DETAILED ACTION
This Office Action is in response to the amendment to Application Ser. No. 18/432,878 filed January 8, 2026. Claims 8 and 16 are cancelled. Claims 1, 2, 5-7, 9, 10, 13-15, 17, 18 and 20 are currently amended. Claims 1-7, 9-15 and 17-20 are pending and are examined.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on January 8, 2026, has been entered.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Response to Arguments
The amendment to the specification has overcome the objection to the disclosure for minor informalities set forth in the Final Office Action mailed September 8, 2025. The objection to the specification is hereby withdrawn.
The amendment to Claims 1, 5, 9, 13, 17 and 20 has overcome the rejection of Claims 1, 3-7, 9, 11-15, 17, 19 and 20 under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or joint inventor regards as the invention set forth in the Final Office Action mailed September 8, 2026. The rejection of Claims 2, 6, 7, 10, 14, 15 and 18 under 35 U.S.C. 112(b) is maintained for the reasons set forth in this Office Action.
The amendment to Claims 1, 9 and 17 has overcome the rejection of Claims 1-7, 9-15 and 17-20 under 35 U.S.C. 112(a) as failing to comply with the written description requirement set forth in the Final Office Action mailed September 8, 2025. New grounds of rejection under 35 U.S.C. 112(a), necessitated by the amendment, are set forth in this Office Action.
The amendment to Claims 1, 9 and 17 has overcome the rejection of Claims 1-7, 9-15 and 17-20 under 35 U.S.C. 103 set forth in the Final Office Action mailed September 8, 2025. New grounds of rejection under 35 U.S.C. 103, necessitated by the amendment, are set forth in this Office Action.
Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 2, 6, 7, 10, 14, 15 and 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 2 recites the limitation “The system of claim 1, wherein a new NAT translation that would conflict with the one created from the STUN translation is not generated if the ALG entity determines that the IP address had been previously translated through the STUN exchange” in lines 1-4. There is insufficient antecedent basis in the claims for the term “the one created from the STUN translation” in the claims.
For examination purposes, the term “the one created from the STUN translation” is interpreted as “a translation created through the STUN exchange”.
Claim 6 recites the limitation “wherein a special configuration for a device associated with the IP address is not required to provide seamless support for interworking of the STUN and the ALG entity” in lines 1-3. There is insufficient antecedent basis for the term “the STUN” in the claims.
For examination purposes, the term “the STUN” is interpreted as “the STUN exchange”.
Claim 7 recites the limitation “wherein one or more VoIP devices that use the STUN exchange for NAT traversal and use the ALG entity for NAT traversal are deployed together behind the ALG entity, and wherein a special configuration for each device is not required to provide seamless support for interworking of the STUN and the ALG entity” in lines 1-4. There is insufficient antecedent basis for the term “the STUN” in the claims. Additionally, as devices either use STUN or ALG for NAT traversal, the meaning of “wherein one or more VoIP devices that use the STUN exchange for NAT traversal and use the ALG entity for NAT traversal (emphasis added)” is unclear, rendering the claim indefinite.
For examination purposes, the term “the STUN” is interpreted as “the STUN exchange and the limitation “wherein one or more VoIP devices that use the STUN exchange for NAT traversal and that use the ALG entity for NAT traversal are deployed together behind the ALG entity” is interpreted as “wherein one or more VoIP devices that use a STUN exchange for NAT traversal and one or more VoIP devices that use the ALG entity for NAT traversal are deployed together behind the ALG entity”, respectively.
Insofar as it recites similar claim elements, Claim 10 is rejected for substantially the same reasons presented above with respect to Claim 2.
Insofar as it recites similar claim elements, Claim 14 is rejected for substantially the same reasons presented above with respect to Claim 6.
Insofar as it recites similar claim elements, Claim 15 is rejected for substantially the same reasons presented above with respect to Claim 7.
Insofar as it recites similar claim elements, Claim 18 is rejected for substantially the same reasons presented above with respect to Claim 2.
Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
Claims 1-7, 9-15 and 17-20 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 1 recites the limitation “in response to a determination that the IP address has been previously translated through the STUN exchange, perform an interface call to install a prediction that is added to the shared NAT table associated with the ALG entity, wherein the prediction corresponds to an instruction that allows packets with a source address having the IP address or a destination address having a NATed address” in lines 13-18. As illustrated in Figure 4B and as described in paragraphs [0097]-[0099], the IP address extracted from the Layer 7 payload is the translated (NATed) IP address, i.e., 200.2.2.2(8000). Paragraph [0114] of the instant specification states:
“In this example use case, given that the IP address is found in the NAT table (404),the ALG will use the original address 10.1.1.1(4000) to install a prediction (421h), that instructs the firewall to allow RTP packets with source address of 10.1.1.1(4000), or a destination address of 200.2.2.2(8000).”
Paragraph [0114] clearly shows that when the IP address of the Layer 7 payload has been previously translated, the IP address is a translated IP address. While paragraph [0114] specification discloses installing a prediction that instructs the firewall to allow packets having the original (untranslated or non-NATed) IP address 10.1.1.1(4000) as a source address or having the translated IP address 200.2.2.2(8000), i.e., the IP address, as the destination address, there is insufficient written description support in the specification for installing a prediction that instructs the firewall to allow packets “with a source address having the IP address or a destination address having a NATed address” as claimed.
Dependent Claims 2-7 are rejected for the reasons presented above with respect to rejected Claim 1 in view of their dependence thereon.
For examination purposes, the limitation “wherein the prediction corresponds to an instruction that allows packets with a source address having the IP address or a destination address having a NATed address” is interpreted as “wherein the prediction corresponds to an instruction that allows packets with a source address having an original non-NATed address or a destination address having the IP address (emphasis added)”.
Insofar as they recite similar claim elements, Claims 9 and 17 are rejected for substantially the same reasons presented above with respect to Claim 1.
Dependent Claims 10-15 and 18-20 are rejected for the reasons presented above with respect to rejected Claims 9 and 17 in view of their dependence thereon.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 6-11 and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Pande et al., Pub. No. US 2008/0159306 A1, hereby “Pande”, in view of Cook et al., Pat. No. US 7,043,564 B1, hereby “Cook”, and in further view of Mihelich et al., Pub. No. US 2012/0210416 A1, hereby “Mihelich”.
Regarding Claim 1, Pande discloses “A system (Pande figs. 1 and 5 and paragraphs 2, 16, 19-20 and 32-33: NAT device 110 performing Application Layer Gateway (ALG) functionality), comprising:
a processor (Pande figs. 1 and 5 and paragraphs 19 and 32-33: processor 63) configured to:
monitor network traffic at an application-layer gateway (ALG) entity (Pande figs. 1 and 4 and paragraphs 20-21, 24 and 28: NAT device 110 receives a signaling message, e.g., a SIP signaling message 214, from an endpoint, e.g., host 102);
process a Layer 7 payload at the ALG entity to extract an IP address to be translated using network address translation (NAT) (Pande figs. 1 and 4 and paragraphs 20-21, 24 and 28: NAT device 110 processes body 204 of signaling message 214, i.e., a Layer 7 payload, to identify one or more addresses and/or ports to be NATed);
determine that the IP address has been previously translated through a Session Traversal Utilities for NAT (STUN) exchange... (Pande figs. 1 and 4 and paragraphs 24 and 28: NAT device 110 determines if body 204 contains at least one “outside” IP address, i.e., an IP address that was already translated by the endpoint, e.g., using STUN);” and
“a memory coupled to the processor and configured to provide the processor with instructions (Pande figs. 1 and 5 and paragraphs 19 and 32-33: memory 61).”
However, while Pande discloses determining that the endpoint has already performed address translation based on the presence of an outside IP address in the body of the signaling message (Pande paragraph 28), Pande does not explicitly disclose “determine that the IP address has been previously translated through a Session Traversal Utilities for NAT (STUN) exchange, comprising to:
determine that the IP address is found in a shared NAT table associated with the ALG entity; and
in response to a determination that the IP address is found in the shared NAT table, determine that the IP address has been previously translated through the STUN exchange (emphasis added)”.
In the same field of endeavor, Cook discloses inspecting a NAT table to determine whether a NAT entry exists for a network address, i.e., whether the network address has been previously translated (Cook fig. 4 and column 7, lines 40-42: In response, the controller 44 inspects the NAT 40 table 90 to determine whether a NAT entry 92 exists for translating a network address of UDP packet.”).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing to modify the NAT device of Pande to determine whether the IP address has been previously translated by consulting a NAT table as taught by Cook because doing so constitutes a simple substitution of one known element (inspecting a NAT table to determine if a network address was previously translated) for another (identifying an outside IP address to determine an IP address was previously translated) to obtain predictable and desirable results (determining whether the IP address has been previously translated). See KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007).
However, while Pande discloses that the NAT device performing ALG functionality may be a NAT firewall device (Pande paragraph 6), and further discloses that the NAT device does not perform address translation on the IP addresses in the body of the signaling message in response to determining that address translation was already performed by the endpoint (Pande paragraphs 19, 24, and 28-30), the combination of Pande and Cook does not explicitly disclose “in response to a determination that the IP address has been previously translated through the STUN exchange, perform an interface call to install a prediction that is added to the shared NAT table associated with the ALG entity, wherein the prediction corresponds to an instruction that allows packets with a source address having the IP address or a destination address having a NATed address”.
In the same field of endeavor, Mihelich discloses an ALG opening a pinhole in a firewall security device to enable media sessions associated with a control session, wherein the pinhole allows packets arriving from the WAN having the NATed address of a device inside the firewall security device as destination address (Mihelich fig. 6 and paragraphs 127-131: SIP ALG creates pinhole #1 in firewall security device 610, which accepts traffic on the WAN having the translated IP address of SIP phone A as the destination address).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing to modify the NAT device of Pande, as modified by Cook, to open a pinhole in the firewall allowing packets having the outside IP address as the destination address as taught by Mihelich. One of ordinary skill in the art would have been motivated to combine open a pinhole in the firewall allowing packets having the outside IP address as the destination address to enable traversal of the firewall by media/data sessions indicated by the body of the received signaling message (Mihelich paragraph 131).
Regarding Claim 2, the combination of Pande, Cook and Mihelich discloses all of the limitations of Claim 1.
Additionally, Pande discloses “wherein a new NAT translation that would conflict with the one created from the STUN translation is not generated if the ALG entity determines that the IP address had been previously translated through the STUN exchange (Pande figs. 1 and 4 and paragraphs 19-20, 24 and 28: NAT device 110 does not perform ALG functionality on the body 204 of signaling message 214, i.e., ALG address translation, in response to determining that address translation was already performed).”
Regarding Claim 3, the combination of Pande, Cook and Mihelich discloses all of the limitations of Claim 1.
Additionally, Pande discloses “wherein the ALG entity includes a firewall (Pande paragraph 6: NAT device 110 performing ALG functionality may be a NAT firewall device).”
Regarding Claim 6, the combination of Pande, Cook and Mihelich discloses all of the limitations of Claim 1.
Additionally, Pande discloses “wherein a special configuration for a device associated with the IP address is not required to provide seamless support for interworking of the STUN and the ALG entity (Pande paragraphs 6, 19, 22-24 and 30: both host devices performing their own NAT, e.g., using STUN, and host devices that require ALG network address translation are supported without requiring special configuration as the support is implemented within NAT device 110).”
Regarding Claim 7, the combination of Pande, Kim and Mihelich discloses all of the limitations of Claim 1.
Additionally, Pande discloses “wherein one or more VoIP devices that use the STUN exchange for NAT traversal and use the ALG entity for NAT traversal are deployed together behind the ALG entity, and wherein a special configuration for each device is not required to provide seamless support for interworking of the STUN and the ALG entity (Pande paragraphs 6, 19, 22-24 and 30: both host devices performing their own NAT, e.g., using STUN, and host devices that require ALG network address translation are supported without requiring special configuration as the support is implemented within the NAT device 110 - while not explicitly stated, Pande suggests that the host devices may be VoIP phones in paragraph 22).”
Insofar as it recites similar claim elements, Claim 9 is rejected for substantially the same reasons presented above with respect to Claim 1.
Additionally, Pande discloses “A method... (Pande figure 4 and paragraphs 2, 14 and 28: a method of processing signaling messages using an Application Layer Gateway)”.
Insofar as it recites similar claim elements, Claim 10 is rejected for substantially the same reasons presented above with respect to Claim 2.
Insofar as it recites similar claim elements, Claim 11 is rejected for substantially the same reasons presented above with respect to Claim 3.
Insofar as it recites similar claim elements, Claim 14 is rejected for substantially the same reasons presented above with respect to Claim 6.
Insofar as it recites similar claim elements, Claim 15 is rejected for substantially the same reasons presented above with respect to Claim 7.
Insofar as it recites similar claim elements, Claim 17 is rejected for substantially the same reasons presented above with respect to Claim 1.
Additionally, Pande discloses “A computer program product embodied in a non-transitory computer readable medium and comprising computer instructions... (Pande figure 4 and paragraphs 2, 14 and 28: machine readable media including program instructions implementing a method of processing signaling messages using an Application Layer Gateway)”.
Insofar as it recites similar claim elements, Claim 18 is rejected for substantially the same reasons presented above with respect to Claim 2.
Insofar as it recites similar claim elements, Claim 19 is rejected for substantially the same reasons presented above with respect to Claim 3.
Claims 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Pande, Cook and Mihelich in view of the product datasheet published by NSFOCUS, titled “Next-Generation Firewall- Multi-Layered Comprehensive Security Solution”, hereby “NSFOCUS”.
Regarding Claim 4, the combination of Pande, Kim and Mihelich discloses all of the limitations of Claim 1.
However, while Pande discloses that the NAT device performing ALG functionality may be a NAT firewall device (Pande paragraph 6), the combination of Pande, Kim and Mihelich does not explicitly disclose “wherein the ALG entity includes a Next Generation Firewall (NGFW).
In the same field of endeavor, NSFOCUS discloses a next generation firewall (NGFW) implementing ALG functionality (NSFOCUS sixth page, feature “NAT”).”
It would have been obvious to one of ordinary skill in the art at the time of the effective filing to modify the NAT device of Pande, as modified by Cook and Mihelich, to implement the ALG functionality within a Next Generation Firewall (NGFW) as taught by NSFOCUS because doing so constitutes a simple substitution of one known element (a Next Generation Firewall) for another (a NAT firewall device) to obtain predictable and desirable results (implementation of the ALG functionality). See KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007).
Insofar as it recites similar claim elements, Claim 12 is rejected for substantially the same reasons presented above with respect to Claim 4.
Claims 5, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Pande, Cook and Mihelich in view of the Wing et al., Pub. No. US 2007/0101414 A1, hereby “Wing”.
Regarding Claim 5, the combination of Pande, Kim and Mihelich discloses all of the limitations of Claim 1.
However, while Pande discloses the NAT device supports host devices that perform their own NAT translations, e.g., using STUN (Pande paragraphs 6, 19, 24 and 30), the combination of Pande, Kim and Mihelich does not explicitly disclose “wherein the ALG entity automatically adapts to a new STUN session to generate a pinhole for the new STUN session based on the IP address.”
In the same field of endeavor, Wing discloses generating pinholes in a firewall in response to receiving a STUN request (Wing figs. 3A and 11 and paragraphs 42, 51 and 108-110: firewall 13 opens a pinhole 90 permitting communications to the IP address in STUN request 308).”
It would have been obvious to one of ordinary skill in the art at the time of the effective filing to modify the NAT device of Pande, as modified by Cook and Mihelich, to generate a pinhole in the firewall in response to receiving a STUN request as taught by Wing because doing so constitutes applying a known technique (generating pinholes in a firewall in response to receiving a STUN request) to known devices and/or methods (a NAT device performing Application Layer Gateway (ALG) functionality) ready for improvement to yield predictable and desirable results (enabling traversal of the firewall by the STUN request and response messages). See KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007).
Insofar as they recite similar claim elements, Claims 13 and 20 are rejected for substantially the same reasons presented above with respect to Claim 5.
Conclusion
A shortened statutory period for reply to this action is set to expire THREE MONTHS from the mailing date of this action. An extension of time may be obtained under 37 CFR 1.136(a). However, in no event, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM C MCBETH whose telephone number is (571)270-0495. The examiner can normally be reached on Monday - Friday, 8:00AM - 4:30PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WILLIAM C MCBETH/Examiner, Art Unit 2449