.0325] conforms to a further data model assigned to a further predetermined port number, a further data range assigned to the further predetermined port number, and a further command type assigned to the further predetermined port number, the further predetermined port number assigned to the first user-application and/or the second user-application; ii) passing the confirmed further application data to the second user-application [Verzun discloses these features in a similar manner as in the rejection of similar features in claim 31]. 

Re Claim 50. Verzun in view of Wei discloses the method of claim 31, Verzun further discloses: wherein a portion of the communication management operations are executed in a kernel space of the first computing device, and a further portion of the communication management operations are executed in an application space of the first computing device (i.e. Layer 4, the transport layer comprises segments of data defining the nature of the connection between communicating devices, where UDP defines a minimal description of the payload for connectionless communication, namely how large is the payload, were any bits lost, and what application service (port) will use the delivered data. UDP is considered connectionless because it does not confirm delivery of the payload, relying instead on the application to check for errors or lost data) [Verzun, para.0078-0079].  

Claims 36 and 45 are rejected under 35 U.S.C. 103 as being unpatentable over Verzun in view of Wei as applied to claims 35 and 44, and further in view of Boubion et al (US Pub No. 2010/0316219).

Re Claim 36. Verzun in view of Wei discloses the method of claim 35, Verzun in view of Wei does not explicitly disclose whereas Boubion does: further comprising decrypting the nonpublic second identification code with a single-use cryptographic key (i.e. At some pre-defined point during the communication event, the cipher key may rotate to another previously generated and shared cipher key, stored in a repository of predefined cipher keys. The rotation may occur at predefined moments, such that both the first user and the second user may have respective cipher keys rotated, sourced from their respective cipher key repository, (i.e., so that the first user may encrypt using the same key as the second user uses to decrypt, and vice versa). Rotation of the keys during a communication session for a communication event may occur, for example, at predetermined times, or at predetermined events, such as after a predetermined amount of data is transmitted during a communication event) [Boubion, para.0104]. 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Verzun in view of Wei with Boubion because the rotation of keys during the communication session between the first user and the second user adds heightened security to the communication session [Boubion, para.0112].

Re Claim 45. Verzun in view of Wei discloses the method of claim 44, Verzun further discloses: wherein the first application identifier and the data model identifier in the each of the series of network packet communications are encrypted (i.e. generating a client token or challenge to send to the server and receiving a response token, converting application data into a secure or encrypted message) [Verzun, para.0282]. 
 Verzun in view of Wei does not explicitly disclose whereas Boubion does: by one of a series of single-use encryption keys (i.e. At some pre-defined point during the communication event, the cipher key may rotate to another previously generated and shared cipher key, stored in a repository of predefined cipher keys. The rotation may occur at predefined moments, such that both the first user and the second user may have respective cipher keys rotated, sourced from their respective cipher key repository, (i.e., so that the first user may encrypt using the same key as the second user uses to decrypt, and vice versa). Rotation of the keys during a communication session for a communication event may occur, for example, at predetermined times, or at predetermined events, such as after a predetermined amount of data is transmitted during a communication event) [Boubion, para.0104]. 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Verzun in view of Wei with Boubion because the rotation of keys during the communication session between the first user and the second user adds heightened security to the communication session [Boubion, para.0112].

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285.  The examiner can normally be reached on Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/ PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (USA OR CANADA) or 571-272-1000.

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434