DETAILED ACTION
	The instant application having Application No. 17/662,444 filed on 05/09/2022 is presented for examination by the Examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 1, 3, 5, 7, 9, 12, 14, 16 and 19 are objected to because of the following informalities:  
Claim 1 recites “receiving a network packet, by a filter driver, originating from the first user session...” It is suggested this be amended to “receiving a network packet, by a filter driver, the network packet originating from the first user session...” to avoid any ambiguity pertaining to which element originates from the first user session.

Claim 3 recites the limitation “..an ID...” Since this this a first occurrence, the abbreviation should be spelled out as identifier, identification and etc.. 

Claim 5 recites “..a first copy of first the security policy is stored..” which should be changed to “..a first copy of first security policy is stored...” In addition, claim 5 also recites “..the VM.” Since this is a firs occurrence, the abbreviation should be spelled out as Virtual Machine.
Claims 7 & 14 are objected for the same rationale as claim 1 above.
Claims 9 & 16 are objected for the same rationale as claim 3 above. 
Claims 12 & 19 are objected for the same rationale as claim 5 above. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 5-6, 12-3 and 19-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 5 recites the limitation “..the VM.” There is a lack of antecedent basis for this limitation in the claim.

Claim 6 recites the limitation “..the user session.” It is unclear if this limitation is referring to the first user session or the second user session.

Claims 12 & 19 are rejected for the same rationale as claim 5 above.
Claims 13 & 20 are rejected for the same rationale as claim 6 above.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5 and 7-21 of U.S. Patent No. 11,329,955. Although the claims at issue are not identical, they are not patentably distinct from each other because the scopes of the claims are the same.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 14-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Regarding claim 14, although the preamble of the claim recites “a system” the body of the claim does not positively recite any elements of hardware.  Therefore, the nature of the subject matter claimed may reasonably be construed as software embodiments. The mere recitation of a system in the preamble with an absence of a machine in the body of the claim fails to make the claim statutory under 35 USC 101.
It is suggested that “...a processor and system memory..” currently recite in the preamble be moved into the body of the claim, so that the claim positively recites an element of hardware.
Claims 15-20 depend on claim 14, thus also inherit the 101 rejection as their independent claim 14 above.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Jain et al. (US 2015/0358288 A1-hereinafter Jain.)
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Regarding claim 1, Jain discloses a method of filtering network packets, comprising: 
creating a first user session and a second user session (at least figures 2 &7, i.e. session for Web & App are created); 
setting a first security policy pertaining to the first user session (at least figure 2 & 7, i.e.: rules for Web are set); 
setting a second security policy pertaining to the second user session (at least figure 2 & 7, i.e.: rules for are set); 
receiving a network packet, by a filter driver originating from the first user session or destined for the first user session or originating from the second user session or destined for the second user session (figures 8-11, [0034][0036] [0074]-[0076] [0080][0092], at least packet originating from Web or App is received at virtualization software); 
in an instance in which the network packet originated from the first user session or is destined for the first user session, comparing packet attributes of the network packet to the first security policy (at least figures 8-11, [0036]-[0037[0076]-[0077] [0081]-[0100], i.e.: container ID, connection ID are used to compare to rules); 
in an instance in which the network packet originated from the second user session or is destined for the second user session, comparing packet attributes of the network packet to the second security policy (at least figures 8-11, [0036]-[0037] [0076]-[0077][0081]-[0100], i.e.: container ID, connection ID are used to compare to rules); and 
responsive to the comparing, blocking the network packet or transmitting the network packet (at least [0036]-[0037][0040][0045][0102], packet is either rejected or allowed.)
Regarding claim 2, Jain discloses the method of claim 1. Jain also discloses the filter driver is configured to intercept network packets generated by the first user session and the second user session (at least figures 1 & 10, elements 120 & 520, [0035]-[0036][0092], i.e.: packets from Web and App are intercepted by the virtualization software.)

Regarding claim 3, Jain discloses the method of claim 1. Jain also discloses setting the first security policy pertaining to the first user session comprises mapping, within a data structure, the first security policy to an ID of the first user session, and wherein the setting the second security policy pertaining to the second user session comprises mapping, within the data structure, the second security policy to an ID of the second user session (at least figures 2 & 12, [0040][0045]-[0047][0104]-[0105] i.e.: rules are mapped to connection ID in the conn-track table.)

Regarding claim 4, Jain disclose the method of claim 3. Jain also discloses receiving a security update ([0047]-[0048], i.e.: incoming packet with no entry in the conn-track table is received); 
determining whether the security update applies to the first user session, the second user session, or neither ([0047]-[0051], determines if the incoming packet has an applicable rule or not); and 
responsive to the determining, if the security update applies to the first user session or the second user session, updating the data structure ([0051], new entry to conn-track is added.)
Regarding claim 5, Jain discloses the method of claim 1. Jain also discloses a first copy of first the first security policy is stored within a central storage repository and a second copy of the first security policy is stored within memory of the virtual machine (at least figure 5, elements 571 & 528, [0040][0092] rules table and firewall database.)

Regarding claim 6, Jain discloses the method of claim 1.  Jain also discloses a container object operates in conjunction with the first user session or the second user session ([0006][0009][0041], security group or container.)

Claims 7 & 14 are rejected for the same rationale as claim 1 above.
Claims 8 & 15 are rejected for the same rationale as claim 2 above.
Claims 9 & 16 are rejected for the same rationale as claim 3 above.
Claims 10 & 17 are rejected for the same rationale as claim 4 above.

	Regarding claim 11, Jain discloses the non-transitory computer readable medium of claim 9.  Jain also discloses the data structure contains a mapping of a second ID of the second user session to the second security policy (at least figures 2 & 12, conn-track table that contains a mapping of i.e.: a Web connection ID to corresponding rule.)

Claim 18 is rejected for the same rationale as claim 11 above.
Claims 12 & 19 are rejected for the same rationale as claim 5 above.
Claims 13 & 20 are rejected for the same rationale as claim 6 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/Primary Examiner, Art Unit 2438