DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on November 07, 2022 has been entered.


Remarks
Pending claims for reconsideration are claims 1, 3-8, 14-21, and 26-30. Applicant has
Amended claims 1, 3-8, 12, and 16-19. 
Canceled claims 2, 9-13 and 22-25. 
Added new claims 26-30.

Response to Arguments
Applicant’s arguments filed on November 07, 2022 have been fully considered but they are not persuasive.
In the remarks, applicant argues in substance:
In response to argument- Examiner respectfully disagrees with argument that the prior art failed to disclose “…determining that a particular data message associated with a particular machine has a dynamic IP (Internet Protocol) address and based on the determination identifying, for the particular data message, a fixed MAC (media access control) address associated with an interface of the particular machine” (see, Page 8, lines 5-7). Saraiya discloses a data packet received at a machine which has IP address of the local machine (Fig. 8: Step 810), where the IP address is related to virtual MAC address. The virtual MAC address in turn is used to identify physical MAC address (Fig. 8: Step 812). 

Claim Rejections - 35 USC § 112 
Applicant amended claims 1, and 16, which were rejected under 35 U.S.C. 112(a); therefore, the rejection is withdrawn.  

Double Patenting 
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1, 3-8, 14-21, and 27-30 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1, 3-7, 11-12, and 14-20 of U.S. Patent No. 10,505,891. Although the conflicting claims are not identical, they are not patentably distinct from each other because all the limitations of claims 1, 3-8, 14-21, and 27-30 of this instant application are found in claims 1, 3-7, 11-12, and 14-20 of the patent No. 10,505,891. Therefore, claims 1, 3-8, 14-21, and 27-30 of this instant application are anticipated by claims 1, 3-7, 11-12, and 14-20 of Patent 10,505,891, because all the limitation of broader genus claims of this instant application are contained in the narrower species claims of Patent 10,505,891.
Application No.16/684376
Patent No. 10,505,891
1.  A method for securing communication of data messages of a particular machine comprising a dynamic IP (Internet Protocol) address, the method comprising: 
at a host computer on which the particular machine executes;

 determining that a particular data message associated with the particular machine has a dynamic IP address;

based on the determination, identifying, for the particular data message, a fixed MAC (media access control) address associated with an interface of the particular machine;
based on the MAC address, identifying a security policy for securing the communication of the particular data message; and 
applying the identified security policy to the particular data message.
1. A method for securing communication of data messages of a particular machine in a network, the particular machine comprising a dynamic first level address, the method comprising:
 based on the dynamic first level address, determining whether an encryption method and encryption key are identifiable for a particular data message; 
when no encryption method and encryption key are identifiable based on the dynamic first level address,
identifying a static second level address for the 
particular data message, wherein the static second level address is associated with an interface of the particular machine;

 based on the static second level address, identifying an encryption method and encryption key for securing the communication of the particular data message; and applying the encryption method and encryption key to the particular data message.
3. The method of claim 2,  wherein the dynamic IP address is a destination IP address, and the MAC address is the destination MAC address.
3. The method of claim 2, wherein identifying the static second level address comprises routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
4. A non-transitory machine readable medium storing a program for encrypting data messages associated with a particular machine executing on a host computer along with the program, the program comprising sets of
instructions for:
receiving particular data message comprising a dynamic IP (Internet Protocol) address that is assigned to an interface associated with the particular machine;
when the particular data message is destined to the particular machine, identifying a static destination MAC (media access control) address stored in a header of the data message;
when the particular data message is from the particular machine, identifying a static source MAC address stored in the header of the data message; 
based on the identified static MAC address, identifying a security policy for the particular data message;
and applying the identified security policy to the particular data message.
14. A method for securing communication of data messages of a particular machine in a network, the particular machine comprising a dynamic first level address, the method comprising: identifying a static second level address for a particular data message, wherein the static second level address is associated with an interface of the particular machine; determining whether an encryption method and encryption key are identifiable for the particular data message based on the second level address; when an encryption method and encryption key are identifiable based on the static second level address, identifying an encryption method and encryption key based on the static second level address; when no encryption method and encryption key are identifiable based on the static second level address, identifying an encryption method and encryption key based on a dynamic first level address; and applying the identified encryption method and encryption key to the particular data message.
5. The non-transitory machine readable medium of claim 28, wherein applying the encryption key to the particular data message comprises encrypting at least a portion of the particular data message based on the encryption key.
4. The method of claim 1, wherein applying the encryption method and encryption key comprises encrypting at least a portion of the particular data message based on the encryption method and the encryption key.
6. The non-transitory machine readable medium of claim 28, wherein applying the encryption key to the particular data message comprises decrypting at least a portion of the particular data message based on the encryption key.
5. The method of claim 1, wherein applying the encryption method and encryption key comprises decrypting at least a portion of the particular data message based on the encryption method and the encryption key.
7. The non-transitory machine readable medium of claim 5 further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network.
6. The method of claim 1 further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network
8. The non-transitory machine readable medium of claim 6 further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network.
7. The method of claim 1 further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network.
14. The method of claim 1, wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC).
11. The method of claim 1, wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC).
15. The method of claim 1, wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram.
12. The method of claim 1, wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram.
16. A non-transitory machine readable medium storing a program which when executed by at least one processing unit of a host computer secures communication of data messages of a particular machine executing on the host computer and comprising a dynamic IP (Internet Protocol) address, the program comprising sets of instructions for:



determining that a particular data message associated with the particular machine has a dynamic IP address; 

based on the determination, identifying, for the particular data message, a fixed MAC (media access control) address associated with an interface of the particular machine; 
based on the fixed MAC address, identifying a security policy for securing the communication of the particular data message; 
and applying the identified security policy to the particular data message.
15. A non-transitory machine readable medium storing a program which when executed by at least one processing unit secures communication of data messages of a particular machine in a network, the particular machine comprising a dynamic first level address, the program comprising sets of instructions for: 
based on the dynamic first level address, determining whether an encryption method and encryption key are identifiable for a particular data message; 
when no encryption method and encryption key are identifiable based on the dynamic first level address, 

identifying a static second level address for the particular data message, wherein the static second level address is associated with an interface of the particular machine; 
based on the static second level address, identifying an encryption method and encryption key for securing the communication of the particular data message; and applying the encryption method and encryption key to the particular data message.
17. The non-transitory machine readable medium of claim 16,  wherein the dynamic IP address is a source IP address and the fixed MAC address is a source MAC address .
16. The non-transitory machine readable medium of claim 15, wherein the dynamic first level address is an Internet Protocol (IP) address and the static second level address is a Media Access Control (MAC) address, wherein the set of instructions for identifying the static second level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
18. The non-transitory machine readable medium of claim 16, wherein the security policy comprises an encryption key, wherein the set of instructions for applying the security policy comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption key.
17. The non-transitory machine readable medium of claim 15, wherein the set of instructions for applying the encryption method and encryption key comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption method and the encryption key.
19. The non-transitory machine readable medium of claim 16, wherein the security policy comprises an encryption key, wherein the set of instructions for applying the security policy comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption key.
18. The non-transitory machine readable medium of claim 15, wherein the set of instructions for applying the encryption method and encryption key comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption method and the encryption key.
20. The non-transitory machine readable medium of claim 16, wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network.
19. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network.
21. The non-transitory machine readable medium of claim 16, wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network.
20. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network.
27. The non-transitory machine readable medium of claim 4, wherein the set of instructions for identifying the security policy comprises a set of instructions for identifying an encryption key
4. The method of claim 1, wherein applying the encryption method and encryption key comprises encrypting at least a portion of the particular data message based on the encryption method and the encryption key.
28. The non-transitory machine readable medium of claim 27, wherein the set of instructions for applying the identified security policy to the particular data message comprises a set of instructions for applying the encryption key to the particular data message.
4. The method of claim 1, wherein applying the encryption method and encryption key comprises encrypting at least a portion of the particular data message based on the encryption method and the encryption key.
29. The non-transitory machine readable medium of claim 4, wherein the set of instructions for identifying the security policy for the particular data message comprises a set of instructions for using the static MAC address identified for the particular data message to perform a lookup to select one security policy from a plurality of security policies that are specified for a plurality of static MAC addresses.
16. The non-transitory machine readable medium of claim 15, wherein the dynamic first level address is an Internet Protocol (IP) address and the static second level address is a Media Access Control (MAC) address, wherein the set of instructions for identifying the static second level address comprises a set of instructions for routing the particular data message based on a destination IP address of the particular data message, wherein the IP address for the particular data message is assigned by a Dynamic Host Configuration Protocol (DHCP) server.
30. The non-transitory machine readable medium of claim 16, wherein the particular data message is sent to or from the particular machine.
20. The non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network.


Claims 1, 3-7, 11-12, and 14-20 of Patent No. 10,505,891 contain every element of claims 1, 3-8, 14-21, and 27-30 of the instant application and thus anticipate the claims of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later application/patent claim is not patentably distinct from an earlier claim if the later claim anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
 Accordingly, absent a terminal disclaimer, claims 1, 3-8, 14-21, and 27-30 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-8, 14-21 and 26-30 are rejected under AIA  35 U.S.C. 103(a) 35 U.S.C. 103 as being obvious over Saraiya et al. (U.S. Patent Application Publication No.: US 2011/0299537 A1 / or “Saraiya” hereinafter and in view of Tanizawa et al. (U.S. Patent Application Publication No.: US 2005/0135625 A1 / or “Tanizawa” hereinafter [both references are provided by the applicant]).

Regarding claim 1, Saraiya discloses “A method for securing communication of data messages of a particular machine comprising a dynamic IP (Internet Protocol) address, the method comprising” (Abstract: method, system and articulate of manufacture is disclosed; and Fig. 1: Host 102; and Para 0021: Host 102 with IP address):
“at a host computer on which the particular machine executes” (Fig. 1: Host 102 with Virtual Machine 108 i.e., a “particular machine”):
“determining that a particular data message associated with the particular machine has a dynamic IP address” (Fig. 7: Step 704; and a data packet received at a machine which has IP address of the local machine (Fig. 8: Step 810), where the IP address is related to virtual MAC address. The virtual MAC address in turn is used to identify physical MAC address (Fig. 8: Step 812));
“based on the determination, identifying, for the particular data message, a fixed MAC (media access control) address associated with an interface of the particular machine” (Fig. 7: Step 704; and Fig. 1: Host 102 with Network subsystem 104; and Para 0022, Network subsystem has Ethernet Interfaces);
“[based on the MAC address, identifying a security policy] for securing the communication of the particular data message” (Para 0027:30-41, discloses applying ACL rules to filter data packets, where the ACL rules make use of MAC and IP address information);
“and applying the identified security policy to the particular data message” (Para 0029: applies ACL rules to data packets).
	But, Saraiya fails to specially discloses identify a set of security policies based on MAC address in data communication.
However, Tanizawa discloses use of a set of security polices in data communication (Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device.  Note: applicant provided specification explains the set of security policies comprises an encryption method and a shared key for encrypting [see Specification, Para 0009]).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of identify a set of security policies based on MAC address in data communication to the system of Saraiya to encrypt data message  for transmission to a client terminal (Tanizawa, Para 0103) and the ordinary person skilled in the art would have been motivated to combine to access and apply proper decryption key used in encrypting the data message  (Tanizawa, Para 0110).

Regarding claim 3, in view of claim 1, Saraiya discloses “wherein the dynamic IP address is a destination IP address, and the MAC address is the destination MAC address” (Para 0017:30-41, discloses applying ACL rules to filter data packets, where the ACL rules make use of MAC and IP address information).
Regarding claim 4, Saraiya discloses “A non-transitory machine readable medium storing a program for encrypting data messages associated with a particular machine executing on a host computer along with the program, the program comprising sets of
instructions for” (Abstract: method, system and articulate of manufacture is disclosed; and Fig. 1: Host 102; and Para 0021: Host 102 with IP address): 
“receiving particular data message comprising a dynamic IP (Internet Protocol) address that is assigned to an interface associated with the particular machine” (Para 0021: Host 102 with IP address); 
“when the particular data message is destined to the particular machine, identifying a static destination MAC (media access control) address stored in a header of the data message” (Fig. 1: Host 102 with Network subsystem 104; and Para 0022, Network subsystem has Ethernet Interfaces; and a data packet received at a machine which has IP address of the local machine (Fig. 8: Step 810), where the IP address is related to virtual MAC address. The virtual MAC address in turn is used to identify physical MAC address (Fig. 8: Step 812)); 
“when the particular data message is from the particular machine, identifying a static source MAC address stored in the header of the data message” (Fig. 8: Step 804; and a data packet received at a machine which has IP address of the local machine (Fig. 8: Step 810), where the IP address is related to virtual MAC address. The virtual MAC address in turn is used to identify physical MAC address (Fig. 8: Step 812));
“[based on the identified static MAC address, identifying a security
policy for] the particular data message” (Para 0027:30-41, discloses applying ACL rules to filter data packets, where the ACL rules make use of MAC and IP address information);
“[and applying the identified security policy to the particular data message]”.
	But, Saraiya fails to specially discloses identify a set of security policies based on MAC address in data communication.
However, Tanizawa discloses “and applying the identified security policy to the particular data message” (Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device.  Note: applicant provided specification explains the set of security policies comprises an encryption method and a shared key for encrypting [see Specification, Para 0009]).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of identify a set of security policies based on MAC address in data communication to the system of Saraiya to encrypt data message  for transmission to a client terminal (Tanizawa, Para 0103) and the ordinary person skilled in the art would have been motivated to combine to access and apply proper decryption key used in encrypting the data message  (Tanizawa, Para 0110).

Regarding claim 5, in view of claim 28, Saraiya in view of Tanizawa disclose “wherein applying the encryption key to the particular data message comprises encrypting at least a portion of the particular data message based on the encryption key” (Tanizawa, Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device).

Regarding claim 6, in view of claim 28, Saraiya in view of Tanizawa disclose “wherein applying the encryption key to the particular data message comprises decrypting at least a portion of the particular data message based on the encryption key” (Tanizawa, Para 0108: decrypts the packet based on the cryptographic method and the cryptographic key).
Regarding claim 7, in view of claim 5, Saraiya in view of Tanizawa “further comprising sending the particular data message on the interface of the particular machine to a destination machine in a network” (Tanizawa, Para 0103: packet is transmitted to a destination).

Regarding claim 8, in view of claim 6, Saraiya in view of Tanizawa “further comprising receiving the particular data message on the interface of the particular machine from a source machine in a network” (Tanizawa, Para 0127, identifies a MAC address i.e., a “static second level address” for a packet).
Regarding claim 14, in view of claim 1, Saraiya discloses “wherein the particular machine is a virtual machine and the interface is a virtual network interface controller (vNIC)” (Saraiya: Fig. 2; and Para 0028, virtual machine with vNICs).

Regarding claim 15, in view of claim 1, Saraiya in view of Tanizawa discloses “wherein the data message is one of an Ethernet frame, IP packet, TCP segment, and UDP datagram” (Saraiya, Para 0027, identifies a MAC address i.e., a “static second level address” for a packet).

Regarding claim 16, Saraiya in view of Tanizawa discloses “A non-transitory machine readable medium storing a program which when executed by at least one processing unit of a host computer secures communication of data messages of a particular machine executing on the host computer and comprising a dynamic IP (Internet Protocol) address, the program comprising sets of instructions for” (Para 0015, an apparatus with memory is disclosed in securing data packet by encrypting):  
“determining that a particular data message associated with the particular machine has a dynamic IP address; 
“based on the determination, identifying, for the particular data message, a fixed MAC (media access control) address associated with an interface of the particular machine; 
based on the fixed MAC address, identifying a security policy for securing the communication of the particular data message; 
and applying the identified security policy to the particular data message” (see rejection of claim 1).

Regarding claim 17, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the dynamic IP address is a source IP address and the fixed MAC address is a source MAC address” (see rejection of claim 3).

Regarding claim 18, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the security policy comprises an encryption key, wherein the set of instructions for applying the security policy comprises a set of instructions for encrypting at least a portion of the particular data message based on the encryption key” (See rejection of claim 5).

Regarding claim 19, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the security policy comprises an encryption key, wherein the set of instructions for applying the security policy comprises a set of instructions for decrypting at least a portion of the particular data message based on the encryption key” (See rejection of claim 6).

Regarding claim 20, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the program further comprises a set of instructions for sending the particular data message on the interface of the particular machine to a destination machine in a network” (See rejection of claim 7).
Regarding claim 21, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the program further comprises a set of instructions for receiving the particular data message on the interface of the particular machine from a source machine in a network” (See rejection of claim 8).
Regarding claim 26, in view of claim 1, Saraiya in view of Tanizawa discloses “wherein the particular data message is sent to or from the particular machine” (Fig. 1).

Regarding claim 27, in view of claim 4, Saraiya in view of Tanizawa discloses “wherein the set of instructions for identifying the security policy comprises a set of instructions for identifying an encryption key” (Tanizawa, Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device.  Note: applicant provided specification explains the set of security policies comprises an encryption method and a shared key for encrypting [see Specification, Para 0009]).

Regarding claim 28, in view of claim 27, Saraiya in view of Tanizawa discloses “wherein the set of instructions for applying the identified security policy to the particular data message comprises a set of instructions for applying the encryption key to the particular data message” (Tanizawa, Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device.  Note: applicant provided specification explains the set of security policies comprises an encryption method and a shared key for encrypting [see Specification, Para 0009]).

Regarding claim 29, in view of claim 4, Saraiya in view of Tanizawa discloses “wherein the set of instructions for identifying the security policy for the particular data message comprises a set of instructions for using the static MAC address identified for the particular data message to perform a lookup to select one security policy from a plurality of security policies that are specified for a plurality of static MAC addresses” (Tanizawa, Para 0102, identifies a cryptographic method and a cryptographic key associated with the MAC address of the destination device.  Note: applicant provided specification explains the set of security policies comprises an encryption method and a shared key for encrypting [see Specification, Para 0009]).

Regarding claim 30, in view of claim 16, Saraiya in view of Tanizawa discloses “wherein the particular data message is sent to or from the particular machine” (See rejection of claim 26).



Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Brown et al. (U.S. Patent No.: US 2007/0038719 A1) discloses “…attempt to determine portion-specific address may be made for certain portions of signed data in a message in order to perform an address matching verification, while other portions of data in a message may simply be bypassed and ignored. Whether a verification of an address match is performed for a specific older message incorporated in a received message may depend on how old the specific older message is in a given conversation thread, for example. The technique that should be applied to a given portion of signed data and corresponding digital signature of an older message incorporated in a received message may be dictated by a security policy…” (Para 0166).

Gourlay et al. (EP 2779531 A2) discloses “…Port-based network policy (210) is determined based on the device configuration signature. The network policy is applied to the port, where the network element applies the network policy to network data communicated through the port…” (Abstract).

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431